Besoin d'aide avec brontok.a
Résolu
anita78
Messages postés
9
Statut
Membre
-
anita78 Messages postés 9 Statut Membre -
anita78 Messages postés 9 Statut Membre -
Bonjour,
Je viens de faire un scan avec hijackthis. je vous met ici la copie du résultat. quelle case dois-je cocher, que dois-je faire maintenant. Mon antivirus n'arrête pas de poper avec des détections de virus c'est toujours le ver Brontok.a ou cheval de troie associé. En bref j'ai besoin d'aide. Merci d'avance
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:36:06, on 01/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\anne\Local Settings\Application Data\winlogon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Sony\VAIO Launcher\Launcher.exe
C:\Documents and Settings\anne\Local Settings\Application Data\services.exe
C:\Documents and Settings\anne\Local Settings\Application Data\lsass.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com/fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe"
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
O1 - Hosts: "http://www.w3.org/TR/html4/loose.dtd">
O1 - Hosts: <html>
O1 - Hosts: <head>
O1 - Hosts: <script LANGUAGE="JavaScript">
O1 - Hosts: <!--
O1 - Hosts: if (window != top)
O1 - Hosts: top.location.href = location.href;
O1 - Hosts: // -->
O1 - Hosts: </script>
O1 - Hosts: <title>Site Unavailable</title>
O1 - Hosts: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
O1 - Hosts: <style type="text/css">
O1 - Hosts: body{text-align:center;}
O1 - Hosts: .geohead {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px;width:750px;margin:10px 0 10px 0;height:35px;}
O1 - Hosts: .geohead #geologo {width:270px;display:block; float:left; }
O1 - Hosts: .geohead #rightside {width:480px;display:block; float:right;border-bottom:1px solid #999999; height:27px;}
O1 - Hosts: .geohead #rightside #welcome {width:50%;display:block; float:left; text-align:left;}
O1 - Hosts: .geohead #rightside #wlinks {width:50%;display:block; float:right; text-align:right;}
O1 - Hosts: .ftr { margin:0px; color:#404040; font:x-small Arial,sans-serif; text-align:center; width:750px;}
O1 - Hosts: .bodywrap{display:block;height:470px;}
O1 - Hosts: .bodycnt{width:510px; display:block; float:left; background-color:#EEE9F5; height:auto; text-align:left; font-family:Arial, Helvetica, sans-serif;font-size:13px; color:#000000; padding:20px 20px 35px 20px;}
O1 - Hosts: .title { font-family:Arial, Helvetica, sans-serif; font-weight:bold; font-size:24px; color:#7C56A9}
O1 - Hosts: .adcnt{width:172px; display:block; float:right; text-align:left;cursor:pointer;cursor:hand;}
O1 - Hosts: .adcnt td {text-align:left;}
O1 - Hosts: .adsubt{font-size:10px; font-family:verdana; font-weight:bold; color:#b4b4b4; cursor:default;margin-top:5px;}
O1 - Hosts: .ybadge { font-family: Verdana, Arial, Helvetica, sans-serif; font-size:10px; color: #666666; margin-top:10px;}
O1 - Hosts: .ybadge img {margin-top:6px;}
O1 - Hosts: .adtable {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px;border: 1px solid #d6dbe7; background-color:#eff7ff; padding:3px; margin-bottom:10px; width:172px;}
O1 - Hosts: .adttl{font-weight:bold;margin-bottom:3px;}
O1 - Hosts: .addescr{color:#6b6b6b; margin-bottom:3px;}
O1 - Hosts: .adlink a {color:#008200; text-decoration:none;}
O1 - Hosts: </style>
O1 - Hosts: </head>
O1 - Hosts: <body>
O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->
O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE -->
O1 - Hosts: <div id="maincnt">
O1 - Hosts: <div class="geohead"><div id="geologo"><a href="https://smallbusiness.yahoo.com/"><img height=33 alt="Yahoo! GeoCities" src="http://us.i1.yimg.com/us.yimg.com/i/us/nt/ma/ma_geo_1.gif" width=259 border=0></a></div>
O1 - Hosts: <div id="rightside"><div id="wlinks"><a href="https://smallbusiness.yahoo.com/">GeoCities Home</a> - <a href="https://fr.yahoo.com/?p=us">Yahoo!</a> - <a href="https://help.yahoo.com/kb/account">Help</a></div>
O1 - Hosts: </div></div>
O1 - Hosts: <div class="bodywrap">
O1 - Hosts: <div class="bodycnt">
O1 - Hosts: <div class="title">Sorry, this GeoCities site is currently unavailable.</div>
O1 - Hosts: <p>The GeoCities web site you were trying to view has temporarily exceeded its data transfer limit. Please try again later. </p>
O1 - Hosts: <p>Are you the site owner?
O1 - Hosts: Avoid service interruptions in the future by increasing your data transfer limit!
O1 - Hosts: <a href="https://help.yahoo.com/kb/account" target="_blank">Find out how.</a> </p>
O1 - Hosts: <p><a href="https://help.yahoo.com/kb/account" target="_blank">Learn more about data transfer.</a></p>
O1 - Hosts: </div>
O1 - Hosts: <div class="adcnt">
O1 - Hosts: <a target="_top" href="https://smallbusiness.yahoo.com/"><img src="http://us.i1.yimg.com/us.yimg.com/i/us/smbiz/b/geo_mast_small2.gif" alt="Yahoo! GeoCities" border="0" height="15" hspace="0" vspace="0" width="141"></a>
O1 - Hosts: <div class="adsubt">SPONSORED LINKS</div>
O1 - Hosts: <!--<table width="172" border="0" bgcolor="#FFFFFF" class="adtable"><tr><td align=left>-->
O1 - Hosts: <div class="adtable">
O1 - Hosts: <div class="adttl" title="Reliable plans include domain & 24x7 support."><a href="https://fr.yahoo.com/?p=us*http://us.rd.yahoo.com/evt=27166/*https://smallbusiness.yahoo.com/hosting" target="_blank">Yahoo! Web Hosting<br>
O1 - Hosts: $25 Setup Waived</a></div>
O1 - Hosts: <div class="addescr" title="Reliable plans include domain & 24x7 support.">Reliable plans include domain & 24x7 support.</div>
O1 - Hosts: <div class="adlink" title="Reliable plans include domain & 24x7 support."><a href="https://fr.yahoo.com/?p=us*http://us.rd.yahoo.com/evt=27166/*https://smallbusiness.yahoo.com/hosting" target="_blank">webhosting.yahoo.com</a></div>
O1 - Hosts: </div>
O1 - Hosts: <div class="adtable">
O1 - Hosts: <div class="adttl" title="Reliable plans include domain & 24x7 support."><a href="https://fr.yahoo.com/?p=us*http://us.rd.yahoo.com/evt=27176/*https://smallbusiness.yahoo.com/domains" target="_blank">Domain Names from Yahoo! only $9.95/yr</a></div>
O1 - Hosts: <div class="addescr" title="Includes starter web page, email & domain forwarding, 24x7 support.">Includes starter web page, email & domain forwarding, 24x7 support.</div>
O1 - Hosts: <div class="adlink" title="Includes starter web page, email & domain forwarding, 24x7 support."><a href="https://fr.yahoo.com/?p=us*http://us.rd.yahoo.com/evt=27176/*https://smallbusiness.yahoo.com/domains" target="_blank">domains.yahoo.com</a></div>
O1 - Hosts: </div>
O1 - Hosts: <div class="adtable">
O1 - Hosts: <div class="adttl" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning."><a href="https://fr.yahoo.com/?p=us*http://us.rd.yahoo.com/evt=27184/*https://smallbusiness.yahoo.com/mail" target="_blank">Yahoo! Business Email<br> Domain Included</a></div>
O1 - Hosts: <div class="addescr" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning.">Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning.</div>
O1 - Hosts: <div class="adlink" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning."><a href="https://fr.yahoo.com/?p=us*http://us.rd.yahoo.com/evt=27184/*https://smallbusiness.yahoo.com/mail" target="_blank">smallbusiness.yahoo.com</a></div>
O1 - Hosts: </div>
O1 - Hosts: <div class="adtable">
O1 - Hosts: <div class="adttl" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support."><a href="https://fr.yahoo.com/?p=us*http://us.rd.yahoo.com/evt=/27190/*https://smallbusiness.yahoo.com/stores" target="_blank">Ecommerce from Yahoo!<br> 1 Month Free</a></div>
O1 - Hosts: <div class="addescr" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support.">$50 setup fee waived. A reliable ecommerce plan, 24x7 support.</div>
O1 - Hosts: <div class="adlink" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support."><a href="https://fr.yahoo.com/?p=us*http://us.rd.yahoo.com/evt=/27190/*https://smallbusiness.yahoo.com/stores" target="_blank">smallbusiness.yahoo.com</a></div>
O1 - Hosts: </div>
O1 - Hosts: <div class="ybadge">
O1 - Hosts: Get your own web site at <br><a target="_top" href="https://smallbusiness.yahoo.com/">Yahoo! GeoCities</a>
O1 - Hosts: <a href="https://smallbusiness.yahoo.com/hosting" target="_top"><img src="http://us.i1.yimg.com/us.yimg.com/i/us/wh/gr/badge_hostedby_purp_2.gif" alt="Hosted by Yahoo! Web Hosting" align="middle" border="0" height="31" width="88"></a>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: <div class=ftr>
O1 - Hosts: <hr size=1 width=100%>
O1 - Hosts: Copyright ©
O1 - Hosts: 2005 Yahoo! Inc. All rights reserved<br>
O1 - Hosts: <a href="https://www.verizonmedia.com/policies/">Privacy Policy</a>
O1 - Hosts: - <a href="https://fr.yahoo.com/?p=us">Copyright Policy</a>
O1 - Hosts: - <a href="https://fr.yahoo.com/?p=us">Guidelines</a>
O1 - Hosts: - <a href="https://fr.yahoo.com/?p=us">Terms of Service</a>
O1 - Hosts: - <a href="https://help.yahoo.com/kb/account">Help</a>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </body>
O1 - Hosts: </html>
O1 - Hosts: <!-- text below generated by server. PLEASE REMOVE --></object></layer></div></span></style></noscript></table></script></applet>
O1 - Hosts: <IMG SRC="http://geo.yahoo.com/serv?s=19190039&t=1196693231&f=us-w67" ALT=1 WIDTH=1 HEIGHT=1>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [fuvjeyivtn] c:\windows\system32\fuvjeyivtn.exe fuvjeyivtn
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\bronstab.exe"
O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\MS32DLL.dll.vbs
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [road draw] C:\DOCUME~1\anne\APPLIC~1\FORDER~1\DVD OPTION START.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Copernic Desktop Search] "C:\PROGRA~1\COPERN~1\COPERN~1.EXE" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\anne\Local Settings\Application Data\smss.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'Default user')
O4 - Startup: Empty.pif
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Audio Filter.lnk = C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
