VIRUS TROJ
ALLIANCE
-
alliance1 Messages postés 5 Statut Membre -
alliance1 Messages postés 5 Statut Membre -
Bonjour,
j'ai 4 virus que je n'arrive pas à suprimer avec avast ni avec antivirus en ligne de secuser .com
les 4 virus sont:
troj BHO.IN
troj BHO.KF
troj BHO.OP
troj AGENT.IOX
anti virus en ligne ne peut les atteindre
il marque "cannot access" mais au moins il les a trouver...
peut ton m'aider à les enlever définitivement SVP!!!!
PS : j'ai des notions tres succintes en info alors svp ne me parler pas chinois...
j'ai 4 virus que je n'arrive pas à suprimer avec avast ni avec antivirus en ligne de secuser .com
les 4 virus sont:
troj BHO.IN
troj BHO.KF
troj BHO.OP
troj AGENT.IOX
anti virus en ligne ne peut les atteindre
il marque "cannot access" mais au moins il les a trouver...
peut ton m'aider à les enlever définitivement SVP!!!!
PS : j'ai des notions tres succintes en info alors svp ne me parler pas chinois...
A voir également:
- VIRUS TROJ
- Virus mcafee - Accueil - Piratage
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
- Ordinateur bloqué virus - Accueil - Arnaque
11 réponses
chercher les noms ici et essayer de corriger
http://www.inoculer.com/antivirus.php3
si apres ok
acheter un BON antivirus
http://www.inoculer.com/antivirus.php3
si apres ok
acheter un BON antivirus
Bonjour
Fais ceci pour commencer
Télécharge HijackThis :
---> http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis.exe
Installe le dans son propre dossier :
- clic droit sur le bureau, tu choisis "nouveau dossier" puis installe-le à l'intérieur.
Fais un clic droit sur Hijackthis, choisis "renommer" puis marque ceci : abcde.exe
Double-clic sur HijackThis. Clic sur "I Accept" puis clic sur "do a system scan and save logfile"
Puis copie et colle ici le rapport qu'il va te générer.
Démo pour HijackThis si besoin :
http://pageperso.aol.fr/balltrap34/demohijack.htm
Fais ceci pour commencer
Télécharge HijackThis :
---> http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis.exe
Installe le dans son propre dossier :
- clic droit sur le bureau, tu choisis "nouveau dossier" puis installe-le à l'intérieur.
Fais un clic droit sur Hijackthis, choisis "renommer" puis marque ceci : abcde.exe
Double-clic sur HijackThis. Clic sur "I Accept" puis clic sur "do a system scan and save logfile"
Puis copie et colle ici le rapport qu'il va te générer.
Démo pour HijackThis si besoin :
http://pageperso.aol.fr/balltrap34/demohijack.htm
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:36, on 03/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Orange\Deskboard\deskboard.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Orange\browser\browser.exe
C:\Documents and Settings\M. Coll\Local Settings\Temporary Internet Files\Content.IE5\5JMVULCB\HiJackThis[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: Sotfone Tracker Class - {10C52A42-DB8B-4ade-AA4A-CED6A8282B67} - C:\Program Files\Sotfone\1202928136.dll (file missing)
O2 - BHO: e404 helper - {2C566C34-7D72-4DC1-9BBE-1121A76698F8} - C:\Program Files\Helper\1203611937.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8EEEDAC0-70DF-41A4-94CC-494AE2421ADC} - C:\WINDOWS\system32\ddcya.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: e404 helper - {C03FD59D-9104-44B7-929A-9EAA0BA05211} - C:\Program Files\Helper\1202928133.dll (file missing)
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll (file missing)
O2 - BHO: {561e9faa-6845-349a-fb94-ffea769527fd} - {df725967-aeff-49bf-a943-5486aaf9e165} - C:\WINDOWS\system32\rrcwrcqt.dll
O2 - BHO: (no name) - {FA6E43E6-F825-4317-BBCC-EC8462D1F3A5} - C:\WINDOWS\system32\iifgday.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [NI.UGA6PV_0001_N122M1202] "c:\documents and settings\m. coll\application data\install_fr[2].exe"
O4 - HKLM\..\Run: [bm] "C:\Program Files\Fichiers communs\ProtectionAssuree\bm.exe" dm=http://protectionassuree.com ad=http://protectionassuree.com sd=http://gregistre.protectionassuree.com
O4 - HKLM\..\Run: [ptask] C:\Program Files\ProtectionAssuree\ptask.exe
O4 - HKLM\..\Run: [600bb319] rundll32.exe "C:\WINDOWS\system32\ktgmmsua.dll",b
O4 - HKLM\..\Run: [BM63388085] Rundll32.exe "C:\WINDOWS\system32\enuggptc.dll",s
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://siri.urz.free.fr
O15 - Trusted Zone: https://www.orange.fr/portail
O15 - Trusted Zone: http://www.secuser.com
O15 - Trusted Zone: http://www.smitfraudfix.com
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www.photoweb.fr/moncompte/Account/LogOn?ReturnUrl=%2ftransfert
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://secure.photobox.com/assets/aurigma/ImageUploader4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/ImageUploader5.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - https://www.photobox.fr/?channel=1005
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F098DD1-FD74-47C2-B3AC-2DD5F2328D56}: NameServer = 85.255.115.100,85.255.112.133
O17 - HKLM\System\CCS\Services\Tcpip\..\{504647A1-2058-42FD-B76E-E8C58BFE7645}: NameServer = 85.255.115.100,85.255.112.133
