effacer fichier system32 infecter ? . Résolu

Question

Bonjour,
voila je vais essayer de vous expliquer mon problème , j'ai deux fichiers infecter dans c:/windows/system32 , et je ne sait pas si je peut les effacers ?, les deux fichiers sont (reaqffav.dll ) et (xpxwytoq.dll) quelqun pourrait t'il m'aider svp , pour information pour le moment ces deux fichiers sont en quarantaine , merci d'avance a celui ou celle qui acceptera de m'aider .

noctambule28 · Answer

salut

commence par cela , et donne tous les details que tu pourras

 Clique sur ce lien
    http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
    pour télécharger le fichier d'installation d'HijackThis.

    Enregistre HJTInstall.exe sur ton bureau.  

    Double-clique sur HJTInstall.exe pour lancer le programme

    Par défaut, il s'installera là :
    C:\Program Files\Trend Micro\HijackThis

    Accepte la license en cliquant sur le bouton "I Accept"

    Choisis l'option "Do a system scan and save a log file"

    Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note

    Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport

    Colle le rapport que tu viens de copier sur ce forum

    Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement


    Tutoriaux : http://pageperso.aol.fr/balltrap34/demohijack.htm (ne fixe rien pour le moment !!)
                  http://cybersecurite.xooit.com/t138-HijackThis-2-0-2.htm 

à demain soir

Utilisateur anonyme · Answer

d'accord et merci je vous tiens au courant, merci encore et à se soir j'èspère .

Utilisateur anonyme · Answer

salut tout le monde , voila je devait poster un hijackthis mais une personne est venue chez moi et a regarder tout cela et il n'y a pas de problème majeur exepté le fait que j'aie deux fichier ( windows/system32 ) en quarentaine et cette personne ne saurait me les fournirs tout simplement parce que elle ne possède plus d'ordinateur , alors voila est ce que quelqun aurait quelque bonne adresse a me fournir ou je pourrait télécharger ces deux fichiers ( reaqffav.dll ) et ( xpxwytoq.dll ) j'aie déja chercher mais ces deux fichiers sont introuvable ? , existe t'il ? , ou le virus est t'il toujours dans mon ordinateur et les donnés serait t'elle volontairement fausse ? , voila je tient a remercier toute les personnes qui m'ont déja aider, et celle qui le feront encore , merci d'avoir pris le temp de me lire .

noctambule28 · Answer

et bien si tu veux continuer à etre aidé, tu post l'hijackthis, car ton fichier xpxwytoq.dll , ça m'etonnerait que tu le trouve ailleur etant donné que c'est une verole au nom aleatoire 

.............................

Utilisateur anonyme · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:06:08, on 17/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Eset
od32kui.exe
C:\Program Files\Eset
od32krn.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo.com/?fr=altavista
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
od32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset
od32krn.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe

noctambule28 · Answer

salut, et tu peux me tutoyer ;)

à premiere vue, rien de flagrant



ce qui est dans la quarantaine , tu peux l'effacer.
dis-moi si tu as des d'autres symptomes ?

il me semble que nod32 ne fournit  pas de pare-feu, il faudrat en installer un , celui de windows n'est pas suffisant,( je te dirais demain)

et pour verifer :
Ouvre ce lien pour scanner ton PC avec un BitDefender en ligne (uniquement sous Internet Explorer) :

https://www.bitdefender.com/toolbox/

Utilisation :
Cliquer sur "J'accepte" puis accepter également l'ActiveX bloqué par la barre anti-popup du SP2 qui clignotera en haut et l'installer.
Ensuite, cliquer sur "Cliquez ici pour scanner".
Patienter jusqu'à la fin du scan qui peut durer assez longtemps...

Copier/coller le rapport entier sur le forum.