Je viens de faire un scan avec hijackthis. je vous met ici la copie du résultat. quelle case dois-je cocher, que dois-je faire maintenant. Mon antivirus n'arrête pas de poper avec des détections de virus c'est toujours le ver Brontok.a ou cheval de troie associé. En bref j'ai besoin d'aide. Merci d'avance
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:36:06, on 01/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\anne\Local Settings\Application Data\winlogon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Sony\VAIO Launcher\Launcher.exe
C:\Documents and Settings\anne\Local Settings\Application Data\services.exe
C:\Documents and Settings\anne\Local Settings\Application Data\lsass.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com/fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe"
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
O1 - Hosts: "http://www.w3.org/TR/html4/loose.dtd">
O1 - Hosts: <html>
O1 - Hosts: <head>
O1 - Hosts: <script LANGUAGE="JavaScript">
O1 - Hosts: <!--
O1 - Hosts: if (window != top)
O1 - Hosts: top.location.href = location.href;
O1 - Hosts: // -->
O1 - Hosts: </script>
O1 - Hosts: <title>Site Unavailable</title>
O1 - Hosts: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
O1 - Hosts: <style type="text/css">
O1 - Hosts: body{text-align:center;}
O1 - Hosts: .geohead {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px;width:750px;margin:10px 0 10px 0;height:35px;}
O1 - Hosts: .geohead #geologo {width:270px;display:block; float:left; }
O1 - Hosts: .geohead #rightside {width:480px;display:block; float:right;border-bottom:1px solid #999999; height:27px;}
O1 - Hosts: .geohead #rightside #welcome {width:50%;display:block; float:left; text-align:left;}
O1 - Hosts: .geohead #rightside #wlinks {width:50%;display:block; float:right; text-align:right;}
O1 - Hosts: .ftr { margin:0px; color:#404040; font:x-small Arial,sans-serif; text-align:center; width:750px;}
O1 - Hosts: .bodywrap{display:block;height:470px;}
O1 - Hosts: .bodycnt{width:510px; display:block; float:left; background-color:#EEE9F5; height:auto; text-align:left; font-family:Arial, Helvetica, sans-serif;font-size:13px; color:#000000; padding:20px 20px 35px 20px;}
O1 - Hosts: .title { font-family:Arial, Helvetica, sans-serif; font-weight:bold; font-size:24px; color:#7C56A9}
O1 - Hosts: .adcnt{width:172px; display:block; float:right; text-align:left;cursor:pointer;cursor:hand;}
O1 - Hosts: .adcnt td {text-align:left;}
O1 - Hosts: .adsubt{font-size:10px; font-family:verdana; font-weight:bold; color:#b4b4b4; cursor:default;margin-top:5px;}
O1 - Hosts: .ybadge { font-family: Verdana, Arial, Helvetica, sans-serif; font-size:10px; color: #666666; margin-top:10px;}
O1 - Hosts: .ybadge img {margin-top:6px;}
O1 - Hosts: .adtable {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px;border: 1px solid #d6dbe7; background-color:#eff7ff; padding:3px; margin-bottom:10px; width:172px;}
O1 - Hosts: .adttl{font-weight:bold;margin-bottom:3px;}
O1 - Hosts: .addescr{color:#6b6b6b; margin-bottom:3px;}
O1 - Hosts: .adlink a {color:#008200; text-decoration:none;}
O1 - Hosts: </style>
O1 - Hosts: </head>
O1 - Hosts: <body>
O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->
O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE -->
O1 - Hosts: <div id="maincnt">
O1 - Hosts: <div class="geohead"><div id="geologo"><a href="https://smallbusiness.yahoo.com/"><img height=33 alt="Yahoo! GeoCities" src="http://us.i1.yimg.com/us.yimg.com/i/us/nt/ma/ma_geo_1.gif" width=259 border=0></a></div>
O1 - Hosts: <div id="rightside"><div id="wlinks"><a href="https://smallbusiness.yahoo.com/">GeoCities Home</a> - <a href="https://fr.yahoo.com/?p=us">Yahoo!</a> - <a href="https://help.yahoo.com/kb/account">Help</a></div>
O1 - Hosts: </div></div>
O1 - Hosts: <div class="bodywrap">
O1 - Hosts: <div class="bodycnt">
O1 - Hosts: <div class="title">Sorry, this GeoCities site is currently unavailable.</div>
O1 - Hosts: <p>The GeoCities web site you were trying to view has temporarily exceeded its data transfer limit. Please try again later. </p>
O1 - Hosts: <p>Are you the site owner?
O1 - Hosts: Avoid service interruptions in the future by increasing your data transfer limit!
O1 - Hosts: <a href="https://help.yahoo.com/kb/account" target="_blank">Find out how.</a> </p>
O1 - Hosts: <p><a href="https://help.yahoo.com/kb/account" target="_blank">Learn more about data transfer.</a></p>
O1 - Hosts: </div>
O1 - Hosts: <div class="adcnt">
O1 - Hosts: <a target="_top" href="https://smallbusiness.yahoo.com/"><img src="http://us.i1.yimg.com/us.yimg.com/i/us/smbiz/b/geo_mast_small2.gif" alt="Yahoo! GeoCities" border="0" height="15" hspace="0" vspace="0" width="141"></a>
O1 - Hosts: <div class="adsubt">SPONSORED LINKS</div>
O1 - Hosts: <!--<table width="172" border="0" bgcolor="#FFFFFF" class="adtable"><tr><td align=left>-->
O1 - Hosts: <div class="adtable">
O1 - Hosts: <div class="adttl" title="Reliable plans include domain & 24x7 support."><a href="https://fr.yahoo.com/?p=us*http://us.rd.yahoo.com/evt=27166/*https://smallbusiness.yahoo.com/hosting" target="_blank">Yahoo! Web Hosting<br>
O1 - Hosts: $25 Setup Waived</a></div>
O1 - Hosts: <div class="addescr" title="Reliable plans include domain & 24x7 support.">Reliable plans include domain & 24x7 support.</div>
O1 - Hosts: <div class="adlink" title="Reliable plans include domain & 24x7 support."><a href="https://fr.yahoo.com/?p=us*http://us.rd.yahoo.com/evt=27166/*https://smallbusiness.yahoo.com/hosting" target="_blank">webhosting.yahoo.com</a></div>
O1 - Hosts: </div>
O1 - Hosts: <div class="adtable">
O1 - Hosts: <div class="adttl" title="Reliable plans include domain & 24x7 support."><a href="https://fr.yahoo.com/?p=us*http://us.rd.yahoo.com/evt=27176/*https://smallbusiness.yahoo.com/domains" target="_blank">Domain Names from Yahoo! only $9.95/yr</a></div>
O1 - Hosts: <div class="addescr" title="Includes starter web page, email & domain forwarding, 24x7 support.">Includes starter web page, email & domain forwarding, 24x7 support.</div>
O1 - Hosts: <div class="adlink" title="Includes starter web page, email & domain forwarding, 24x7 support."><a href="https://fr.yahoo.com/?p=us*http://us.rd.yahoo.com/evt=27176/*https://smallbusiness.yahoo.com/domains" target="_blank">domains.yahoo.com</a></div>
O1 - Hosts: </div>
O1 - Hosts: <div class="adtable">
O1 - Hosts: <div class="adttl" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning."><a href="https://fr.yahoo.com/?p=us*http://us.rd.yahoo.com/evt=27184/*https://smallbusiness.yahoo.com/mail" target="_blank">Yahoo! Business Email<br> Domain Included</a></div>
O1 - Hosts: <div class="addescr" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning.">Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning.</div>
O1 - Hosts: <div class="adlink" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning."><a href="https://fr.yahoo.com/?p=us*http://us.rd.yahoo.com/evt=27184/*https://smallbusiness.yahoo.com/mail" target="_blank">smallbusiness.yahoo.com</a></div>
O1 - Hosts: </div>
O1 - Hosts: <div class="adtable">
O1 - Hosts: <div class="adttl" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support."><a href="https://fr.yahoo.com/?p=us*http://us.rd.yahoo.com/evt=/27190/*https://smallbusiness.yahoo.com/stores" target="_blank">Ecommerce from Yahoo!<br> 1 Month Free</a></div>
O1 - Hosts: <div class="addescr" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support.">$50 setup fee waived. A reliable ecommerce plan, 24x7 support.</div>
O1 - Hosts: <div class="adlink" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support."><a href="https://fr.yahoo.com/?p=us*http://us.rd.yahoo.com/evt=/27190/*https://smallbusiness.yahoo.com/stores" target="_blank">smallbusiness.yahoo.com</a></div>
O1 - Hosts: </div>
O1 - Hosts: <div class="ybadge">
O1 - Hosts: Get your own web site at <br><a target="_top" href="https://smallbusiness.yahoo.com/">Yahoo! GeoCities</a>
O1 - Hosts: <a href="https://smallbusiness.yahoo.com/hosting" target="_top"><img src="http://us.i1.yimg.com/us.yimg.com/i/us/wh/gr/badge_hostedby_purp_2.gif" alt="Hosted by Yahoo! Web Hosting" align="middle" border="0" height="31" width="88"></a>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: <div class=ftr>
O1 - Hosts: <hr size=1 width=100%>
O1 - Hosts: Copyright ©
O1 - Hosts: 2005 Yahoo! Inc. All rights reserved<br>
O1 - Hosts: <a href="https://www.verizonmedia.com/policies/">Privacy Policy</a>
O1 - Hosts: - <a href="https://fr.yahoo.com/?p=us">Copyright Policy</a>
O1 - Hosts: - <a href="https://fr.yahoo.com/?p=us">Guidelines</a>
O1 - Hosts: - <a href="https://fr.yahoo.com/?p=us">Terms of Service</a>
O1 - Hosts: - <a href="https://help.yahoo.com/kb/account">Help</a>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </body>
O1 - Hosts: </html>
O1 - Hosts: <!-- text below generated by server. PLEASE REMOVE --></object></layer></div></span></style></noscript></table></script></applet>
O1 - Hosts: <IMG SRC="http://geo.yahoo.com/serv?s=19190039&t=1196693231&f=us-w67" ALT=1 WIDTH=1 HEIGHT=1>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [fuvjeyivtn] c:\windows\system32\fuvjeyivtn.exe fuvjeyivtn
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\bronstab.exe"
O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\MS32DLL.dll.vbs
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [road draw] C:\DOCUME~1\anne\APPLIC~1\FORDER~1\DVD OPTION START.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Copernic Desktop Search] "C:\PROGRA~1\COPERN~1\COPERN~1.EXE" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\anne\Local Settings\Application Data\smss.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'Default user')
O4 - Startup: Empty.pif
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Audio Filter.lnk = C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
6 réponses
Ton problème n'est pas brontok, ton problème est que ton PC est infecté de partout, donc tu peux faire la chasse au brontok ça ne réglera en rien ton problème.