O17 - HKLM\System\CCS\Services\Tcpip\..\{93996572-AC57-4306-8749-DECAD5B41DC9}: NameServer = 85.255.115.100,85.255.112.133
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6FB9CFE-F1DF-4839-94E7-37DC733CA438}: NameServer = 85.255.115.100,85.255.112.133
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC2B4233-3D96-45CB-A205-0E83AC4AC25C}: NameServer = 85.255.115.100,85.255.112.133
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.100 85.255.112.133
O17 - HKLM\System\CS1\Services\Tcpip\..\{1F098DD1-FD74-47C2-B3AC-2DD5F2328D56}: NameServer = 85.255.115.100,85.255.112.133
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.100 85.255.112.133
O17 - HKLM\System\CS2\Services\Tcpip\..\{1F098DD1-FD74-47C2-B3AC-2DD5F2328D56}: NameServer = 85.255.115.100,85.255.112.133
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.100 85.255.112.133
O20 - Winlogon Notify: iifgday - C:\WINDOWS\SYSTEM32\iifgday.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
Scan saved at 12:29:36, on 03/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Orange\Deskboard\deskboard.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Orange\browser\browser.exe
C:\Documents and Settings\M. Coll\Local Settings\Temporary Internet Files\Content.IE5\5JMVULCB\HiJackThis[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: Sotfone Tracker Class - {10C52A42-DB8B-4ade-AA4A-CED6A8282B67} - C:\Program Files\Sotfone\1202928136.dll (file missing)
O2 - BHO: e404 helper - {2C566C34-7D72-4DC1-9BBE-1121A76698F8} - C:\Program Files\Helper\1203611937.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8EEEDAC0-70DF-41A4-94CC-494AE2421ADC} - C:\WINDOWS\system32\ddcya.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: e404 helper - {C03FD59D-9104-44B7-929A-9EAA0BA05211} - C:\Program Files\Helper\1202928133.dll (file missing)
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll (file missing)
O2 - BHO: {561e9faa-6845-349a-fb94-ffea769527fd} - {df725967-aeff-49bf-a943-5486aaf9e165} - C:\WINDOWS\system32\rrcwrcqt.dll
O2 - BHO: (no name) - {FA6E43E6-F825-4317-BBCC-EC8462D1F3A5} - C:\WINDOWS\system32\iifgday.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [NI.UGA6PV_0001_N122M1202] "c:\documents and settings\m. coll\application data\install_fr[2].exe"
O4 - HKLM\..\Run: [bm] "C:\Program Files\Fichiers communs\ProtectionAssuree\bm.exe" dm=http://protectionassuree.com ad=http://protectionassuree.com sd=http://gregistre.protectionassuree.com
O4 - HKLM\..\Run: [ptask] C:\Program Files\ProtectionAssuree\ptask.exe
O4 - HKLM\..\Run: [600bb319] rundll32.exe "C:\WINDOWS\system32\ktgmmsua.dll",b
O4 - HKLM\..\Run: [BM63388085] Rundll32.exe "C:\WINDOWS\system32\enuggptc.dll",s
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://siri.urz.free.fr
O15 - Trusted Zone: https://www.orange.fr/portail
O15 - Trusted Zone: http://www.secuser.com
O15 - Trusted Zone: http://www.smitfraudfix.com
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www.photoweb.fr/moncompte/Account/LogOn?ReturnUrl=%2ftransfert
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://secure.photobox.com/assets/aurigma/ImageUploader4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/ImageUploader5.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - https://www.photobox.fr/?channel=1005
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F098DD1-FD74-47C2-B3AC-2DD5F2328D56}: NameServer = 85.255.115.100,85.255.112.133
O17 - HKLM\System\CCS\Services\Tcpip\..\{504647A1-2058-42FD-B76E-E8C58BFE7645}: NameServer = 85.255.115.100,85.255.112.133
O17 - HKLM\System\CCS\Services\Tcpip\..\{93996572-AC57-4306-8749-DECAD5B41DC9}: NameServer = 85.255.115.100,85.255.112.133
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6FB9CFE-F1DF-4839-94E7-37DC733CA438}: NameServer = 85.255.115.100,85.255.112.133
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC2B4233-3D96-45CB-A205-0E83AC4AC25C}: NameServer = 85.255.115.100,85.255.112.133
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.100 85.255.112.133
O17 - HKLM\System\CS1\Services\Tcpip\..\{1F098DD1-FD74-47C2-B3AC-2DD5F2328D56}: NameServer = 85.255.115.100,85.255.112.133
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.100 85.255.112.133
O17 - HKLM\System\CS2\Services\Tcpip\..\{1F098DD1-FD74-47C2-B3AC-2DD5F2328D56}: NameServer = 85.255.115.100,85.255.112.133
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.100 85.255.112.133
O20 - Winlogon Notify: iifgday - C:\WINDOWS\SYSTEM32\iifgday.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
A faire dans l'ordre :
* Fais ce nettoyage: à faire réguliérement
*Télécharge et installe CCleaner (n'installe pas la barre d'outil Yahoo)
---> https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
- Dans la colonne de gauche clic sur "erreurs" coches toutes les cases, puis clic en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs" et tu auras un message pour sauvegarder ta base de registre tu clic "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs.