Tutoriel en images ici : http://pageperso.aol.fr/rginformatique/mapage/defender.htm (merci à Balltrap34 pour cette réalisation)
[Recoche] la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »


à demain soir

Utilisateur anonyme · Answer

salut et merci pour le tutoyement noctambule , je vais déja commencer par les autres symptome , d'abors l'ordinateur est très lent ,d'ailleur il ma fallu longtemp pour réussir a me connecter sur ce forum tellement il ramais , si je lis une video je peut facillement me brulé tellement il chauffe , quand je l'eteint il faut que je m'y reprenne a plusieur fois il ne se passe rien puis quand enfin j'y arrive il me parle d'un programme qui n'a pas terminé et que si je quitte je perdrais mes donné non enregistré , la plupart de mes programmes bloque il m'écrive par exemple internet explorer ne répond  plus ou adobe ne répond plus et il fait sa avec tout mes programmes je suis obligé de l'eteindre au bouton en le tenant pendant une quinzaine de seconde meme le pointeur de la souris ne répond plus des fois , et quand je l'allume a nouveau il lui faut entre quinze et trente minutes pour enfin s'allumé , de cinq a dix minutes par écran l'écran windows , puis l'écran bienvenu , puis un écran noir , puis il s'allume il met un petit temp pour affiché mes icones de bureau , et il ce peut que si je veut par exemple allé dans ma bibliotèque windows il bloque a nouveau , voila pour les symptomes , je vais essayé ce que tu ma dit plus haut mais j'aimerait savoir avant si je doit désactivé nod32 avant d'effectué le scan avec bitdefender et pour caché mes fichiers protegé je doit faire comment ? , voila bonne nuit ,merci pour ton aide noctambule et a tout à l'heure .

noctambule28 · Answer

salut

bon, il serait sage que tu commences  par faire un peu de menage physique, (la poussiere) dans ton pc.
si c'est une tour , c'est simple, tu l'ouvres , et tu nettoyes delicatement les filtres et les ventilateurs) ' attention cela peut etre chaud, et il faut penser à debrancher et à toucher du metal avant ( electricité statique oblige)

si , c'est un portable, c'est un peu plus compliqué ,; il faut retirer le clavier pour acceder à l'interieur, en general 2 vis.
meme consigne de securité

en ce qui concerne l'analyse en ligne , oui, c'est mieux de couper nod32 pendant le scan..

coté verole , il y a bien des traces d'une infection , mais il semblerais plus l'infection elle meme

Utilisateur anonyme · Answer

salut noctambule , oui c'est un portable et je dois t'avoué que je n'oserait pas trop l'ouvrir , question de garantie , il n'est pas neuf mais il y à une garantie et tu sait comment ca se passe en cas de problème tout les prétextes sont bon pour annulé la garantie , je vais essayé de faire le scan avec bitdefender et si tu est d'accord de me dire se que tu en pense et que tu ne vois pas que le problème se situe la alors peut etre le reconduire ou je l'aie acheté ?, à propos il n'est pas garantis sur les programmes donc si c'est un virus ou quelque chose ainsi il ne le répareront que a mes frais , mais si c'est par exemple l'écran qui lache la logiquement c'est pris en charge par la garantie , je supose que tu comprend ce que je veut dire , voila je ne voudrais pas t'obligé mais je vais essayé le scan que tu ma conseillé et j'attendrais ton avis pour voir par la suite se que tu me conseille , bon je me lance je vais déja essayé de désactivé nod32 , et je poste le rapport , salut et encore merci a toi pour ton aide et tes conseils à tout a l'heure noctambule .

Utilisateur anonyme · Answer

salut noctambule 28, c'est encore moi , voila j'ai fait le scan en ligne le seul problème c'est que le fichié est trop volumineux pour etre posté , il fait 3,57 mo , quelque chose ainsi , je sait qu'ont peut le couper , mais je ne sait pas comment , je ne l'aie jamais fait , je ne sait pas comment te le faire parvenir ? , j'ai fait comme avec le rapport hijakthis mais ca ne fonctionne pas ? , donc je supose que c'est à cause de ca ? , salut à plus tard .

noctambule28 · Answer

4 Mo de texte , c'est un livre  ;))

en général les rapport passent sur le forum.

si vraiment tu n'a pas de possibilité , heberge-le, ( sur http://www.cijoint.fr/index.php )
et post le lien de recuperation, mais c'est bizarre quand même

a+

Utilisateur anonyme · Answer

voila , cest surement moi qui aie flanché quelque part , voila le lien j'èspère que tu aime la lecture ,      http://www.cijoint.fr/cj200802/cij4807145455038.txt   , comme tu le remarquera bitdefender a trouvé un virus mais je ne sait pas si ca t'aidera de le savoir mais mon ordinateur à encore bloqué malgré cela ,  merci pour ta patience noctambule28 ,

noctambule28 · Answer

ok, rien d'inquiétant, bit defender semble avoir fait son travail

----------------------un peu de nettoyage

Lis bien et exécute cette manip dans l’ordre.