Fais ceci dans l'ordre
* ¤ Fais ce nettoyage: à faire réguliérement
*Télécharge et installe CCleaner (n'installe pas la barre d'outil Yahoo)
---> https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
- Dans la colonne de gauche clic sur "erreurs" coches toutes les cases, puis clic en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs" et tu auras un message pour sauvegarder ta base de registre tu clic "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs.
Les sauvegardes que tu aura faites, tu pourras les supprimer si ton ordinateur n'a plus de problémes.
- Relance Ccleaner, vas dans l'onglet "nettoyeur" présent sur la gauche, decoches la derniere case (Avancé si elle est cochée) puis clic sur "lancer le nettoyage"
Si tu as besoin d'aide avec Ccleaner, regarde ce tutoriel :
https://kerio.probb.fr/t242-tuto-ccleaner-v-2
* Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked"
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [fuvjeyivtn] c:\windows\system32\fuvjeyivtn.exe fuvjeyivtn
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\bronstab.exe"
O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\MS32DLL.dll.vbs
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [road draw] C:\DOCUME~1\anne\APPLIC~1\FORDER~1\DVD OPTION START.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\anne\Local Settings\Application Data\smss.exe"
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
* Télécharge ceci et exécute-le sur ton ordi. (en mode sans échec de préférence)
----> http://www.softbkk.com/downloads/dl1/10304/NOD32%20VBS%5bButsur.A%5d-Fix.exe
* Télécharge OTMoveIt sur ton bureau
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
Double clic sur OTMoveIt.exe
Sélectionne et copie les lignes ci-dessous
C:\DOCUME~1\anne\APPLIC~1\FORDER~1\DVD OPTION START.exe
C:\Documents and Settings\anne\Local Settings\Application Data\smss.exe
C:\WINDOWS\ShellNew\
C:\Documents and Settings\anne\Local Settings\Application Data\services.exe
C:\Documents and Settings\anne\Local Settings\Application Data\lsass.exe
c:\windows\system32\fuvjeyivtn.exe
Retourne dans OTMoveit, fais un clic droit dans la fenêtre "Paste Standard List of Files/Folders to move" et choisis "coller".
Clic sur le boutton rouge Moveit et clic sur Exit
Si un fichier ou un dossier ne peut être déplacer immédiatement il te sera demander de redémarrer ta machine pour finir l'exécution, si c'est le cas, clic sur "Yes"
Copie et colle le rapport qu'il va te générer ici stp. Le rapport d'OTMoveit se trouve dans ce dossier : C:\_OTMoveIt\MovedFiles
* Télécharge et installe AVG anti-spyware : mets le à jour
Tu fais un scan complet de ton système, dès qu'il a fini.
Si il te trouve des espions,supprime les. Enregistre le rapport et colle le ici stp
AVG anti-spyware : reste gratuit après la période d'essai en français
----> https://www.01net.com/telecharger/
Si tu as besoin d'aide avec Ewido(devenu AVG-antispyware) regarde ce tutoriel:
--> http://kerio.probb.fr/Chasser-les-virus-et-spywares-de-votre-systeme-f1/Tutoriel-AVG-anti-spyware-anti-spyware-t701.htm
Fais déjà ça, ça ira mieux, mas ça ne sera pas terminé
++
Fais ceci dans l'ordre
* ¤ Fais ce nettoyage: à faire réguliérement
*Télécharge et installe CCleaner (n'installe pas la barre d'outil Yahoo)
---> https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
- Dans la colonne de gauche clic sur "erreurs" coches toutes les cases, puis clic en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs" et tu auras un message pour sauvegarder ta base de registre tu clic "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs.
Les sauvegardes que tu aura faites, tu pourras les supprimer si ton ordinateur n'a plus de problémes.
- Relance Ccleaner, vas dans l'onglet "nettoyeur" présent sur la gauche, decoches la derniere case (Avancé si elle est cochée) puis clic sur "lancer le nettoyage"
Si tu as besoin d'aide avec Ccleaner, regarde ce tutoriel :
https://kerio.probb.fr/t242-tuto-ccleaner-v-2
* Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked"
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [fuvjeyivtn] c:\windows\system32\fuvjeyivtn.exe fuvjeyivtn
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\bronstab.exe"
O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\MS32DLL.dll.vbs
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [road draw] C:\DOCUME~1\anne\APPLIC~1\FORDER~1\DVD OPTION START.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\anne\Local Settings\Application Data\smss.exe"
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
* Télécharge ceci et exécute-le sur ton ordi. (en mode sans échec de préférence)
----> http://www.softbkk.com/downloads/dl1/10304/NOD32%20VBS%5bButsur.A%5d-Fix.exe
* Télécharge OTMoveIt sur ton bureau
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
Double clic sur OTMoveIt.exe
Sélectionne et copie les lignes ci-dessous
C:\DOCUME~1\anne\APPLIC~1\FORDER~1\DVD OPTION START.exe
C:\Documents and Settings\anne\Local Settings\Application Data\smss.exe
C:\WINDOWS\ShellNew\
C:\Documents and Settings\anne\Local Settings\Application Data\services.exe
C:\Documents and Settings\anne\Local Settings\Application Data\lsass.exe
c:\windows\system32\fuvjeyivtn.exe
Retourne dans OTMoveit, fais un clic droit dans la fenêtre "Paste Standard List of Files/Folders to move" et choisis "coller".
Clic sur le boutton rouge Moveit et clic sur Exit
Si un fichier ou un dossier ne peut être déplacer immédiatement il te sera demander de redémarrer ta machine pour finir l'exécution, si c'est le cas, clic sur "Yes"
Copie et colle le rapport qu'il va te générer ici stp. Le rapport d'OTMoveit se trouve dans ce dossier : C:\_OTMoveIt\MovedFiles
* Télécharge et installe AVG anti-spyware : mets le à jour
Tu fais un scan complet de ton système, dès qu'il a fini.
Si il te trouve des espions,supprime les. Enregistre le rapport et colle le ici stp
AVG anti-spyware : reste gratuit après la période d'essai en français
----> https://www.01net.com/telecharger/
Si tu as besoin d'aide avec Ewido(devenu AVG-antispyware) regarde ce tutoriel:
--> http://kerio.probb.fr/Chasser-les-virus-et-spywares-de-votre-systeme-f1/Tutoriel-AVG-anti-spyware-anti-spyware-t701.htm
Fais déjà ça, ça ira mieux, mas ça ne sera pas terminé
++
merci beaucoup je crois que ça va dans le bon sens.
Voici le rapport de OTMoveit:
File/Folder C:\DOCUME~1\anne\APPLIC~1\FORDER~1\DVD OPTION START.exe not found.
File move failed. C:\Documents and Settings\anne\Local Settings\Application Data\smss.exe scheduled to be moved on reboot.
C:\WINDOWS\ShellNew moved successfully.
C:\Documents and Settings\anne\Local Settings\Application Data\services.exe moved successfully.
C:\Documents and Settings\anne\Local Settings\Application Data\lsass.exe moved successfully.
File/Folder c:\windows\system32\fuvjeyivtn.exe not found.
OTMoveIt2 v1.0.20 log created on 03012008_163746
Par ailleurs tout s'est bien déroulé avec CCleaner
J'ai fait aussi ce que tu m'as conseillé avec Hijackthis, cela dit certaines lignes mentionnées par toi n'étaient pas sur mon écran
Mais Antivir n'arrête pas de poper toujours en me signalant que Brontok est toujours à fond sur mon ordi. Dans C:\ (winlogon.exe, Isass.exe, empty.pif....) et aussi dans D:\ (about Brontok.A.html). Il m'aime quoi ce ver!
Je cherche une solution pour l'éradiquer définitivement.
Merci à tous et toutes de votre aide
Voici le rapport de OTMoveit:
File/Folder C:\DOCUME~1\anne\APPLIC~1\FORDER~1\DVD OPTION START.exe not found.
File move failed. C:\Documents and Settings\anne\Local Settings\Application Data\smss.exe scheduled to be moved on reboot.
C:\WINDOWS\ShellNew moved successfully.
C:\Documents and Settings\anne\Local Settings\Application Data\services.exe moved successfully.
C:\Documents and Settings\anne\Local Settings\Application Data\lsass.exe moved successfully.
File/Folder c:\windows\system32\fuvjeyivtn.exe not found.
OTMoveIt2 v1.0.20 log created on 03012008_163746
Par ailleurs tout s'est bien déroulé avec CCleaner
J'ai fait aussi ce que tu m'as conseillé avec Hijackthis, cela dit certaines lignes mentionnées par toi n'étaient pas sur mon écran
Mais Antivir n'arrête pas de poper toujours en me signalant que Brontok est toujours à fond sur mon ordi. Dans C:\ (winlogon.exe, Isass.exe, empty.pif....) et aussi dans D:\ (about Brontok.A.html). Il m'aime quoi ce ver!
Je cherche une solution pour l'éradiquer définitivement.
Merci à tous et toutes de votre aide
Maintenant fais ceci.
Télécharge ComboFix
---> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Ferme ton navigateur web avant d'exécuter ce programme
Double-clic dessus et appuye sur "1" pour continuer
Attends quelques minutes..
Un rapport va s'ouvrir enregistre son contenu, puis copie et colle le ici stp
Tu peux jeter le programme dès que c'est fait.
Télécharge ComboFix
---> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Ferme ton navigateur web avant d'exécuter ce programme
Double-clic dessus et appuye sur "1" pour continuer
Attends quelques minutes..