Les sauvegardes que tu aura faites, tu pourras les supprimer si ton ordinateur n'a plus de problémes.
- Relance Ccleaner, vas dans l'onglet "nettoyeur" présent sur la gauche, decoches la derniere case (Avancé si elle est cochée) puis clic sur "lancer le nettoyage"
Si tu as besoin d'aide avec Ccleaner, regarde ce tutoriel :
https://kerio.probb.fr/t242-tuto-ccleaner-v-2
* Télécharge FixWareout sur le bureau
---> https://www.bleepingcomputer.com/download/linux/
Double clic dessus.
Clic sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clic sur Finish.
Le fix va commencer, suis les messages à l'écran.
Il te sera demandé de redémarrer ton ordinateur, fais-le.
Ton système mettra un peu plus de temps au démarrage, c'est normal.
Copie et colle ici le contenu du fichier report.txt qui s'affichera à l'écran aussi présent dans C:\fixwareout\report.txt
* Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked"
O2 - BHO: Sotfone Tracker Class - {10C52A42-DB8B-4ade-AA4A-CED6A8282B67} - C:\Program Files\Sotfone\1202928136.dll (file missing)
O2 - BHO: e404 helper - {2C566C34-7D72-4DC1-9BBE-1121A76698F8} - C:\Program Files\Helper\1203611937.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8EEEDAC0-70DF-41A4-94CC-494AE2421ADC} - C:\WINDOWS\system32\ddcya.dll
O2 - BHO: e404 helper - {C03FD59D-9104-44B7-929A-9EAA0BA05211} - C:\Program Files\Helper\1202928133.dll (file missing)
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll (file missing)
O2 - BHO: {561e9faa-6845-349a-fb94-ffea769527fd} - {df725967-aeff-49bf-a943-5486aaf9e165} - C:\WINDOWS\system32\rrcwrcqt.dll
O2 - BHO: (no name) - {FA6E43E6-F825-4317-BBCC-EC8462D1F3A5} - C:\WINDOWS\system32\iifgday.dll
O4 - HKLM\..\Run: [NI.UGA6PV_0001_N122M1202] "c:\documents and settings\m. coll\application data\install_fr[2].exe"
O4 - HKLM\..\Run: [bm] "C:\Program Files\Fichiers communs\ProtectionAssuree\bm.exe" dm=http://protectionassuree.com ad=http://protectionassuree.com sd=http://gregistre.protectionassuree.com
O4 - HKLM\..\Run: [ptask] C:\Program Files\ProtectionAssuree\ptask.exe
O4 - HKLM\..\Run: [600bb319] rundll32.exe "C:\WINDOWS\system32\ktgmmsua.dll",b
O4 - HKLM\..\Run: [BM63388085] Rundll32.exe "C:\WINDOWS\system32\enuggptc.dll",s
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www.photoweb.fr/moncompte/Account/LogOn?ReturnUrl=%2ftransfert
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://secure.photobox.com/assets/aurigma/ImageUploader4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - https://copainsdavant.linternaute.com/
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - https://www.photobox.fr/?channel=1005
O20 - Winlogon Notify: iifgday - C:\WINDOWS\SYSTEM32\iifgday.dll
* Télécharge VundoFix
---> http://redir.fr/goqv
Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..
double clic dessus choisis "start for vundo"
attends quelques minutes, quand le scan est terminé clic sur "remove vundo"
un message te demandera si tu veux supprimes les fichiers sur "yes"
Quand il a terminé, clic sur "yes" ton ordinateur devrait redemarrer sinon, fais le par toi même
Une fois qu'il a redemarré colle le rapport C:\vundofix.txt
ET
Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu.