#Télécharge et installe ces logiciels (si tu ne les as pas) pour les 3 premiers
mets les à jour, comme indiqué dans les démos ou tutos.

Ne les utilise pas tout de suite.


Antispywares et autres :

*Ad-Aware (gratuit)
Téléchargement :
http://www.commentcamarche.net/telecharger/telecharger 83 ad aware 2007 free

Tuto :
http://perso.orange.fr/rginformatique/section%20virus/adawrevid.asf

*Spybot (gratuit) :
Téléchargement :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/26157.html
voir demo d utilisation (merci Balltrap)
http://perso.orange.fr/rginformatique/section%20virus/demo%20spybot.htm

* AVG AS

AVG anti spyware
https://www.01net.com/telecharger/
Mets le a jour avant de lancer le scan.
Tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html


Nettoyeurs (de fichiers inutiles) et autres :

*Ccleaner (gratuit)
Téléchargement :
https://www.01net.com/
Tuto :
https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

Lors de l’installation, [décoche] l’option qui t’installerait la barre Yahoo !

========================================
->Affiche tous les fichiers et dossiers :
clique sur démarrer/panneau de configuration (en affichage classique)/option des dossiers/affichage

[Coche] « afficher les dossiers et fichiers cachés »

[Décoche] la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »

[Décoche] « masquer les extensions dont le type est connu »

Puis fais [appliquer] pour valider les changements.

Et [Ok]
=

=======================================

->Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec
puis tape « entrée ».
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
=========================
->Lance CCleaner.

Suppression des fichiers temporaires

Va dans la section "Options" situé dans la marge gauche.
Décoche "Avancé"
Retourne ensuite dans la section "Nettoyeur"
Fais bien attention de cocher toutes ces cases dans la marge gauche (Internet Explorer/Windows Explorer/Système)
• Clique sur [Analyse]
• Patiente le temps du scan, qui peut prendre un peu de temps si c'est la première fois.
• Une fois le scan terminé, clique sur [Lancer le Nettoyage]



========================================
->Lance AVG pour un scan complet "Analyse" ->"Paramètres"

Sous la question "Comment réagir ?" :

-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

Si un fichier est infecté en fin d'analyse

->Clique sur "Appliquer toutes les actions "

->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

->Enregistre ce fichier texte sur ton bureau et [copie/colle le rapport en forum]
========================================
->Passe Ad-Aware et supprime tout ce qu’il trouve + supprime les quarantaines…
========================================
->Passe Spybot et corrige tout ce qu’il trouve + vaccine + supprime les quarantaines…
========================================
->Relance CCleaner.
Suppression des incohérences du registre

• Clique sur l'icône [Erreurs] situés dans la marge à gauche
• Puis clique sur [Analyser les erreurs]
• Patiente pendant que CCleaner scan ton registre.
• Une fois le scan terminé, coche toutes les entrèes qu'il t'aura trouvée.
• Tu peux cliquer ensuite sur [Corriger les erreurs].

Si tu n'est pas sur de ce que tu fais, tu peux choisir de sauvegarder les entrées cochées pour les restaurer ultérieurement.
========================================
->Vide ta Corbeille.
========================================
->Redémarre en mode normal,



Relance Hijackthis et copie/colle un nouveau rapport sur le forum.

Et dis moi ou en sont tes problèmes s’il t’en reste.


a+

Utilisateur anonyme · Answer

salut noctambule28, tu te venge de mon roman de hier , je vais d'abort imprimé tout ca , puis je te poste les rapports ne t'étonne pas si je met du temps a répondre , merci encore .