Un rapport va s'ouvrir enregistre son contenu, puis copie et colle le ici stp
Tu peux jeter le programme dès que c'est fait.
Salut boulepate,
je crois que j'ai réussi à le niquer ! voici le rapport de combofix. sinon, je me suis servie de fix-vbworm-rontok-lightmoon en mode sans échec, autrement appelé norman generic malware fix il a finalement trouvé et supprimé 553 files infectées, du délire. je te poste du coup (et pour Marie aussi) le raport de Norman juste après celui de combofix.
je vous tiens au courant de la suite des évènements
merci à tou(te)s
petite question avec tout ce que j'ai téléchargé (Hijackthis, RHosts, Combofix, NOD32 VBS, OTMoveit2, CCleaner) qu'est-ce que je garde, qu'est-ce je conserve ?
ComboFix 08-03-01.3 - anne 2008-03-01 21:16:55.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.239 [GMT 1:00]
Endroit: C:\Documents and Settings\anne\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\webmediaplayer
C:\Program Files\webmediaplayer\resources\languages.xml
C:\Program Files\webmediaplayer\resources\webmedias
C:\Program Files\webmediaplayer\skins\classic.skn
C:\Program Files\webmediaplayer\sqlite3.dll
C:\Program Files\webmediaplayer\updates\webmediasDB.upd
C:\Program Files\webmediaplayer\WebMediaPlayer.url
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\fuvjeyivtn.dat
C:\WINDOWS\system32\fuvjeyivtn_nav.dat
C:\WINDOWS\system32\fuvjeyivtn_navps.dat
C:\WINDOWS\system32\nvs2.inf
D:\Autorun.inf
D:\MS32DLL.dll.vbs
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-01 to 2008-03-01 ))))))))))))))))))))))))))))))))))))
.
2008-03-01 16:37 . 2008-03-01 20:51 <REP> d-------- C:\WINDOWS\ShellNew
2008-03-01 16:37 . 2008-03-01 16:37 <REP> d-------- C:\_OTMoveIt
2008-03-01 16:03 . 2008-03-01 16:03 <REP> d-------- C:\Program Files\CCleaner
2008-03-01 00:35 . 2008-03-01 21:05 <REP> d-------- C:\HijackThis
2008-02-29 17:10 . 2008-02-29 17:10 <REP> d-------- C:\Program Files\Avira
2008-02-29 17:10 . 2008-02-29 17:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-02-29 15:48 . 2008-03-01 14:43 250 --a------ C:\WINDOWS\gmer.ini
2008-02-01 16:57 . 2008-02-01 16:57 <REP> d-------- C:\Program Files\Apple Software Update
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-01 17:26 --------- d-----w C:\Program Files\Spyware-Secure
2008-03-01 15:41 --------- d-----w C:\Documents and Settings\anne\Application Data\AdobeUM
2008-01-15 18:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2005-12-01 13:40 5,242,736 ----a-w C:\Program Files\Firefox Setup 1.5rc2.exe
2005-11-25 20:36 54,743,966 ----a-w C:\Program Files\CMS_PCAPP_LB_3_30_21.exe
2005-11-13 01:20 7,256,768 ----a-w C:\Program Files\SkypeSetup.exe
2005-11-12 13:17 1,014,477 ----a-w C:\Program Files\wrar351.exe
2005-03-01 18:21 908,001,280 ----a-w C:\Program Files\Adobe Premiere Pro 7 0.zip
2004-12-06 17:54 6,760,768 ----a-w C:\Program Files\Guitar Pro 4.1.0 + KeyGen.zip
2005-03-06 17:34 56 --sh--r C:\WINDOWS\system32\259C8050A9.sys
2005-03-06 17:34 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 12:43 151552]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2004-10-21 19:12 184320]
"PDService.exe"="C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe" [2004-07-06 14:15 40960]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 16:46 45056 C:\WINDOWS\system32\ico.exe]
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [2004-10-16 21:48 122880]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 12:52 339968]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-11-07 09:21 114688]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-29 17:16 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
C:\Documents and Settings\anne\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide de Microsoft Office OneNote 2003.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-06-17 08:03:43 59080]
VAIO Launcher.lnk - C:\Program Files\Sony\VAIO Launcher\Launcher.exe [2004-11-26 17:16:44 696320]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Audio Filter.lnk - C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe [2004-11-26 17:15:03 3547136]
Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [2007-10-23 15:37:36 118784]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2005-11-12 14:53:21 278528]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 PrivateDisk;PrivateDisk;C:\WINDOWS\system32\Drivers\PrivateDiskM.sys [2004-07-06 14:07]
S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2006-04-07 09:06]
S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb653ded-f02b-11da-8e68-0003c97f997c}]
\Shell\AutoRun\command - G:\LaunchU3.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-01 15:57:48 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-01 21:19:50
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-03-01 21:21:36
ComboFix-quarantined-files.txt 2008-03-01 20:21:33
.
2008-02-13 09:44:15 --- E O F ---
rapport de NORMAN GENERIC MALWARE FIX
Norman Generic Fix
Copyright © 1990 - 2006, Norman ASA. Built 2006/12/07 16:49:23
Norman Scanner Engine Version: 5.90.27
Nvcbin.def Version: 5.90.00, Date: 2006/12/07 16:49:23, Variants: 1469
Nvcmacro.def Version: 5.90.00, Date: 2006/05/30 15:17:46, Variants: 12
Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Home 5.1.2600(Safe mode) Service Pack 2
Logged on user: MALRAUX-1900\anne
Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe "C:\WINDOWS\eksplorasi.exe"" -> "Explorer.exe"
Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00922090
Removed hosts entry: <!doctype html public "-//w3c//dtd html 4.01 transitional//e......
Removed hosts entry: .geohead {font-family:verdana, arial, helvetica, sans-serif......
Removed hosts entry: .ftr { margin:0px; color:
Removed hosts entry: .bodycnt{width:510px; display:block; float:left; background-color:
Removed hosts entry: .title { font-family:arial, helvetica, sans-serif; font-w......
Removed hosts entry: .adcnt{width:172px; display:block; float:right; text-align:left;cursor......
Removed hosts entry: .adsubt{font-size:10px; font-family:verdana; font-weight:bold; color:
Removed hosts entry: .ybadge { font-family: verdana, arial, helvetica, sans-ser......
Removed hosts entry: .adtable {font-family:verdana, arial, helvetica, sans-serif......
Removed hosts entry: <!-- following code added by server. please remove -->
Removed hosts entry: <!-- preceding code added by server. please remove -->
Removed hosts entry: <div class="geohead"><div id="geologo"><a href="http://......
Removed hosts entry: <div id="rightside"><div id="wlinks"><a href="http://ge......
Removed hosts entry: <div class="title">sorry, this geocities site is curren......
Removed hosts entry: <p>the geocities web site you were trying to view has tem......
Removed hosts entry: avoid service interruptions in the future by increasing ......
Removed hosts entry: <a href="https://help.yahoo.com/kb/account
Removed hosts entry: <p><a href="https://help.yahoo.com/kb/account"......
Removed hosts entry: <a target="_top" href="https://smallbusiness.yahoo.com/"><i......
Removed hosts entry: <div class="adttl" title="reliable plans include domain......
Removed hosts entry: <div class="addescr" title="reliable plans include doma......
Removed hosts entry: <div class="adlink" title="reliable plans include domai......
Removed hosts entry: <div class="adttl" title="reliable plans include domain......
Removed hosts entry: <div class="addescr" title="includes starter web page, ......
Removed hosts entry: <div class="adlink" title="includes starter web page, e......
Removed hosts entry: <div class="adttl" title="setup fee waived. up to 10 em......
Removed hosts entry: <div class="addescr" title="setup fee waived. up to 10 ......
Removed hosts entry: <div class="adlink" title="setup fee waived. up to 10 e......
Removed hosts entry: <div class="adttl" title="$50 setup fee waived. a relia......
Removed hosts entry: <div class="addescr" title="$50 setup fee waived. a rel......
Removed hosts entry: <div class="adlink" title="$50 setup fee waived. a reli......
Removed hosts entry: get your own web site at <br><a target="_top" href="ht......
Removed hosts entry: <a href="https://smallbusiness.yahoo.com/hosting" ......
Removed hosts entry: 2005 yahoo! inc. all rights reserved<br>
Removed hosts entry: <a href="https://www.verizonmedia.com/policies/">pr......
Removed hosts entry: - <a href="https://fr.yahoo.com/?p=us
Removed hosts entry: - <a href="https://fr.yahoo.com/?p=us
Removed hosts entry: - <a href="https://fr.yahoo.com/?p=us
Removed hosts entry: - <a href="https://help.yahoo.com/kb/account">help<......
Removed hosts entry: <!-- text below generated by server. please remove --><......
Removed hosts entry: <img src="http://geo.yahoo.com/serv?s=19190039&t=119669
Scan started: 01/03/2008 19:58:59
Scanning running processes and process memory...
C:\Documents and Settings\anne\Local Settings\Application Data\winlogon.exe (Infected with W32/Rontokbro.AP@mm)
Terminated process
Deleted file
C:\Documents and Settings\anne\Local Settings\Application Data\services.exe (Infected with W32/Rontokbro.AP@mm)
Terminated process
Deleted file
C:\Documents and Settings\anne\Local Settings\Application Data\lsass.exe (Infected with W32/Rontokbro.AP@mm)
Terminated process
Deleted file
Number of processes/threads found: 519
Number of processes/threads scanned: 519
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 3
Total scanning time: 0 minutes 17 seconds
Scanning file system...
C:\*.*
C:\Documents and Settings\anne\Local Settings\Application Data\csrss.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Local Settings\Application Data\inetinfo.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Local Settings\Application Data\smss.exe (Infected with W32/Rontokbro.AP@mm)
Removed registry value: HKCU\Software\Microsoft\Windows\CurrentVersion\Run -> Tok-Cirrhatus = ""C:\Documents and Settings\anne\Local Settings\App...."