* Télécharge OTMoveIt sur ton bureau
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
Double clic sur OTMoveIt.exe
Sélectionne et copie les lignes ci-dessous
C:\Program Files\Sotfone\
C:\Program Files\Helper\
C:\WINDOWS\system32\ddcya.dll
C:\WINDOWS\system32\ktgmmsua.dll
C:\WINDOWS\system32\enuggptc.dll
C:\Program Files\NetProject
C:\WINDOWS\system32\iifgday.dll
C:\WINDOWS\system32\rrcwrcqt.dll
C:\Program Files\Fichiers communs\ProtectionAssuree
Retourne dans OTMoveit, fais un clic droit dans la fenêtre "Paste Standard List of Files/Folders to move" et choisis "coller".
Clic sur le boutton rouge Moveit et clic sur Exit
Si un fichier ou un dossier ne peut être déplacer immédiatement il te sera demander de redémarrer ta machine pour finir l'exécution, si c'est le cas, clic sur "Yes"
Copie et colle le rapport qu'il va te générer ici stp. Le rapport d'OTMoveit se trouve dans ce dossier : C:\_OTMoveIt\MovedFiles
ça ne sera pas terminé, tu es es et tu seras encore infecté après ces manipulations.
* Fais ce nettoyage: à faire réguliérement
*Télécharge et installe CCleaner (n'installe pas la barre d'outil Yahoo)
---> https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
- Dans la colonne de gauche clic sur "erreurs" coches toutes les cases, puis clic en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs" et tu auras un message pour sauvegarder ta base de registre tu clic "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs.
Les sauvegardes que tu aura faites, tu pourras les supprimer si ton ordinateur n'a plus de problémes.
- Relance Ccleaner, vas dans l'onglet "nettoyeur" présent sur la gauche, decoches la derniere case (Avancé si elle est cochée) puis clic sur "lancer le nettoyage"
Si tu as besoin d'aide avec Ccleaner, regarde ce tutoriel :
https://kerio.probb.fr/t242-tuto-ccleaner-v-2
* Télécharge FixWareout sur le bureau
---> https://www.bleepingcomputer.com/download/linux/
Double clic dessus.
Clic sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clic sur Finish.
Le fix va commencer, suis les messages à l'écran.
Il te sera demandé de redémarrer ton ordinateur, fais-le.
Ton système mettra un peu plus de temps au démarrage, c'est normal.
Copie et colle ici le contenu du fichier report.txt qui s'affichera à l'écran aussi présent dans C:\fixwareout\report.txt
* Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked"
O2 - BHO: Sotfone Tracker Class - {10C52A42-DB8B-4ade-AA4A-CED6A8282B67} - C:\Program Files\Sotfone\1202928136.dll (file missing)
O2 - BHO: e404 helper - {2C566C34-7D72-4DC1-9BBE-1121A76698F8} - C:\Program Files\Helper\1203611937.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8EEEDAC0-70DF-41A4-94CC-494AE2421ADC} - C:\WINDOWS\system32\ddcya.dll
O2 - BHO: e404 helper - {C03FD59D-9104-44B7-929A-9EAA0BA05211} - C:\Program Files\Helper\1202928133.dll (file missing)
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll (file missing)
O2 - BHO: {561e9faa-6845-349a-fb94-ffea769527fd} - {df725967-aeff-49bf-a943-5486aaf9e165} - C:\WINDOWS\system32\rrcwrcqt.dll
O2 - BHO: (no name) - {FA6E43E6-F825-4317-BBCC-EC8462D1F3A5} - C:\WINDOWS\system32\iifgday.dll
O4 - HKLM\..\Run: [NI.UGA6PV_0001_N122M1202] "c:\documents and settings\m. coll\application data\install_fr[2].exe"
O4 - HKLM\..\Run: [bm] "C:\Program Files\Fichiers communs\ProtectionAssuree\bm.exe" dm=http://protectionassuree.com ad=http://protectionassuree.com sd=http://gregistre.protectionassuree.com
O4 - HKLM\..\Run: [ptask] C:\Program Files\ProtectionAssuree\ptask.exe
O4 - HKLM\..\Run: [600bb319] rundll32.exe "C:\WINDOWS\system32\ktgmmsua.dll",b
O4 - HKLM\..\Run: [BM63388085] Rundll32.exe "C:\WINDOWS\system32\enuggptc.dll",s
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www.photoweb.fr/moncompte/Account/LogOn?ReturnUrl=%2ftransfert
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://secure.photobox.com/assets/aurigma/ImageUploader4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - https://copainsdavant.linternaute.com/
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - https://www.photobox.fr/?channel=1005
O20 - Winlogon Notify: iifgday - C:\WINDOWS\SYSTEM32\iifgday.dll
* Télécharge VundoFix
---> http://redir.fr/goqv
Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..
double clic dessus choisis "start for vundo"
attends quelques minutes, quand le scan est terminé clic sur "remove vundo"
un message te demandera si tu veux supprimes les fichiers sur "yes"
Quand il a terminé, clic sur "yes" ton ordinateur devrait redemarrer sinon, fais le par toi même
Une fois qu'il a redemarré colle le rapport C:\vundofix.txt
ET
Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu.