Utilisateur anonyme · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:50:44, on 21/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Eset
od32krn.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Eset
od32kui.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo.com/?fr=altavista
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
od32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset
od32krn.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe

noctambule28 · Answer

salut

tout ça à l'air bien

demain si tu veux, je te ferais faire quelque manip, pour accelerer un peu le pc 
à demain, je vais bientot, couper , le jour ce leve

Utilisateur anonyme · Answer

salut , tu craint aussi la lumière du jours , d'accord pour demain , je suis content que ca à l'air bon , merci pour ton aide , il me semble que le pc est toujours ok comme tout à l'heure je vais unpeu testé quelque programme comme nero ect ect ect ... je te tiendrais au courant , à tout à l'heure .

noctambule28 · Answer

salut

relance hijackthis

fait "do a system scan only"
coche ces lignes et clic sur fixchecked


O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE


O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -


ensuite tu refais un hijackthis

Utilisateur anonyme · Answer

salut , svp dit moi que je n'ai pas foiré , j'attend ta réponse avec impatience , merci.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:34:09, on 22/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Eset
od32krn.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Eset
od32kui.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo.com/?fr=altavista
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
od32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset
od32krn.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe

noctambule28 · Answer

tu vois, je te le dis maintenant!!
si tu avais foiré (et moi donc), tu n'aurais pas pu redemarrer le pc.........( donc, pas faire n'importequoi avec hijackthis)
.
voila normalement , c'est bon , pour tout ça

noctambule28 · Answer

salut Fabien

normalement, c'est bon

conserve la procedure de nettoyage, elle est a utiliser regulièrement, pour que le pc tourne au mieux
voilà,

TiPanic · Answer

Bonjour à tous j'ai lu attentivement les instructions pour désinfecter mon PC,mais j'ai tout de même un souci.
Après avoir démarrer en mode sans échec, j'ai lancé "antivir" ce dernier à bien fait son boulot, mais il semble qu'il reste encore des hotes indésirables sur mon PC.

impossible des les virer manuellement, car j'ai un message du type "Le processus est utilisé par un autre utilisateur ou programmes.

Voici le rapport de mon scan, si quelqu'un peut m'aider cela m'éviterai de sombrer/



AntiVir PersonalEdition Classic
Report file date: lundi 3 mars 2008  12:16

Scanning for 1130520 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-
Platform:         Windows XP
Windows version:  (plain)  [5.1.2600]
Username:         Administrateur
Computer name:    DES-xxxxxxxxxxx

Version information:
BUILD.DAT    : 270           15603 Bytes  19/09/2007 13:32:00
AVSCAN.EXE   : 7.0.6.1      290856 Bytes  23/08/2007 13:16:29
AVSCAN.DLL   : 7.0.6.0       49192 Bytes  16/08/2007 12:23:51
LUKE.DLL     : 7.0.5.3      147496 Bytes  14/08/2007 15:32:47
LUKERES.DLL  : 7.0.6.1       10280 Bytes  21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0    11030528 Bytes  18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95    3367424 Bytes  14/12/2007 23:49:38
ANTIVIR2.VDF : 7.0.2.181   1993728 Bytes  24/02/2008 23:49:38
ANTIVIR3.VDF : 7.0.2.217    137728 Bytes  03/03/2008 08:07:21
AVEWIN32.DLL : 7.6.0.73    3334656 Bytes  03/03/2008 08:07:26
AVWINLL.DLL  : 1.0.0.7       14376 Bytes  26/02/2007 10:36:26
AVPREF.DLL   : 7.0.2.2       25640 Bytes  18/07/2007 07:39:17
AVREP.DLL    : 7.0.0.1      155688 Bytes  16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3      360488 Bytes  25/02/2008 23:49:49
AVREG.DLL    : 7.0.1.6       30760 Bytes  18/07/2007 07:17:06
AVARKT.DLL   : 1.0.0.20     278568 Bytes  28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20      86056 Bytes  18/07/2007 07:10:18
NETNT.DLL    : 7.0.0.0        7720 Bytes  08/03/2007 11:09:42
RCIMAGE.DLL  : 7.0.1.30    2342952 Bytes  07/08/2007 12:38:13
RCTEXT.DLL   : 7.0.62.0      86056 Bytes  21/08/2007 12:50:37
SQLITE3.DLL  : 3.3.17.1     339968 Bytes  23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: E:, 
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: lundi 3 mars 2008  12:16

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
10 processes with 10 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
      [NOTE]      No virus was found!
Boot sector 'A:\'
      [NOTE]      In the drive 'A:\' no data medium is inserted!