Deleted file
C:\Documents and Settings\anne\Menu Démarrer\Programmes\Démarrage\Empty.pif (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Mes documents.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Autoportraits again\Autoportraits again.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Autoportraits again\Autoportraits\Autoportraits.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Bernard Kouchner « Ouvrez les yeux, camarades », Bernard Kouchner_fichiers\Bernard Kouchner « Ouvrez les yeux, camarades », Bernard Kouchner_fichiers.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\chansons demo\chansons demo.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\communiques-de-presse-article.php_fichiers\communiques-de-presse-article.php_fichiers`.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Compromis de vente\Compromis de vente.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\detailinfo.asp_fichiers\detailinfo.asp_fichiers`.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\detailinfo.asp_fichiers\ads_data\ads_data.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\detailinfo.asp_fichiers\ads_data_002\ads_data_002.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\detailinfo.asp_fichiers\ads_data_003\ads_data_003.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Digital Wave Player\Message\FolderA\FolderA.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Digital Wave Player\Message\FolderB\FolderB.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Digital Wave Player\Message\FolderC\FolderC.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Digital Wave Player\Message\FolderD\FolderD.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Digital Wave Player\Message\Recording\Recording.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Dinard été 2006\Dinard été 2006.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Documents banque pour emprunt\Documents banque pour emprunt.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Documents banque pour emprunt\Banque\Banque.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Documents banque pour emprunt\Epargne\Epargne.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Documents banque pour emprunt\Impots\Impots.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Documents banque pour emprunt\Loyers\Loyers.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Documents banque pour emprunt\Salaires + Assedic\Salaires + Assedic.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Documents banque pour emprunt\Santé Anne + Hervé 2006\Santé Anne + Hervé 2006.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Florence Novembre 2007\Florence Novembre 2007.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Georgiu Pinkhassov\Georgiu Pinkhassov.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\GUITAR PRO\GUITAR PRO.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\hepatites-info_com - Informations sur les hépatites B et les hépatites C - contacts_fichiers\hepatites-info_com - Informations sur les hépatites B et les hépatites C - contacts_fichiers.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Louise\Louise.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Louise\Bâle\Bâle.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Louise\Choix album photo\Choix album photo.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Louise\Louise & Gaspard\Louise & Gaspard.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Louise\Louise 11-12 mois\Louise 11-12 mois.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Louise\Louise 12-15 mois\Louise 12-15 mois.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Louise\Louise 4-6 mois\Louise 4-6 mois.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Louise\Louise 4-6 mois\Choix album photo\Choix album photo.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Louise\Louise 7 mois\Louise 7 mois.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Louise\Louise 7 mois\Nouveau dossier\Nouveau dossier.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Louise\Louise 9-10 mois\Louise 9-10 mois.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Louise\Louise premiers jours\Louise premiers jours.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Louise\Photos Louise à Noël\Photos Louise à Noël.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\m7fr_fichiers\m7fr_fichiers.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Maman Cap d'Agde\Maman Cap d'Agde.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Mariage Jean & Anne-So Ecosse\Mariage Jean & Anne-So Ecosse.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Mariage Jean & Anne-So Ecosse\Photos a envoyer\Photos a envoyer.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Mariage Nath & Séb\Mariage Nath & Séb.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Mon bloc-notes\Mon bloc-notes.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Mon bloc-notes\Autres notes\Autres notes.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Mon bloc-notes\Classes\Classes.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Mon bloc-notes\Personnel\Personnel.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Mon bloc-notes\Projets\Projets.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Moulin 14 juillet 2007\Moulin 14 juillet 2007.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Musique\Musique.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Musique\Caetano Veloso\Caetano Veloso.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Musique\chansons demo\chansons demo.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Musique\Essaouira gnawa festival\Essaouira gnawa festival.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Musique\Films\Films.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Musique\Fiona Apple\Fiona Apple.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Musique\Franco Corelli + Pavarotti\Franco Corelli + Pavarotti.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Musique\Guitar.Pro.4.1.0.Full.Multilanguage.(KEY+MIDI+TAB)\Guitar.Pro.4.1.0.Full.Multilanguage.(KEY+MIDI+TAB)`.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Musique\Gun's and Roses\Gun's and Roses.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Musique\House of the Rising Sun\House of the Rising Sun.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Musique\Lenny Kravitz\Lenny Kravitz.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Musique\Massive Attack\Massive Attack.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Musique\Michael Hutchence\Michael Hutchence.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Musique\Norton Internet Security 2006 FR Patch d'activation.zip\Norton Internet Security 2006 FR Crack 100% verifier bon(1)\Norton Internet Security 2006 FR Crack 100% verifier bon(1).exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Musique\Norton Internet Security 2006 FR Patch d'activation.zip\Norton Internet Security 2006 FR Crack 100% verifier bon(1)\Comment changer 5_ en 5000 _\Comment changer 5_ en 5000 _.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Musique\Placebo live olympia + rares\Placebo live olympia + rares.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Musique\Schubert\Schubert.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Musique\The Cure\The Cure.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Musique\The Doors\The Doors.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Musique\The Rolling Stones\The Rolling Stones.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\My Skype Pictures\My Skype Pictures.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Norton Internet Security 2006 FR Patch d'activation.zip\Norton Internet Security 2006 FR Crack 100% verifier bon(1)\Norton Internet Security 2006 FR Crack 100% verifier bon(1).exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Norton Internet Security 2006 FR Patch d'activation.zip\Norton Internet Security 2006 FR Crack 100% verifier bon(1)\Comment changer 5_ en 5000 _\Comment changer 5_ en 5000 _.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Nouvel an chez Philou 2007\Nouvel an chez Philou 2007.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Offre de prêt Crédit Foncier\Offre de prêt Crédit Foncier.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\photos appartement guy moquet\photos appartement guy moquet.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Photos David de Souza\Photos David de Souza.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Photos du Mondial 2006\Photos du Mondial 2006.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Photos enceinte\Photos enceinte.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Photos Youna\Photos Youna.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Soirée Sounds of Love\Soirée Sounds of Love.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\somerain_fichiers\somerain_fichiers.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Stage de Clown\Stage de Clown.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Modèles\WowTumpeh.com (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0411360.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0411362.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0411363.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0411365.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0411366.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0411368.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0411370.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0411375.com (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0411376.scr (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0411377.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0411392.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0411395.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0411396.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0411397.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0411398.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0411401.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0411402.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0411408.com (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0411409.scr (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0411410.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0412392.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0412395.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0412396.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0412398.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0412399.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0412400.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0412402.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0412405.pif (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0412407.com (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0412410.scr (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0412411.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0413393.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0413395.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0413396.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0413397.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0413399.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0413400.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0413401.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0413405.com (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0413407.scr (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0413410.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0413413.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0413414.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0413415.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0413416.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0413417.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0414394.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0414395.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0414396.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0414397.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0414398.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0414400.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0414402.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0414405.pif (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0414407.com (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0414408.scr (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0414410.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0414421.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0414423.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0414426.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0414427.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0414428.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0414429.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0414430.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0414433.com (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0414435.scr (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0414438.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0414449.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0414450.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0414451.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0414452.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0414453.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0415434.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0415435.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0415438.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0415439.com (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0415440.scr (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416421.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416425.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416426.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416427.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416428.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416430.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416431.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416435.com (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416437.scr (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416440.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416451.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416453.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416454.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416455.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416456.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416457.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416458.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416462.com (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416463.scr (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416466.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416476.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416479.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416481.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416482.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416483.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416484.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416485.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416490.com (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416492.scr (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416493.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416501.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416503.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416506.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416507.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416508.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416509.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416510.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416513.pif (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416515.com (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416518.scr (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416519.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416528.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416531.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416532.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416533.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416534.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416535.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416536.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416539.pif (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416541.com (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416543.scr (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416545.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416559.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416562.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416564.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416565.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416566.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416567.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416568.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416572.com (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416575.scr (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416576.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0417559.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0417563.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0417564.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0417566.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0417567.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0417568.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0417569.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0417575.com (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0417577.scr (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0417578.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0417595.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0417598.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0417599.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0417600.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0417601.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0417602.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0417604.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0417607.pif (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0417609.com (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0417611.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0417612.scr (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418595.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418598.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418599.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418600.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418601.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418603.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418604.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418608.pif (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418610.com (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418613.scr (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418614.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418679.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418680.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418684.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418685.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418686.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418690.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418695.com (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418696.scr (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418697.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418707.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418708.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418709.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418710.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418711.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418712.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418713.pif (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418714.com (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418720.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418725.scr (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418726.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418748.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418750.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418753.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418754.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418755.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418756.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418757.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418758.pif (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418759.com (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418760.scr (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418761.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0419750.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0419752.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0419753.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0419754.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0419756.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2
je crois que j'ai réussi à le niquer ! voici le rapport de combofix. sinon, je me suis servie de fix-vbworm-rontok-lightmoon en mode sans échec, autrement appelé norman generic malware fix il a finalement trouvé et supprimé 553 files infectées, du délire. je te poste du coup (et pour Marie aussi) le raport de Norman juste après celui de combofix.
je vous tiens au courant de la suite des évènements
merci à tou(te)s
petite question avec tout ce que j'ai téléchargé (Hijackthis, RHosts, Combofix, NOD32 VBS, OTMoveit2, CCleaner) qu'est-ce que je garde, qu'est-ce je conserve ?
ComboFix 08-03-01.3 - anne 2008-03-01 21:16:55.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.239 [GMT 1:00]
Endroit: C:\Documents and Settings\anne\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\webmediaplayer
C:\Program Files\webmediaplayer\resources\languages.xml
C:\Program Files\webmediaplayer\resources\webmedias
C:\Program Files\webmediaplayer\skins\classic.skn
C:\Program Files\webmediaplayer\sqlite3.dll
C:\Program Files\webmediaplayer\updates\webmediasDB.upd
C:\Program Files\webmediaplayer\WebMediaPlayer.url
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\fuvjeyivtn.dat
C:\WINDOWS\system32\fuvjeyivtn_nav.dat
C:\WINDOWS\system32\fuvjeyivtn_navps.dat
C:\WINDOWS\system32\nvs2.inf
D:\Autorun.inf
D:\MS32DLL.dll.vbs
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-01 to 2008-03-01 ))))))))))))))))))))))))))))))))))))
.