* Télécharge OTMoveIt sur ton bureau
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
Double clic sur OTMoveIt.exe
Sélectionne et copie les lignes ci-dessous
C:\Program Files\Sotfone\
C:\Program Files\Helper\
C:\WINDOWS\system32\ddcya.dll
C:\WINDOWS\system32\ktgmmsua.dll
C:\WINDOWS\system32\enuggptc.dll
C:\Program Files\NetProject
C:\WINDOWS\system32\iifgday.dll
C:\WINDOWS\system32\rrcwrcqt.dll
C:\Program Files\Fichiers communs\ProtectionAssuree
Retourne dans OTMoveit, fais un clic droit dans la fenêtre "Paste Standard List of Files/Folders to move" et choisis "coller".
Clic sur le boutton rouge Moveit et clic sur Exit
Si un fichier ou un dossier ne peut être déplacer immédiatement il te sera demander de redémarrer ta machine pour finir l'exécution, si c'est le cas, clic sur "Yes"
Copie et colle le rapport qu'il va te générer ici stp. Le rapport d'OTMoveit se trouve dans ce dossier : C:\_OTMoveIt\MovedFiles
ça ne sera pas terminé, tu es es et tu seras encore infecté après ces manipulations.
Username "M. Coll" - 03/03/2008 18:17:48 [Fixwareout edited 9/01/2007]
~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdiqz.exe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.115.100 85.255.112.133" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{1F098DD1-FD74-47C2-B3AC-2DD5F2328D56}
"nameserver"="85.255.115.100,85.255.112.133" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{504647A1-2058-42FD-B76E-E8C58BFE7645}
"nameserver"="85.255.115.100,85.255.112.133" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{93996572-AC57-4306-8749-DECAD5B41DC9}
"nameserver"="85.255.115.100,85.255.112.133" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{D6FB9CFE-F1DF-4839-94E7-37DC733CA438}
"nameserver"="85.255.115.100,85.255.112.133" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{FC2B4233-3D96-45CB-A205-0E83AC4AC25C}
"nameserver"="85.255.115.100,85.255.112.133" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{1F098DD1-FD74-47C2-B3AC-2DD5F2328D56}
"DhcpNameServer"="85.255.115.100,85.255.112.133" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{93996572-AC57-4306-8749-DECAD5B41DC9}
"DhcpNameServer"="85.255.115.100,85.255.112.133" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{D6FB9CFE-F1DF-4839-94E7-37DC733CA438}
"DhcpNameServer"="85.255.115.100,85.255.112.133" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{FC2B4233-3D96-45CB-A205-0E83AC4AC25C}
"DhcpNameServer"="85.255.115.100,85.255.112.133" <Value cleared.
Cache de résolution DNS vidé.
System was rebooted successfully.
~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Other
C:\WINDOWS\Temp\kdiqz.ren 82432 13/06/2007
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"MMTray"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Sony Ericsson PC Suite"="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"SystrayORAHSS"="\"C:\\Program Files\\Orange\\Systray\\SystrayApp.exe\""
"ORAHSSSessionManager"="C:\\Program Files\\Orange\\SessionManager\\SessionManager.exe"
"NI.UGA6PV_0001_N122M1202"="\"c:\\documents and settings\\m. coll\\application data\\install_fr[2].exe\""
"600bb319"="rundll32.exe \"C:\\WINDOWS\\system32\\ktgmmsua.dll\",b"
"BM63388085"="Rundll32.exe \"C:\\WINDOWS\\system32\\enuggptc.dll\",s"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdiqz.exe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.115.100 85.255.112.133" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{1F098DD1-FD74-47C2-B3AC-2DD5F2328D56}
"nameserver"="85.255.115.100,85.255.112.133" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{504647A1-2058-42FD-B76E-E8C58BFE7645}
"nameserver"="85.255.115.100,85.255.112.133" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{93996572-AC57-4306-8749-DECAD5B41DC9}
"nameserver"="85.255.115.100,85.255.112.133" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{D6FB9CFE-F1DF-4839-94E7-37DC733CA438}
"nameserver"="85.255.115.100,85.255.112.133" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{FC2B4233-3D96-45CB-A205-0E83AC4AC25C}
"nameserver"="85.255.115.100,85.255.112.133" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{1F098DD1-FD74-47C2-B3AC-2DD5F2328D56}
"DhcpNameServer"="85.255.115.100,85.255.112.133" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{93996572-AC57-4306-8749-DECAD5B41DC9}
"DhcpNameServer"="85.255.115.100,85.255.112.133" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{D6FB9CFE-F1DF-4839-94E7-37DC733CA438}
"DhcpNameServer"="85.255.115.100,85.255.112.133" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{FC2B4233-3D96-45CB-A205-0E83AC4AC25C}
"DhcpNameServer"="85.255.115.100,85.255.112.133" <Value cleared.