Starting to scan the registry.
C:\WINDOWS\system32\khfedcb.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [WARNING]   The file could not be deleted!
C:\WINDOWS\system32\khfedcb.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
C:\WINDOWS\system32\qacljvrv.dll
      [DETECTION] Is the Trojan horse TR/Vundo.DWB
      [WARNING]   The file could not be deleted!
C:\WINDOWS\system32\qacljvrv.dll
      [DETECTION] Is the Trojan horse TR/Vundo.DWB

The registry was scanned ( '38' files ).


Starting the file scan:

Begin scan in 'C:\' <Disque local>
C:\pagefile.sys
      [WARNING]   The file could not be opened!
C:\Documents and Settings\Barbelivien\Local Settings\Temp\camg-77798.exe
      [DETECTION] Is the Trojan horse TR/Dldr.AW.awm
      [INFO]      The file was deleted!
C:\Documents and Settings\Barbelivien\Local Settings\Temp\facebk09.zip
  [0] Archive type: ZIP
  --> picture09.JPG_www.facebook.com
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [INFO]      The file was deleted!
C:\Documents and Settings\Barbelivien\Local Settings\Temp\facebook19.zip
  [0] Archive type: ZIP
  --> picture019.JPG_www.facebook.com
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [INFO]      The file was deleted!
C:\Documents and Settings\Barbelivien\Local Settings\Temp\image014.zip
  [0] Archive type: ZIP
  --> image014.JPG-www.myspace.com
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [INFO]      The file was deleted!
C:\Documents and Settings\Barbelivien\Local Settings\Temp\image017.zip
  [0] Archive type: ZIP
  --> image017.JPG-www.myspace.com
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [INFO]      The file was deleted!
C:\Documents and Settings\Barbelivien\Local Settings\Temp\image021.zip
  [0] Archive type: ZIP
  --> image021.JPG-www.myspace.com
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [INFO]      The file was deleted!
C:\Documents and Settings\Barbelivien\Local Settings\Temp\image026.zip
  [0] Archive type: ZIP
  --> image026.JPG-www.myspace.com
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [INFO]      The file was deleted!
C:\Documents and Settings\Barbelivien\Local Settings\Temp\image03_08.zip
  [0] Archive type: ZIP
  --> image03_08.JPEG_www.myspaces.com
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [INFO]      The file was deleted!
C:\Documents and Settings\Barbelivien\Local Settings\Temp\image047.zip
  [0] Archive type: ZIP
  --> image047.JPG-www.facebook.com
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [INFO]      The file was deleted!
C:\Documents and Settings\Barbelivien\Local Settings\Temp\image048.zip
  [0] Archive type: ZIP
  --> image048.JPG-www.myspace.com
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [INFO]      The file was deleted!
C:\Documents and Settings\Barbelivien\Local Settings\Temp\imgfacebook1.zip
  [0] Archive type: ZIP
  --> picture18.JPEG_www.facebook.com
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [INFO]      The file was deleted!
C:\Documents and Settings\Barbelivien\Local Settings\Temp\MySpace013.zip
  [0] Archive type: ZIP
  --> picture013.JPG_www.myspace.com
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [INFO]      The file was deleted!
C:\Documents and Settings\Barbelivien\Local Settings\Temp\MySpace015.zip
  [0] Archive type: ZIP
  --> picture015.JPG_www.myspace.com
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [INFO]      The file was deleted!
C:\Documents and Settings\Barbelivien\Local Settings\Temp\OiUninstaller.exe
      [DETECTION] Contains detection pattern of the dropper DR/PurityScan.GR
      [INFO]      The file was deleted!
C:\Documents and Settings\Barbelivien\Local Settings\Temp\photo21.zip
  [0] Archive type: ZIP
  --> photo21.JPG-www.myspace.com
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [INFO]      The file was deleted!
C:\Documents and Settings\Barbelivien\Local Settings\Temp\photo23.zip
  [0] Archive type: ZIP
  --> photo23.JPG-www.myspace.com
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [INFO]      The file was deleted!
C:\Documents and Settings\Barbelivien\Local Settings\Temp\photo39.zip
  [0] Archive type: ZIP
  --> photo39.JPG-www.myspace.com
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [INFO]      The file was deleted!
C:\Documents and Settings\Barbelivien\Local Settings\Temporary Internet Files\Content.IE5\UQM511WQ\!update-4495[1].0000
      [DETECTION] Is the Trojan horse TR/Dldr.PurityScan.FK
      [INFO]      The file was deleted!
C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Purity.BV.7
      [INFO]      The file was deleted!
C:\Program Files\InetGet2\emg.exe
      [DETECTION] Is the Trojan horse TR/Dldr.AW.awm
      [INFO]      The file was deleted!
C:\RECYCLER\NPROTECT\00006176.exe
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006177.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006178.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006179.exe
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006181.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006182.exe
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006183.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006184.exe
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006186.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006187.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006189.exe
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006190.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006191.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006192.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006194.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006196.exe
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006197.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006198.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006199.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006200.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006201.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006202.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006203.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006204.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006206.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006207.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006208.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006209.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006210.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006211.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006212.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006213.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006214.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006215.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006216.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006217.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006218.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006219.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006220.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006221.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006222.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006225.exe
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006226.exe
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006229.exe
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006231.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006740.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006774.exe
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006775.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006776.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006777.exe
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006779.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006780.exe
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006781.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006782.exe
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006784.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006785.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006787.exe
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006788.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006789.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006790.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006792.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006794.exe
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006795.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006796.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006797.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006798.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006799.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006800.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006801.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006802.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006804.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006805.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006806.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006807.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006808.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006809.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006810.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006811.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006812.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006813.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006814.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006815.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006816.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006817.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006818.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006819.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006820.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006823.exe
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006824.exe
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006827.exe