2008-03-01 16:37 . 2008-03-01 20:51 <REP> d-------- C:\WINDOWS\ShellNew
2008-03-01 16:37 . 2008-03-01 16:37 <REP> d-------- C:\_OTMoveIt
2008-03-01 16:03 . 2008-03-01 16:03 <REP> d-------- C:\Program Files\CCleaner
2008-03-01 00:35 . 2008-03-01 21:05 <REP> d-------- C:\HijackThis
2008-02-29 17:10 . 2008-02-29 17:10 <REP> d-------- C:\Program Files\Avira
2008-02-29 17:10 . 2008-02-29 17:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-02-29 15:48 . 2008-03-01 14:43 250 --a------ C:\WINDOWS\gmer.ini
2008-02-01 16:57 . 2008-02-01 16:57 <REP> d-------- C:\Program Files\Apple Software Update
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-01 17:26 --------- d-----w C:\Program Files\Spyware-Secure
2008-03-01 15:41 --------- d-----w C:\Documents and Settings\anne\Application Data\AdobeUM
2008-01-15 18:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2005-12-01 13:40 5,242,736 ----a-w C:\Program Files\Firefox Setup 1.5rc2.exe
2005-11-25 20:36 54,743,966 ----a-w C:\Program Files\CMS_PCAPP_LB_3_30_21.exe
2005-11-13 01:20 7,256,768 ----a-w C:\Program Files\SkypeSetup.exe
2005-11-12 13:17 1,014,477 ----a-w C:\Program Files\wrar351.exe
2005-03-01 18:21 908,001,280 ----a-w C:\Program Files\Adobe Premiere Pro 7 0.zip
2004-12-06 17:54 6,760,768 ----a-w C:\Program Files\Guitar Pro 4.1.0 + KeyGen.zip
2005-03-06 17:34 56 --sh--r C:\WINDOWS\system32\259C8050A9.sys
2005-03-06 17:34 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 12:43 151552]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2004-10-21 19:12 184320]
"PDService.exe"="C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe" [2004-07-06 14:15 40960]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 16:46 45056 C:\WINDOWS\system32\ico.exe]
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [2004-10-16 21:48 122880]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 12:52 339968]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-11-07 09:21 114688]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-29 17:16 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
C:\Documents and Settings\anne\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide de Microsoft Office OneNote 2003.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-06-17 08:03:43 59080]
VAIO Launcher.lnk - C:\Program Files\Sony\VAIO Launcher\Launcher.exe [2004-11-26 17:16:44 696320]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Audio Filter.lnk - C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe [2004-11-26 17:15:03 3547136]
Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [2007-10-23 15:37:36 118784]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2005-11-12 14:53:21 278528]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 PrivateDisk;PrivateDisk;C:\WINDOWS\system32\Drivers\PrivateDiskM.sys [2004-07-06 14:07]
S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2006-04-07 09:06]
S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb653ded-f02b-11da-8e68-0003c97f997c}]
\Shell\AutoRun\command - G:\LaunchU3.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-01 15:57:48 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-01 21:19:50
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-03-01 21:21:36
ComboFix-quarantined-files.txt 2008-03-01 20:21:33
.
2008-02-13 09:44:15 --- E O F ---
rapport de NORMAN GENERIC MALWARE FIX
Norman Generic Fix
Copyright © 1990 - 2006, Norman ASA. Built 2006/12/07 16:49:23
Norman Scanner Engine Version: 5.90.27
Nvcbin.def Version: 5.90.00, Date: 2006/12/07 16:49:23, Variants: 1469
Nvcmacro.def Version: 5.90.00, Date: 2006/05/30 15:17:46, Variants: 12
Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Home 5.1.2600(Safe mode) Service Pack 2
Logged on user: MALRAUX-1900\anne
Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe "C:\WINDOWS\eksplorasi.exe"" -> "Explorer.exe"
Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00922090
Removed hosts entry: <!doctype html public "-//w3c//dtd html 4.01 transitional//e......
Removed hosts entry: .geohead {font-family:verdana, arial, helvetica, sans-serif......
Removed hosts entry: .ftr { margin:0px; color:
Removed hosts entry: .bodycnt{width:510px; display:block; float:left; background-color:
Removed hosts entry: .title { font-family:arial, helvetica, sans-serif; font-w......
Removed hosts entry: .adcnt{width:172px; display:block; float:right; text-align:left;cursor......
Removed hosts entry: .adsubt{font-size:10px; font-family:verdana; font-weight:bold; color:
Removed hosts entry: .ybadge { font-family: verdana, arial, helvetica, sans-ser......
Removed hosts entry: .adtable {font-family:verdana, arial, helvetica, sans-serif......
Removed hosts entry: <!-- following code added by server. please remove -->
Removed hosts entry: <!-- preceding code added by server. please remove -->
Removed hosts entry: <div class="geohead"><div id="geologo"><a href="http://......
Removed hosts entry: <div id="rightside"><div id="wlinks"><a href="http://ge......
Removed hosts entry: <div class="title">sorry, this geocities site is curren......
Removed hosts entry: <p>the geocities web site you were trying to view has tem......
Removed hosts entry: avoid service interruptions in the future by increasing ......
Removed hosts entry: <a href="https://help.yahoo.com/kb/account
Removed hosts entry: <p><a href="https://help.yahoo.com/kb/account"......
Removed hosts entry: <a target="_top" href="https://smallbusiness.yahoo.com/"><i......
Removed hosts entry: <div class="adttl" title="reliable plans include domain......
Removed hosts entry: <div class="addescr" title="reliable plans include doma......
Removed hosts entry: <div class="adlink" title="reliable plans include domai......
Removed hosts entry: <div class="adttl" title="reliable plans include domain......
Removed hosts entry: <div class="addescr" title="includes starter web page, ......
Removed hosts entry: <div class="adlink" title="includes starter web page, e......
Removed hosts entry: <div class="adttl" title="setup fee waived. up to 10 em......
Removed hosts entry: <div class="addescr" title="setup fee waived. up to 10 ......
Removed hosts entry: <div class="adlink" title="setup fee waived. up to 10 e......
Removed hosts entry: <div class="adttl" title="$50 setup fee waived. a relia......
Removed hosts entry: <div class="addescr" title="$50 setup fee waived. a rel......
Removed hosts entry: <div class="adlink" title="$50 setup fee waived. a reli......
Removed hosts entry: get your own web site at <br><a target="_top" href="ht......
Removed hosts entry: <a href="https://smallbusiness.yahoo.com/hosting" ......
Removed hosts entry: 2005 yahoo! inc. all rights reserved<br>
Removed hosts entry: <a href="https://www.verizonmedia.com/policies/">pr......
Removed hosts entry: - <a href="https://fr.yahoo.com/?p=us
Removed hosts entry: - <a href="https://fr.yahoo.com/?p=us
Removed hosts entry: - <a href="https://fr.yahoo.com/?p=us
Removed hosts entry: - <a href="https://help.yahoo.com/kb/account">help<......
Removed hosts entry: <!-- text below generated by server. please remove --><......
Removed hosts entry: <img src="http://geo.yahoo.com/serv?s=19190039&t=119669
Scan started: 01/03/2008 19:58:59
Scanning running processes and process memory...
C:\Documents and Settings\anne\Local Settings\Application Data\winlogon.exe (Infected with W32/Rontokbro.AP@mm)
Terminated process
Deleted file
C:\Documents and Settings\anne\Local Settings\Application Data\services.exe (Infected with W32/Rontokbro.AP@mm)
Terminated process
Deleted file
C:\Documents and Settings\anne\Local Settings\Application Data\lsass.exe (Infected with W32/Rontokbro.AP@mm)
Terminated process
Deleted file
Number of processes/threads found: 519
Number of processes/threads scanned: 519
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 3
Total scanning time: 0 minutes 17 seconds
Scanning file system...
C:\*.*
C:\Documents and Settings\anne\Local Settings\Application Data\csrss.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Local Settings\Application Data\inetinfo.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Local Settings\Application Data\smss.exe (Infected with W32/Rontokbro.AP@mm)
Removed registry value: HKCU\Software\Microsoft\Windows\CurrentVersion\Run -> Tok-Cirrhatus = ""C:\Documents and Settings\anne\Local Settings\App...."