Cache de résolution DNS vidé.
System was rebooted successfully.
~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Other
C:\WINDOWS\Temp\kdiqz.ren 82432 13/06/2007
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"MMTray"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Sony Ericsson PC Suite"="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"SystrayORAHSS"="\"C:\\Program Files\\Orange\\Systray\\SystrayApp.exe\""
"ORAHSSSessionManager"="C:\\Program Files\\Orange\\SessionManager\\SessionManager.exe"
"NI.UGA6PV_0001_N122M1202"="\"c:\\documents and settings\\m. coll\\application data\\install_fr[2].exe\""
"600bb319"="rundll32.exe \"C:\\WINDOWS\\system32\\ktgmmsua.dll\",b"
"BM63388085"="Rundll32.exe \"C:\\WINDOWS\\system32\\enuggptc.dll\",s"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
VundoFix V6.7.10
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Scan started at 18:48:00 03/03/2008
Listing files found while scanning....
C:\WINDOWS\system32\armebquc.dll
C:\WINDOWS\system32\aycdd.ini
C:\WINDOWS\system32\aycdd.ini2
C:\WINDOWS\system32\bfqgtmuo.dll
C:\WINDOWS\system32\blyfryfr.dll
C:\WINDOWS\system32\ddcya.dll
C:\WINDOWS\system32\enuggptc.dll
C:\WINDOWS\system32\etmpfmds.dll
C:\WINDOWS\system32\iifgday.dll
C:\WINDOWS\system32\ivxjmiet.dll
C:\WINDOWS\system32\jxqxxtxs.dll
C:\WINDOWS\system32\ktgmmsua.dll
C:\WINDOWS\system32\lbibevdv.dll
C:\WINDOWS\system32\ltjgiifk.dll
C:\WINDOWS\system32\lwutxwor.dll
C:\WINDOWS\system32\onliogxb.dll
C:\WINDOWS\system32\oumtgqfb.ini
C:\WINDOWS\system32\pnmvgjcs.dll
C:\WINDOWS\system32\roqujylo.dll
C:\WINDOWS\system32\woxehjbm.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\armebquc.dll
C:\WINDOWS\system32\armebquc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\aycdd.ini
C:\WINDOWS\system32\aycdd.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\aycdd.ini2
C:\WINDOWS\system32\aycdd.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\bfqgtmuo.dll
C:\WINDOWS\system32\bfqgtmuo.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\blyfryfr.dll
C:\WINDOWS\system32\blyfryfr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddcya.dll
C:\WINDOWS\system32\ddcya.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\enuggptc.dll
C:\WINDOWS\system32\enuggptc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\etmpfmds.dll
C:\WINDOWS\system32\etmpfmds.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\iifgday.dll
C:\WINDOWS\system32\iifgday.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\ivxjmiet.dll
C:\WINDOWS\system32\ivxjmiet.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jxqxxtxs.dll
C:\WINDOWS\system32\jxqxxtxs.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ktgmmsua.dll
C:\WINDOWS\system32\ktgmmsua.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\lbibevdv.dll
C:\WINDOWS\system32\lbibevdv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ltjgiifk.dll
C:\WINDOWS\system32\ltjgiifk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\lwutxwor.dll
C:\WINDOWS\system32\lwutxwor.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\onliogxb.dll
C:\WINDOWS\system32\onliogxb.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\oumtgqfb.ini
C:\WINDOWS\system32\oumtgqfb.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\pnmvgjcs.dll
C:\WINDOWS\system32\pnmvgjcs.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\roqujylo.dll
C:\WINDOWS\system32\roqujylo.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\woxehjbm.dll
C:\WINDOWS\system32\woxehjbm.dll Has been deleted!
Performing Repairs to the registry.
Done!
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Scan started at 18:48:00 03/03/2008
Listing files found while scanning....
