Trojan-Downloader.Win32.Small.sth
Fermé
Sillygirl
-
16 mars 2008 à 22:33
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 28 mars 2008 à 08:21
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 28 mars 2008 à 08:21
A voir également:
- Trojan-Downloader.Win32.Small.sth
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Trojan al11 - Forum Virus
- Csrss.exe trojan - Forum Virus
- Trojan agent ✓ - Forum Virus
- Csrss.exe : processus suspect/virus ? - Forum Virus
13 réponses
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
16 mars 2008 à 22:38
16 mars 2008 à 22:38
slt,
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
_______________
scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
________________
colle un rapport hijackhtis
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
_______________
scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
________________
colle un rapport hijackhtis
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
17 mars 2008 à 10:14
17 mars 2008 à 10:14
c'est pas ce que j'ai demandé ... meme si msnfix est très efficace aussi
a plus
a plus
je suis désolante...
[b]SDFix: Version 1.158 [/b]
Run by Rouss' on 17/03/2008 at 11:48
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\Rouss'\Bureau\SDFix
[b]Checking Services [/b]:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
No Trojan Files Found
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-17 11:52:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile"=str(2):"c:\windows\system32\ESENT.dll"
"CategoryMessageFile"=str(2):"c:\windows\system32\ESENT.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cbidf]
"EventMessageFile"=str(2):"%SystemRoot%\System32\IoLogMsg.dll"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\e1express]
"EventMessageFile"=str(2):"%SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\e1000msg.dll"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\iaStor]
"EventMessageFile"=str(2):"%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\iaStor.sys"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\W32Time]
"TypesSupported"=dword:00000007
"EventMessageFile"=str(2):"C:\WINDOWS\system32\w32time.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\wanatw]
"EventMessageFile"=str(2):"%SystemRoot%\System32\netevent.dll"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\System\cbidf]
"EventMessageFile"=str(2):"%SystemRoot%\System32\IoLogMsg.dll"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\System\e1express]
"EventMessageFile"=str(2):"%SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\e1000msg.dll"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\System\iaStor]
"EventMessageFile"=str(2):"%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\iaStor.sys"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\System\W32Time]
"TypesSupported"=dword:00000007
"EventMessageFile"=str(2):"C:\WINDOWS\system32\w32time.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\System\wanatw]
"EventMessageFile"=str(2):"%SystemRoot%\System32\netevent.dll"
"TypesSupported"=dword:00000007
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{077ACEC7-979C-40AB-
9835-435BA1511E0D}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{077ACEC7-979C-40AB-9835-435BA1511E0D}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}\MPPRE10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}
\mppre10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{30C7234B-6482-4A55-
A11D-ECD9030313F2}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{30C7234B-6482-4A55-A11D-ECD9030313F2}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDM10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}
\wmdm10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{981FB688-E76B-4246-
987B-92083185B90A}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{981FB688-E76B-4246-987B-92083185B90A}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\WPD10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}
\wpd10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{A47B3654-48EE-48A5-
B629-97D70175E58F}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{A47B3654-48EE-48A5-B629-97D70175E58F}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\codecs10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}
\codecs10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{AAC1D942-0B38-4E37-
9E4E-5B96A9DD2170}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMFSDK10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}
\wmfsdk10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{C5B8FBE9-645E-4484-
A7AA-E8DA9A70DD77}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\DRM10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}
\drm10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents\SwFlash]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Mass Storage]
"DeviceInterface"="{53F5630D-B6BF-11D0-94F2-00A0C91EFB8B}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Portable Audio
Players]
"DeviceInterface"="{F33FDC04-D1AC-4E8E-9A30-19BBD4B108AE}"
"FilterParameter"="UseExtendedWmdm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Windows CE]
"DeviceInterface"="{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDevices\WinCEDevice]
"DeviceInterface"="{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}"
"WMDMSPCLSID"="{067B4B81-B1EC-489f-B111-940EBDC44EBE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\Plugins\SCP\SCPTRANS]
"ProgID"="MsScp.SCPTRANS.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\Plugins\SP\WMDMCESP]
"ProgID"="WMDMCESP.WMDMCESP"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\Plugins\SP\WPDSp]
"PnPAware"=dword:00000001
"ProgID"="WPDSp.WPDServiceProvider"
scanning hidden files ...
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Microsoft\Windows\GameExplorer\{DFEF49D9-
FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1100 bytes hidden from API
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 70
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\
authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network
Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Documents and Settings\\Rouss'\\Mes documents\\t‚l‚chargements\\Azureus\\Azureus.exe"="C:\\Documents and
Settings\\Rouss'\\Mes documents\\t‚l‚chargements\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows
Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows
Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
@=""
"C:\\WINDOWS\\system32\\rnlzrf.exe"="C:\\WINDOWS\\system32\\rnlzrf.exe:*:Enabled:Flash Media"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype.