Deleted file
C:\Documents and Settings\anne\Menu Démarrer\Programmes\Démarrage\Empty.pif (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Mes documents.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Autoportraits again\Autoportraits again.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Autoportraits again\Autoportraits\Autoportraits.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Bernard Kouchner « Ouvrez les yeux, camarades », Bernard Kouchner_fichiers\Bernard Kouchner « Ouvrez les yeux, camarades », Bernard Kouchner_fichiers.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\chansons demo\chansons demo.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\communiques-de-presse-article.php_fichiers\communiques-de-presse-article.php_fichiers`.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Compromis de vente\Compromis de vente.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\detailinfo.asp_fichiers\detailinfo.asp_fichiers`.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\detailinfo.asp_fichiers\ads_data\ads_data.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\detailinfo.asp_fichiers\ads_data_002\ads_data_002.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\detailinfo.asp_fichiers\ads_data_003\ads_data_003.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Digital Wave Player\Message\FolderA\FolderA.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Digital Wave Player\Message\FolderB\FolderB.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Digital Wave Player\Message\FolderC\FolderC.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Digital Wave Player\Message\FolderD\FolderD.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Digital Wave Player\Message\Recording\Recording.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Dinard été 2006\Dinard été 2006.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Documents banque pour emprunt\Documents banque pour emprunt.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Documents banque pour emprunt\Banque\Banque.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Documents banque pour emprunt\Epargne\Epargne.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Documents banque pour emprunt\Impots\Impots.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Documents banque pour emprunt\Loyers\Loyers.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Documents banque pour emprunt\Salaires + Assedic\Salaires + Assedic.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Documents banque pour emprunt\Santé Anne + Hervé 2006\Santé Anne + Hervé 2006.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Florence Novembre 2007\Florence Novembre 2007.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Georgiu Pinkhassov\Georgiu Pinkhassov.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\GUITAR PRO\GUITAR PRO.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\hepatites-info_com - Informations sur les hépatites B et les hépatites C - contacts_fichiers\hepatites-info_com - Informations sur les hépatites B et les hépatites C - contacts_fichiers.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Louise\Louise.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Louise\Bâle\Bâle.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Louise\Choix album photo\Choix album photo.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Louise\Louise & Gaspard\Louise & Gaspard.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Louise\Louise 11-12 mois\Louise 11-12 mois.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Louise\Louise 12-15 mois\Louise 12-15 mois.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Louise\Louise 4-6 mois\Louise 4-6 mois.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Louise\Louise 4-6 mois\Choix album photo\Choix album photo.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Louise\Louise 7 mois\Louise 7 mois.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Louise\Louise 7 mois\Nouveau dossier\Nouveau dossier.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Louise\Louise 9-10 mois\Louise 9-10 mois.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Louise\Louise premiers jours\Louise premiers jours.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Louise\Photos Louise à Noël\Photos Louise à Noël.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\m7fr_fichiers\m7fr_fichiers.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Maman Cap d'Agde\Maman Cap d'Agde.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Mariage Jean & Anne-So Ecosse\Mariage Jean & Anne-So Ecosse.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Mariage Jean & Anne-So Ecosse\Photos a envoyer\Photos a envoyer.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Mariage Nath & Séb\Mariage Nath & Séb.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Mon bloc-notes\Mon bloc-notes.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Mon bloc-notes\Autres notes\Autres notes.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Mon bloc-notes\Classes\Classes.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Mon bloc-notes\Personnel\Personnel.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Mon bloc-notes\Projets\Projets.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Moulin 14 juillet 2007\Moulin 14 juillet 2007.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Musique\Musique.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Musique\Caetano Veloso\Caetano Veloso.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Musique\chansons demo\chansons demo.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Musique\Essaouira gnawa festival\Essaouira gnawa festival.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Musique\Films\Films.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Musique\Fiona Apple\Fiona Apple.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Musique\Franco Corelli + Pavarotti\Franco Corelli + Pavarotti.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Musique\Guitar.Pro.4.1.0.Full.Multilanguage.(KEY+MIDI+TAB)\Guitar.Pro.4.1.0.Full.Multilanguage.(KEY+MIDI+TAB)`.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Musique\Gun's and Roses\Gun's and Roses.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Musique\House of the Rising Sun\House of the Rising Sun.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Musique\Lenny Kravitz\Lenny Kravitz.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Musique\Massive Attack\Massive Attack.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Musique\Michael Hutchence\Michael Hutchence.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Musique\Norton Internet Security 2006 FR Patch d'activation.zip\Norton Internet Security 2006 FR Crack 100% verifier bon(1)\Norton Internet Security 2006 FR Crack 100% verifier bon(1).exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Musique\Norton Internet Security 2006 FR Patch d'activation.zip\Norton Internet Security 2006 FR Crack 100% verifier bon(1)\Comment changer 5_ en 5000 _\Comment changer 5_ en 5000 _.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Musique\Placebo live olympia + rares\Placebo live olympia + rares.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Musique\Schubert\Schubert.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Musique\The Cure\The Cure.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Musique\The Doors\The Doors.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Musique\The Rolling Stones\The Rolling Stones.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\My Skype Pictures\My Skype Pictures.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Norton Internet Security 2006 FR Patch d'activation.zip\Norton Internet Security 2006 FR Crack 100% verifier bon(1)\Norton Internet Security 2006 FR Crack 100% verifier bon(1).exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Norton Internet Security 2006 FR Patch d'activation.zip\Norton Internet Security 2006 FR Crack 100% verifier bon(1)\Comment changer 5_ en 5000 _\Comment changer 5_ en 5000 _.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Nouvel an chez Philou 2007\Nouvel an chez Philou 2007.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Offre de prêt Crédit Foncier\Offre de prêt Crédit Foncier.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\photos appartement guy moquet\photos appartement guy moquet.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Photos David de Souza\Photos David de Souza.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Photos du Mondial 2006\Photos du Mondial 2006.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Photos enceinte\Photos enceinte.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Photos Youna\Photos Youna.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Soirée Sounds of Love\Soirée Sounds of Love.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\somerain_fichiers\somerain_fichiers.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Mes documents\Stage de Clown\Stage de Clown.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\Documents and Settings\anne\Modèles\WowTumpeh.com (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0411360.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0411362.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0411363.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0411365.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0411366.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0411368.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0411370.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0411375.com (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0411376.scr (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0411377.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0411392.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0411395.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0411396.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0411397.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0411398.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0411401.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0411402.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0411408.com (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0411409.scr (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0411410.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0412392.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0412395.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0412396.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0412398.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0412399.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0412400.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0412402.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0412405.pif (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0412407.com (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0412410.scr (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0412411.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0413393.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0413395.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0413396.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0413397.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0413399.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0413400.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0413401.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0413405.com (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0413407.scr (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP590\A0413410.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0413413.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0413414.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0413415.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0413416.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0413417.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0414394.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0414395.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0414396.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0414397.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0414398.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0414400.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0414402.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0414405.pif (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0414407.com (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0414408.scr (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0414410.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0414421.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0414423.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0414426.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0414427.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0414428.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0414429.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0414430.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0414433.com (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0414435.scr (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP591\A0414438.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0414449.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0414450.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0414451.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0414452.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0414453.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0415434.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0415435.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0415438.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0415439.com (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0415440.scr (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416421.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416425.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416426.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416427.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416428.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416430.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416431.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416435.com (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416437.scr (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416440.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416451.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416453.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416454.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416455.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416456.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416457.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416458.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416462.com (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416463.scr (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416466.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416476.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416479.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416481.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416482.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416483.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416484.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416485.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416490.com (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416492.scr (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416493.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416501.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416503.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416506.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416507.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416508.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416509.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416510.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416513.pif (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416515.com (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416518.scr (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416519.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416528.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416531.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416532.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416533.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416534.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416535.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416536.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416539.pif (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416541.com (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416543.scr (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416545.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416559.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416562.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416564.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416565.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416566.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416567.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416568.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416572.com (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416575.scr (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0416576.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0417559.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0417563.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0417564.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0417566.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0417567.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0417568.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0417569.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0417575.com (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0417577.scr (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0417578.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0417595.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0417598.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0417599.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0417600.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0417601.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0417602.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0417604.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0417607.pif (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0417609.com (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0417611.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0417612.scr (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418595.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418598.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418599.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418600.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418601.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418603.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418604.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418608.pif (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418610.com (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418613.scr (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418614.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418679.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418680.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418684.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418685.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418686.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418690.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418695.com (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418696.scr (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418697.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418707.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418708.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418709.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418710.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418711.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418712.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418713.pif (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418714.com (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418720.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418725.scr (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418726.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418748.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418750.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418753.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418754.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418755.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418756.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418757.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418758.pif (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418759.com (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418760.scr (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0418761.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0419750.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0419752.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0419753.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0419754.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2EB4FBC94F1B}\RP592\A0419756.exe (Infected with W32/Rontokbro.AP@mm)
Deleted file
C:\System Volume Information\_restore{58244814-5EDF-4690-86B6-2
je crois que j'ai réussi à le niquer ! Faut pas parler comme ça (^_^) s'pa beau :P
En effet du ménage a été fait, regarde dans tes documents, mais malheuresement pour toi pas mal de documents on été supprimés.
Ne réinstaller plus ceci : webmediaplayer
C'est une saloperie, ne télécharge plus rien provenant d'une quelconque pub te signalant un "super produit gratuit". Payer pour faire de la pub pour un produit gratuit, tu ne sens pas l'arnaque ? ;-)
Avec OTmoveit, recommence avec les fichiers ci-dessous en gras
C:\Program Files\Spyware-Secure
C:\Program Files\Firefox Setup 1.5rc2.exe
C:\WINDOWS\system32\259C8050A9.sys
Dès que tu as fait ça, tu peux tout jeter ce que tu as télécharger, sauf CCleaner que tu gardes pour nettoyer tes fichiers temporaires plusieurs fois par semaine.
* Fais ceci maintenant :
Alors ceci : C:\System Volume Information\_restore (voir rapport ci-dessous)
indique que ta restauration du système etait infecté ou est infecté, pour être sûr, nous allons créer un point propre.
Clic sur "demarrer", cliques droit sur "poste de travail", "propriétés", onglet "restauration du système"
¤ coches la case "desactiver la restauration du systéme sur tous les lecteurs", puis clic ur "appliquer"
¤ décoches la case et clic sur "appliquer" puis "ok".
Maintenant, que l'ont à effacés les point infectés, nous allons créer un point propre :
Clic sur "demarrer", "tous les programmes", "accessoires", "outils système", "restauration du système", choisis "créer un point de restauration" nommes le " ccm" par exemple, clic sur "créer" puis "ok".
Voilà, maintenant le point de restauration est créé
Si un jour tu le décides, tu pourras revenir en arrière à la date que tu as créé ce point de restauration.
En exécutant la restauration du système tu pourras remettre ton ordinateur à la date ou l'on à créé ce point de restauration mais tu perdras les modifications que tu auras fait entre deux.
* Je te conseille de faire ce scan anti-virus en ligne afin de vérifier que tout soit propre puis colle le rapport ici une fois qu'il a terminé
------> https://kerio.probb.fr/t673-bitdefender-antivirus-en-ligne
* Il faudrait voir ensuite pour installer un pare-feu Kerio, ZoneAlarm sont relativement facile d'emploi et cela apportera plus de sécurité à ton ordi. Vérifier que ton ordi est à jour serait aussi pas mal.
Puis remet un rapport hijackthis dès que tu as fait tout ça afin de vérifier une dernière fois.
En effet du ménage a été fait, regarde dans tes documents, mais malheuresement pour toi pas mal de documents on été supprimés.
Ne réinstaller plus ceci : webmediaplayer
C'est une saloperie, ne télécharge plus rien provenant d'une quelconque pub te signalant un "super produit gratuit". Payer pour faire de la pub pour un produit gratuit, tu ne sens pas l'arnaque ? ;-)
Avec OTmoveit, recommence avec les fichiers ci-dessous en gras
C:\Program Files\Spyware-Secure
C:\Program Files\Firefox Setup 1.5rc2.exe
C:\WINDOWS\system32\259C8050A9.sys
Dès que tu as fait ça, tu peux tout jeter ce que tu as télécharger, sauf CCleaner que tu gardes pour nettoyer tes fichiers temporaires plusieurs fois par semaine.
* Fais ceci maintenant :
Alors ceci : C:\System Volume Information\_restore (voir rapport ci-dessous)
indique que ta restauration du système etait infecté ou est infecté, pour être sûr, nous allons créer un point propre.
Clic sur "demarrer", cliques droit sur "poste de travail", "propriétés", onglet "restauration du système"
¤ coches la case "desactiver la restauration du systéme sur tous les lecteurs", puis clic ur "appliquer"
¤ décoches la case et clic sur "appliquer" puis "ok".
Maintenant, que l'ont à effacés les point infectés, nous allons créer un point propre :
Clic sur "demarrer", "tous les programmes", "accessoires", "outils système", "restauration du système", choisis "créer un point de restauration" nommes le " ccm" par exemple, clic sur "créer" puis "ok".
Voilà, maintenant le point de restauration est créé
Si un jour tu le décides, tu pourras revenir en arrière à la date que tu as créé ce point de restauration.