C:\WINDOWS\system32\armebquc.dll
C:\WINDOWS\system32\aycdd.ini
C:\WINDOWS\system32\aycdd.ini2
C:\WINDOWS\system32\bfqgtmuo.dll
C:\WINDOWS\system32\blyfryfr.dll
C:\WINDOWS\system32\ddcya.dll
C:\WINDOWS\system32\enuggptc.dll
C:\WINDOWS\system32\etmpfmds.dll
C:\WINDOWS\system32\iifgday.dll
C:\WINDOWS\system32\ivxjmiet.dll
C:\WINDOWS\system32\jxqxxtxs.dll
C:\WINDOWS\system32\ktgmmsua.dll
C:\WINDOWS\system32\lbibevdv.dll
C:\WINDOWS\system32\ltjgiifk.dll
C:\WINDOWS\system32\lwutxwor.dll
C:\WINDOWS\system32\onliogxb.dll
C:\WINDOWS\system32\oumtgqfb.ini
C:\WINDOWS\system32\pnmvgjcs.dll
C:\WINDOWS\system32\roqujylo.dll
C:\WINDOWS\system32\woxehjbm.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\armebquc.dll
C:\WINDOWS\system32\armebquc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\aycdd.ini
C:\WINDOWS\system32\aycdd.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\aycdd.ini2
C:\WINDOWS\system32\aycdd.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\bfqgtmuo.dll
C:\WINDOWS\system32\bfqgtmuo.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\blyfryfr.dll
C:\WINDOWS\system32\blyfryfr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddcya.dll
C:\WINDOWS\system32\ddcya.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\enuggptc.dll
C:\WINDOWS\system32\enuggptc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\etmpfmds.dll
C:\WINDOWS\system32\etmpfmds.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\iifgday.dll
C:\WINDOWS\system32\iifgday.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\ivxjmiet.dll
C:\WINDOWS\system32\ivxjmiet.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jxqxxtxs.dll
C:\WINDOWS\system32\jxqxxtxs.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ktgmmsua.dll
C:\WINDOWS\system32\ktgmmsua.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\lbibevdv.dll
C:\WINDOWS\system32\lbibevdv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ltjgiifk.dll
C:\WINDOWS\system32\ltjgiifk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\lwutxwor.dll
C:\WINDOWS\system32\lwutxwor.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\onliogxb.dll
C:\WINDOWS\system32\onliogxb.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\oumtgqfb.ini
C:\WINDOWS\system32\oumtgqfb.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\pnmvgjcs.dll
C:\WINDOWS\system32\pnmvgjcs.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\roqujylo.dll
C:\WINDOWS\system32\roqujylo.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\woxehjbm.dll
C:\WINDOWS\system32\woxehjbm.dll Has been deleted!
Performing Repairs to the registry.
Done!
03/03/2008, 19:45:45] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\M. Coll\Bureau\VirtumundoBeGone.exe" )
[03/03/2008, 19:45:47] - Detected System Information:
[03/03/2008, 19:45:47] - Windows Version: 5.1.2600, Service Pack 2
[03/03/2008, 19:45:47] - Current Username: M. Coll (Admin)
[03/03/2008, 19:45:47] - Windows is in NORMAL mode.
[03/03/2008, 19:45:47] - Searching for Browser Helper Objects:
[03/03/2008, 19:45:47] - BHO 1: {8270BD5A-A65B-4056-BC48-F591617DC411} ()
[03/03/2008, 19:45:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/03/2008, 19:45:47] - Checking for HKLM\...\Winlogon\Notify\ddcya
[03/03/2008, 19:45:47] - Key not found: HKLM\...\Winlogon\Notify\ddcya, continuing.
[03/03/2008, 19:45:47] - BHO 2: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[03/03/2008, 19:45:47] - BHO 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[03/03/2008, 19:45:47] - BHO 4: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[03/03/2008, 19:45:47] - BHO 5: {b1f384ab-5bc4-417f-9676-2da15787f17a} ()
[03/03/2008, 19:45:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/03/2008, 19:45:47] - Checking for HKLM\...\Winlogon\Notify\lbibevdv
[03/03/2008, 19:45:47] - Key not found: HKLM\...\Winlogon\Notify\lbibevdv, continuing.
[03/03/2008, 19:45:47] - Finished Searching Browser Helper Objects
[03/03/2008, 19:45:47] - Finishing up...
[03/03/2008, 19:45:47] - Nothing found! Exiting...
[03/03/2008, 19:45:47] - Detected System Information:
[03/03/2008, 19:45:47] - Windows Version: 5.1.2600, Service Pack 2
[03/03/2008, 19:45:47] - Current Username: M. Coll (Admin)
[03/03/2008, 19:45:47] - Windows is in NORMAL mode.
[03/03/2008, 19:45:47] - Searching for Browser Helper Objects:
[03/03/2008, 19:45:47] - BHO 1: {8270BD5A-A65B-4056-BC48-F591617DC411} ()
[03/03/2008, 19:45:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/03/2008, 19:45:47] - Checking for HKLM\...\Winlogon\Notify\ddcya
[03/03/2008, 19:45:47] - Key not found: HKLM\...\Winlogon\Notify\ddcya, continuing.