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00006829.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00007914.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00007949.exe
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00007950.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00007951.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00007952.exe
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00007954.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00007955.exe
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00007956.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00007957.exe
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00007959.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00007960.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00007962.exe
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00007963.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00007964.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00007965.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00007967.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00007969.exe
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00007970.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00007971.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00007972.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00007973.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00007974.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00007975.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00007976.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00007977.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00007979.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00007980.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00007981.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00007982.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00007983.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00007984.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00007985.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00007986.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00007987.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00007988.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00007989.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00007990.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00007991.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00007992.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00007993.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00007994.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00007995.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00007998.exe
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00007999.exe
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008002.exe
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008004.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008599.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008634.exe
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008635.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008636.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008637.exe
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008639.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008640.exe
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008641.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008642.exe
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008644.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008645.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008647.exe
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008648.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008649.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008650.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008652.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008654.exe
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008655.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008656.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008657.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008658.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008659.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008660.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008661.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008662.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008664.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008665.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008666.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008667.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008668.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008669.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008670.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008671.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008672.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008673.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008674.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008675.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008676.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008677.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008678.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008679.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008680.dll
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008683.exe
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008684.exe
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008687.exe
      [WARNING]   The file could not be opened!
C:\RECYCLER\NPROTECT\00008689.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\b111.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Agent.fjv
      [INFO]      The file was deleted!
C:\WINDOWS\b128.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Agent.ezc.1
      [INFO]      The file was deleted!
C:\WINDOWS\b138.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Agent.22016.4
      [INFO]      The file was deleted!
C:\WINDOWS\b152.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.eso
      [INFO]      The file was deleted!
C:\WINDOWS\b153.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Agent.joz
      [INFO]      The file was deleted!
C:\WINDOWS\$NtUninstallKB824141$\user32.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\es.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$pcrt4.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$pcss.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$	xflog.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB833987$\sxs.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\browser.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$
etapi32.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$
mcom.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$tcdll.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\dao360.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB839645$\shell32.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallQ309521$\dxmasf.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallQ309521$\httpod51.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallQ309521$\lsasrv.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallQ309521$\sfcfiles.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallQ309521$\ssinc51.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallQ309521$\spuninst\spuninst.exe
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallQ314862$\qmgr.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallQ314862$\spuninst\spuninst.exe
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallQ315000$
etsetup.exe
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallQ315000$\ssdpapi.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallQ315000$\ssdpsrv.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallQ315000$\upnp.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallQ315000$\spuninst\spuninst.exe
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\system32\fccabyv.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [INFO]      The file was deleted!
C:\WINDOWS\system32\gsniqywo.dll
      [DETECTION] Is the Trojan horse TR/Vundo.DWB
      [INFO]      The file was deleted!
C:\WINDOWS\system32\hggedde.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [INFO]      The file was deleted!
C:\WINDOWS\system32\kceepdjc.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [INFO]      The file was deleted!
C:\WINDOWS\system32\khfdd.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [WARNING]   The file could not be deleted!
C:\WINDOWS\system32\khfedcb.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [WARNING]   The file could not be deleted!
C:\WINDOWS\system32\lgkqqdvl.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [INFO]      The file was deleted!
C:\WINDOWS\system32\ljjhghf.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [INFO]      The file was deleted!
C:\WINDOWS\system32\lrhvvlov.dll
      [DETECTION] Is the Trojan horse TR/Vundo.DXU
      [INFO]      The file was deleted!
C:\WINDOWS\system32\mkiqpnmf.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [INFO]      The file was deleted!
C:\WINDOWS\system32
blpiptm.dll
      [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
      [INFO]      The file was deleted!
C:\WINDOWS\system32\ornjnwua.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [INFO]      The file was deleted!
C:\WINDOWS\system32\pmnmmll.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [INFO]      The file was deleted!
C:\WINDOWS\system32\qacljvrv.dll
      [DETECTION] Is the Trojan horse TR/Vundo.DWB
      [WARNING]   The file could not be deleted!
C:\WINDOWS\system32wveuvsh.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [INFO]      The file was deleted!
C:\WINDOWS\system32\vsjuoenn.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [INFO]      The file was deleted!
Begin scan in 'A:\'
Search path A:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'D:\'
Search path D:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'E:\'
Search path E:\ could not be opened!
Le périphérique n'est pas prêt.