En exécutant la restauration du système tu pourras remettre ton ordinateur à la date ou l'on à créé ce point de restauration mais tu perdras les modifications que tu auras fait entre deux.
* Je te conseille de faire ce scan anti-virus en ligne afin de vérifier que tout soit propre puis colle le rapport ici une fois qu'il a terminé
------> https://kerio.probb.fr/t673-bitdefender-antivirus-en-ligne
* Il faudrait voir ensuite pour installer un pare-feu Kerio, ZoneAlarm sont relativement facile d'emploi et cela apportera plus de sécurité à ton ordi. Vérifier que ton ordi est à jour serait aussi pas mal.
Puis remet un rapport hijackthis dès que tu as fait tout ça afin de vérifier une dernière fois.
salut boulepate,
oui les gros mots c'est pas beau... :-°
je n'arrive pas à télécharger le scan online de bitdefender car je suis avec mozilla et c'est une version internet explorer.
je vais refaire un scan minutieux avec Antivir au prochain démarrage et puis aussi ça fait un mois que je n'ai pas défragmenté donc ça sera l'occasion
quoi d'autre ?
j'ai créé le point de restauration système et...
je te poste mon dernier rapport Hijackthis (je ne sais pas le lire):
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:27:24, on 01/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Sony\VAIO Launcher\Launcher.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
O1 - Hosts: "http://www.w3.org/TR/html4/loose.dtd">
O1 - Hosts: <html>
O1 - Hosts: <head>
O1 - Hosts: <script LANGUAGE="JavaScript">
O1 - Hosts: <!--
O1 - Hosts: if (window != top)
O1 - Hosts: top.location.href = location.href;
O1 - Hosts: // -->
O1 - Hosts: </script>
O1 - Hosts: <title>Site Unavailable</title>
O1 - Hosts: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
O1 - Hosts: <style type="text/css">
O1 - Hosts: body{text-align:center;}
O1 - Hosts: .geohead #geologo {width:270px;display:block; float:left; }
O1 - Hosts: .geohead #rightside {width:480px;display:block; float:right;border-bottom:1px solid #999999; height:27px;}
O1 - Hosts: .geohead #rightside #welcome {width:50%;display:block; float:left; text-align:left;}
O1 - Hosts: .geohead #rightside #wlinks {width:50%;display:block; float:right; text-align:right;}
O1 - Hosts: .bodywrap{display:block;height:470px;}
O1 - Hosts: .adcnt td {text-align:left;}
O1 - Hosts: .ybadge img {margin-top:6px;}
O1 - Hosts: .adttl{font-weight:bold;margin-bottom:3px;}
O1 - Hosts: .addescr{color:#6b6b6b; margin-bottom:3px;}
O1 - Hosts: .adlink a {color:#008200; text-decoration:none;}
O1 - Hosts: </style>
O1 - Hosts: </head>
O1 - Hosts: <body>
O1 - Hosts: <div id="maincnt">
O1 - Hosts: </div></div>
O1 - Hosts: <div class="bodywrap">
O1 - Hosts: <div class="bodycnt">
O1 - Hosts: <p>Are you the site owner?
O1 - Hosts: </div>
O1 - Hosts: <div class="adcnt">
O1 - Hosts: <div class="adsubt">SPONSORED LINKS</div>
O1 - Hosts: <!--<table width="172" border="0" bgcolor="#FFFFFF" class="adtable"><tr><td align=left>-->
O1 - Hosts: <div class="adtable">
O1 - Hosts: $25 Setup Waived</a></div>
O1 - Hosts: </div>
O1 - Hosts: <div class="adtable">
O1 - Hosts: </div>
O1 - Hosts: <div class="adtable">
O1 - Hosts: </div>
O1 - Hosts: <div class="adtable">
O1 - Hosts: </div>
O1 - Hosts: <div class="ybadge">
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: <div class=ftr>
O1 - Hosts: <hr size=1 width=100%>
O1 - Hosts: Copyright ©
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </body>
O1 - Hosts: </html>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'Default user')
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe
O4 - Global Startup: Audio Filter.lnk = C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
oui les gros mots c'est pas beau... :-°
je n'arrive pas à télécharger le scan online de bitdefender car je suis avec mozilla et c'est une version internet explorer.
je vais refaire un scan minutieux avec Antivir au prochain démarrage et puis aussi ça fait un mois que je n'ai pas défragmenté donc ça sera l'occasion
quoi d'autre ?
j'ai créé le point de restauration système et...
je te poste mon dernier rapport Hijackthis (je ne sais pas le lire):
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:27:24, on 01/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Sony\VAIO Launcher\Launcher.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
O1 - Hosts: "http://www.w3.org/TR/html4/loose.dtd">
O1 - Hosts: <html>
O1 - Hosts: <head>
O1 - Hosts: <script LANGUAGE="JavaScript">
O1 - Hosts: <!--
O1 - Hosts: if (window != top)
O1 - Hosts: top.location.href = location.href;
O1 - Hosts: // -->
O1 - Hosts: </script>
O1 - Hosts: <title>Site Unavailable</title>
O1 - Hosts: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
O1 - Hosts: <style type="text/css">
O1 - Hosts: body{text-align:center;}
O1 - Hosts: .geohead #geologo {width:270px;display:block; float:left; }
O1 - Hosts: .geohead #rightside {width:480px;display:block; float:right;border-bottom:1px solid #999999; height:27px;}
O1 - Hosts: .geohead #rightside #welcome {width:50%;display:block; float:left; text-align:left;}
O1 - Hosts: .geohead #rightside #wlinks {width:50%;display:block; float:right; text-align:right;}
O1 - Hosts: .bodywrap{display:block;height:470px;}
O1 - Hosts: .adcnt td {text-align:left;}
O1 - Hosts: .ybadge img {margin-top:6px;}
O1 - Hosts: .adttl{font-weight:bold;margin-bottom:3px;}
O1 - Hosts: .addescr{color:#6b6b6b; margin-bottom:3px;}
O1 - Hosts: .adlink a {color:#008200; text-decoration:none;}
O1 - Hosts: </style>
O1 - Hosts: </head>
O1 - Hosts: <body>
O1 - Hosts: <div id="maincnt">
O1 - Hosts: </div></div>
O1 - Hosts: <div class="bodywrap">
O1 - Hosts: <div class="bodycnt">
O1 - Hosts: <p>Are you the site owner?
O1 - Hosts: </div>
O1 - Hosts: <div class="adcnt">
O1 - Hosts: <div class="adsubt">SPONSORED LINKS</div>
O1 - Hosts: <!--<table width="172" border="0" bgcolor="#FFFFFF" class="adtable"><tr><td align=left>-->
O1 - Hosts: <div class="adtable">
O1 - Hosts: $25 Setup Waived</a></div>
O1 - Hosts: </div>
O1 - Hosts: <div class="adtable">
O1 - Hosts: </div>
O1 - Hosts: <div class="adtable">
O1 - Hosts: </div>
O1 - Hosts: <div class="adtable">
O1 - Hosts: </div>
O1 - Hosts: <div class="ybadge">
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: <div class=ftr>
O1 - Hosts: <hr size=1 width=100%>
O1 - Hosts: Copyright ©
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </body>
O1 - Hosts: </html>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'Default user')
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe
O4 - Global Startup: Audio Filter.lnk = C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
salut
telecharge ceci
http://dnl-eu5.kaspersky-labs.com/utils/klwk/klwk.zip
telecharge ceci
http://dnl-eu5.kaspersky-labs.com/utils/klwk/klwk.zip
merci de ta réponse, je veux bien essayer mais en bref, j'ai déjà téléchargé plein de choses qui n'ont pas marché. j'ai antivir comme antivirus, et je viens de faire un scan avec hijackthis comme indiqué sur mon premier message. je vais me coucher là car je n'en peux plus mais merci de continuer à m'aider si tu/vous le pouvez. je viens de passer une demi journée et toute ma soirée sur ce fucking brontok, alors merci mille fois de continuer à m'aider.
http://download.bitdefender.com/resources/files/Download/en/AntiBrontokA-en.exe
1. telecharge ce programme
2.exécute le
c"est désinfecteur pour le le cheval de troie Brontok.a
1. telecharge ce programme
2.exécute le
c"est désinfecteur pour le le cheval de troie Brontok.a
Il faut régler le problème de tes fichiers Hosts pour l'instant
fais ceci:
download ceci:
http://siri.urz.free.fr/Softs/RHosts.exe
installes et lances le programme.
Et tu refais un log Hiijacthis
j'ai remarqué que tu avais dépanné beaucoup de gens sur le forum. mais malgré tes conseils j'en suis toujours au même point. Rhosts m'a juste demandé si je voulais restaurer les hosts j'ai dit ok puis il est revenu au même message (voulez-vous restaurer...?). je n'ai pas l'impression qu'il se lance effectivement.tu ne m'as rien dit sur mon rapport hijackthis de début...? je crois que j'ai besoin d'explications pour débile ou alors que ma version de brontok est particulièrement résistante. merci de me répondre
Et tu refais un log Hiijacthis
Norman Generic Fix
Copyright © 1990 - 2006, Norman ASA. Built 2006/12/07 16:49:23
Norman Scanner Engine Version: 5.90.27
Nvcbin.def Version: 5.90.00, Date: 2006/12/07 16:49:23, Variants: 1469
Nvcmacro.def Version: 5.90.00, Date: 2006/05/30 15:17:46, Variants: 12
Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Home 5.1.2600 Service Pack 2
Logged on user: MALRAUX-1900\anne
Set registry value: HKCR\exefile\shell\open\command\ = "%1 %*" -> ""%1" %*"
Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe "C:\WINDOWS\eksplorasi.exe"" -> "Explorer.exe"
Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00923010
Scan started: 01/03/2008 14:44:55
Scanning running processes and process memory...
Number of processes/threads found: 2454
Number of processes/threads scanned: 2451
Number of processes/threads not scanned: 3
Number of infected processes/threads terminated: 0
Total scanning time: 1 minute 12 seconds
Scanning file system...
C:\*.*
Running post-scan cleanup routine:
Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe "C:\WINDOWS\eksplorasi.exe"" -> "Explorer.exe"
Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00933040
Number of files found: 67107
Number of archives unpacked: 3138
Number of files scanned: 67097
Number of files not scanned: 10
Number of files skipped due to exclude list: 0
Number of infections found: 0
Number of infected files repaired/deleted: 0
Total scanning time: 29 minutes 27 seconds