[03/03/2008, 19:45:47] - BHO 2: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[03/03/2008, 19:45:47] - BHO 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[03/03/2008, 19:45:47] - BHO 4: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[03/03/2008, 19:45:47] - BHO 5: {b1f384ab-5bc4-417f-9676-2da15787f17a} ()
[03/03/2008, 19:45:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/03/2008, 19:45:47] - Checking for HKLM\...\Winlogon\Notify\lbibevdv
[03/03/2008, 19:45:47] - Key not found: HKLM\...\Winlogon\Notify\lbibevdv, continuing.
[03/03/2008, 19:45:47] - Finished Searching Browser Helper Objects
[03/03/2008, 19:45:47] - Finishing up...
[03/03/2008, 19:45:47] - Nothing found! Exiting...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:47:41, on 03/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Orange\Deskboard\deskboard.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Orange\browser\browser.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\PROGRA~1\NfoDiz\Nfodiz.exe
C:\Documents and Settings\M. Coll\Local Settings\Temporary Internet Files\Content.IE5\9BLSR10H\HiJackThis[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: (no name) - {8270BD5A-A65B-4056-BC48-F591617DC411} - C:\WINDOWS\system32\ddcya.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: {a71f7875-1ad2-6769-f714-4cb5ba483f1b} - {b1f384ab-5bc4-417f-9676-2da15787f17a} - C:\WINDOWS\system32\lbibevdv.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [600bb319] rundll32.exe "C:\WINDOWS\system32\hhcujbig.dll",b
O4 - HKLM\..\Run: [BM63388085] Rundll32.exe "C:\WINDOWS\system32\onliogxb.dll",s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://siri.urz.free.fr
O15 - Trusted Zone: https://www.orange.fr/portail
O15 - Trusted Zone: http://www.secuser.com
O15 - Trusted Zone: http://www.smitfraudfix.com
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www.photoweb.fr/moncompte/Account/LogOn?ReturnUrl=%2ftransfert
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
Scan saved at 19:47:41, on 03/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Orange\Deskboard\deskboard.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Orange\browser\browser.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\PROGRA~1\NfoDiz\Nfodiz.exe
C:\Documents and Settings\M. Coll\Local Settings\Temporary Internet Files\Content.IE5\9BLSR10H\HiJackThis[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: (no name) - {8270BD5A-A65B-4056-BC48-F591617DC411} - C:\WINDOWS\system32\ddcya.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: {a71f7875-1ad2-6769-f714-4cb5ba483f1b} - {b1f384ab-5bc4-417f-9676-2da15787f17a} - C:\WINDOWS\system32\lbibevdv.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [600bb319] rundll32.exe "C:\WINDOWS\system32\hhcujbig.dll",b
O4 - HKLM\..\Run: [BM63388085] Rundll32.exe "C:\WINDOWS\system32\onliogxb.dll",s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://siri.urz.free.fr
O15 - Trusted Zone: https://www.orange.fr/portail
O15 - Trusted Zone: http://www.secuser.com
O15 - Trusted Zone: http://www.smitfraudfix.com
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www.photoweb.fr/moncompte/Account/LogOn?ReturnUrl=%2ftransfert
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
Folder C:\Program Files\Sotfone\ not found.
Folder C:\Program Files\Helper\ not found.
File/Folder C:\WINDOWS\system32\ddcya.dll not found.
File/Folder C:\WINDOWS\system32\ktgmmsua.dll not found.
File/Folder C:\WINDOWS\system32\enuggptc.dll not found.
File/Folder C:\Program Files\NetProject not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\iifgday.dll
C:\WINDOWS\system32\iifgday.dll NOT unregistered.
C:\WINDOWS\system32\iifgday.dll moved successfully.
File/Folder C:\WINDOWS\system32\rrcwrcqt.dll not found.
File/Folder C:\Program Files\Fichiers communs\ProtectionAssuree not found.
File/Folder not found.
File/Folder not found.
OTMoveIt2 v1.0.20 log created on 03032008_195107
Folder C:\Program Files\Helper\ not found.
File/Folder C:\WINDOWS\system32\ddcya.dll not found.
File/Folder C:\WINDOWS\system32\ktgmmsua.dll not found.
File/Folder C:\WINDOWS\system32\enuggptc.dll not found.
File/Folder C:\Program Files\NetProject not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\iifgday.dll
C:\WINDOWS\system32\iifgday.dll NOT unregistered.
C:\WINDOWS\system32\iifgday.dll moved successfully.
File/Folder C:\WINDOWS\system32\rrcwrcqt.dll not found.
File/Folder C:\Program Files\Fichiers communs\ProtectionAssuree not found.
File/Folder not found.
File/Folder not found.
OTMoveIt2 v1.0.20 log created on 03032008_195107