Take a deep breath "
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\au
thorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network
Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows
Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows
Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\DOCUME~1\Rouss'\Bureau\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Thu 3 May 2007 104 ..SHR --- "C:\WINDOWS\system32\49CBC9B025.sys"
Thu 3 May 2007 6,216 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Thu 24 Jan 2008 0 A..H. ---
"C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BITC.tmp"
[b]Finished![/b]
[b]SDFix: Version 1.158 [/b]
Run by Rouss' on 17/03/2008 at 11:48
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\Rouss'\Bureau\SDFix
[b]Checking Services [/b]:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
No Trojan Files Found
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-17 11:52:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile"=str(2):"c:\windows\system32\ESENT.dll"
"CategoryMessageFile"=str(2):"c:\windows\system32\ESENT.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cbidf]
"EventMessageFile"=str(2):"%SystemRoot%\System32\IoLogMsg.dll"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\e1express]
"EventMessageFile"=str(2):"%SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\e1000msg.dll"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\iaStor]
"EventMessageFile"=str(2):"%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\iaStor.sys"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\W32Time]
"TypesSupported"=dword:00000007
"EventMessageFile"=str(2):"C:\WINDOWS\system32\w32time.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\wanatw]
"EventMessageFile"=str(2):"%SystemRoot%\System32\netevent.dll"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\System\cbidf]
"EventMessageFile"=str(2):"%SystemRoot%\System32\IoLogMsg.dll"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\System\e1express]
"EventMessageFile"=str(2):"%SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\e1000msg.dll"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\System\iaStor]
"EventMessageFile"=str(2):"%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\iaStor.sys"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\System\W32Time]
"TypesSupported"=dword:00000007
"EventMessageFile"=str(2):"C:\WINDOWS\system32\w32time.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\System\wanatw]
"EventMessageFile"=str(2):"%SystemRoot%\System32\netevent.dll"
"TypesSupported"=dword:00000007
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{077ACEC7-979C-40AB-
9835-435BA1511E0D}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{077ACEC7-979C-40AB-9835-435BA1511E0D}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}\MPPRE10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}
\mppre10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{30C7234B-6482-4A55-
A11D-ECD9030313F2}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{30C7234B-6482-4A55-A11D-ECD9030313F2}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDM10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}
\wmdm10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{981FB688-E76B-4246-
987B-92083185B90A}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{981FB688-E76B-4246-987B-92083185B90A}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\WPD10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}
\wpd10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{A47B3654-48EE-48A5-
B629-97D70175E58F}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{A47B3654-48EE-48A5-B629-97D70175E58F}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\codecs10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}
\codecs10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{AAC1D942-0B38-4E37-
9E4E-5B96A9DD2170}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMFSDK10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}
\wmfsdk10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{C5B8FBE9-645E-4484-
A7AA-E8DA9A70DD77}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\DRM10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}
\drm10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents\SwFlash]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Mass Storage]
"DeviceInterface"="{53F5630D-B6BF-11D0-94F2-00A0C91EFB8B}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Portable Audio
Players]
"DeviceInterface"="{F33FDC04-D1AC-4E8E-9A30-19BBD4B108AE}"
"FilterParameter"="UseExtendedWmdm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Windows CE]
"DeviceInterface"="{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDevices\WinCEDevice]
"DeviceInterface"="{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}"
"WMDMSPCLSID"="{067B4B81-B1EC-489f-B111-940EBDC44EBE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\Plugins\SCP\SCPTRANS]
"ProgID"="MsScp.SCPTRANS.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\Plugins\SP\WMDMCESP]
"ProgID"="WMDMCESP.WMDMCESP"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\Plugins\SP\WPDSp]
"PnPAware"=dword:00000001
"ProgID"="WPDSp.WPDServiceProvider"
scanning hidden files ...
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Microsoft\Windows\GameExplorer\{DFEF49D9-
FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1100 bytes hidden from API
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 70
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\
authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network
Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Documents and Settings\\Rouss'\\Mes documents\\t‚l‚chargements\\Azureus\\Azureus.exe"="C:\\Documents and
Settings\\Rouss'\\Mes documents\\t‚l‚chargements\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows
Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows
Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
@=""
"C:\\WINDOWS\\system32\\rnlzrf.exe"="C:\\WINDOWS\\system32\\rnlzrf.exe:*:Enabled:Flash Media"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype.
Take a deep breath "
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\au
thorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network
Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows
Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows
Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\DOCUME~1\Rouss'\Bureau\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Thu 3 May 2007 104 ..SHR --- "C:\WINDOWS\system32\49CBC9B025.sys"
Thu 3 May 2007 6,216 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Thu 24 Jan 2008 0 A..H. ---
"C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BITC.tmp"
[b]Finished![/b]
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
17 mars 2008 à 12:35
17 mars 2008 à 12:35
_______________
scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
________________
colle un rapport hijackhtis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
manuel :
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
________________
colle un rapport hijackhtis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
manuel :
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
voilà voilà...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:18:11, on 17/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TRENDnet\TEW-421PC_TEW-423PI\TRENDnet.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Rouss'\Bureau\hunter.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{35A63128-E67F-4A23-8172-DDF933FA905F}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:18:11, on 17/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TRENDnet\TEW-421PC_TEW-423PI\TRENDnet.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Rouss'\Bureau\hunter.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{35A63128-E67F-4A23-8172-DDF933FA905F}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
17 mars 2008 à 17:23
17 mars 2008 à 17:23
ok le virus n'y est pas
__________
mets a jour internet explorer:
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
__________
installe spybot en complement d'avast pour te proteger des espions
https://www.safer-networking.org/products/
encore des problemes?