End of the scan: lundi 3 mars 2008  14:31
Used time:  2:14:56 min

The scan has been done completely.

   6609 Scanning directories
 273269 Files were scanned
     43 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
     38 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
    262 Files cannot be scanned
 273226 Files not concerned
   1565 Archives were scanned
    267 Warnings
      0 Notes

noctambule28 · Answer

salut, il aurait été mieux que tu crés ton propre topic

tu peux poster un hijackthis et rapport vundofix ?

 Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
    http://www.atribune.org/ccount/click.php?id=4
    Double-clique VundoFix.exe afin de le lancer.

    Clique sur le bouton Scan for Vundo.
    Lorsque le scan est complété, clique sur le bouton Remove Vundo.
    Une invite te demandera si tu veux supprimer les fichiers, clique YES
    Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
    Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
    Démarre ton PC à nouveau.
    Copie/colle le rapport (c:\vundofix.txt) dans ta réponse

***************************************
 Clique sur ce lien
    http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
    pour télécharger le fichier d'installation d'HijackThis.

    Enregistre HJTInstall.exe sur ton bureau.  

    Double-clique sur HJTInstall.exe pour lancer le programme

    Par défaut, il s'installera là :
    C:\Program Files\Trend Micro\HijackThis

    Accepte la license en cliquant sur le bouton "I Accept"

    Choisis l'option "Do a system scan and save a log file"

    Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note

    Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport

    Colle le rapport que tu viens de copier sur ce forum

    Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement


    Tutoriaux : http://pageperso.aol.fr/balltrap34/demohijack.htm (ne fixe rien pour le moment !!)
                  http://cybersecurite.xooit.com/t138-HijackThis-2-0-2.htm

zak · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:05:24, on 16.1.2010 &#1075;.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20627)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset
od32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset
od32kui.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
od32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [Nokia FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: &#1045;&&#1082;&#1089;&#1087;&#1086;&#1088;&#1090;&#1080;&#1088;&#1072;&#1081; &#1074; Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: &#1048;&#1079;&#1089;&#1083;&#1077;&#1076;&#1074;&#1072;&#1085;&#1077; - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O15 - Trusted Zone: http://player.muzgame.com
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (Ma-Config control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_0_1_3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vexcast.com/download/vexcast.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: prio.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: &#1059;&#1089;&#1083;&#1091;&#1075;&#1072; Google Update (gupdate1c9f6f6d4cf9472) (gupdate1c9f6f6d4cf9472) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset
od32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe

Effacer fichier system32 infecter ? .

24 réponses

Votre réponse

Newsletters