__________
mets a jour internet explorer:
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
__________
installe spybot en complement d'avast pour te proteger des espions
https://www.safer-networking.org/products/
encore des problemes?
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
>
Sillygirl
17 mars 2008 à 19:02
17 mars 2008 à 19:02
le rapport entier de kaspersky svp pour voir les fichiers inféctés!
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
17 mars 2008 à 18:05
17 mars 2008 à 18:05
ok tu me collera le rapport entier de kaspersky!
pour protéger gratos ton ordi
http://www.commentcamarche.net/telecharger/logiciel 4 securite
mettre un antivirus
AVAST en français ou ANTIVIR (en anglais mais très efficace)
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
AD AWARE + SPYBOT +/- si tea timer non active de spybot: WINDOWS DEFENDER ou SPYWARE TERMINATOR
+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...
Rq : spybot et ad-aware on sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
--------
un pare feu :
celui de Windows ou mieux KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm
-----------
CCLEANER pour effacer les traces de surf
---------
naviguer avec firefox ou safari ou opera et non internet explorer plus touché par les virus
http://www.mozilla-europe.org/fr/products/firefox/
pour protéger gratos ton ordi
http://www.commentcamarche.net/telecharger/logiciel 4 securite
mettre un antivirus
AVAST en français ou ANTIVIR (en anglais mais très efficace)
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
AD AWARE + SPYBOT +/- si tea timer non active de spybot: WINDOWS DEFENDER ou SPYWARE TERMINATOR
+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...
Rq : spybot et ad-aware on sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
--------
un pare feu :
celui de Windows ou mieux KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm
-----------
CCLEANER pour effacer les traces de surf
---------
naviguer avec firefox ou safari ou opera et non internet explorer plus touché par les virus
http://www.mozilla-europe.org/fr/products/firefox/
Monday, March 17, 2008 6:44:35 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/03/2008
Kaspersky Anti-Virus database records: 635906
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 88746
Number of viruses found 1
Number of infected objects 3
Number of suspicious objects 0
Duration of the scan process 01:15:10
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Rouss'\Application Data\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped
C:\Documents and Settings\Rouss'\Application Data\Mozilla\Firefox\Profiles\p5ezdfo1.default\cert8.db Object is locked skipped
C:\Documents and Settings\Rouss'\Application Data\Mozilla\Firefox\Profiles\p5ezdfo1.default\history.dat Object is locked skipped
C:\Documents and Settings\Rouss'\Application Data\Mozilla\Firefox\Profiles\p5ezdfo1.default\key3.db Object is locked skipped
C:\Documents and Settings\Rouss'\Application Data\Mozilla\Firefox\Profiles\p5ezdfo1.default\parent.lock Object is locked skipped
C:\Documents and Settings\Rouss'\Application Data\Mozilla\Firefox\Profiles\p5ezdfo1.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Rouss'\Application Data\Mozilla\Firefox\Profiles\p5ezdfo1.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Rouss'\Application Data\Skype\joubert.sophie\call256.dbb Object is locked skipped
C:\Documents and Settings\Rouss'\Application Data\Skype\joubert.sophie\callmember256.dbb Object is locked skipped
C:\Documents and Settings\Rouss'\Application Data\Skype\joubert.sophie\chat512.dbb Object is locked skipped
C:\Documents and Settings\Rouss'\Application Data\Skype\joubert.sophie\chatmember256.dbb Object is locked skipped
C:\Documents and Settings\Rouss'\Application Data\Skype\joubert.sophie\chatmsg2048.dbb Object is locked skipped
C:\Documents and Settings\Rouss'\Application Data\Skype\joubert.sophie\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\Rouss'\Application Data\Skype\joubert.sophie\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\Rouss'\Application Data\Skype\joubert.sophie\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\Rouss'\Application Data\Skype\joubert.sophie\dyncontent\bundle.dat Object is locked skipped
C:\Documents and Settings\Rouss'\Application Data\Skype\joubert.sophie\index2.dat Object is locked skipped
C:\Documents and Settings\Rouss'\Application Data\Skype\joubert.sophie\profile4096.dbb Object is locked skipped
C:\Documents and Settings\Rouss'\Application Data\Skype\joubert.sophie\user1024.dbb Object is locked skipped
C:\Documents and Settings\Rouss'\Application Data\Skype\joubert.sophie\user16384.dbb Object is locked skipped
C:\Documents and Settings\Rouss'\Bureau\Upload_Me.zip/DOCUME~1/Rouss'/Bureau/Upload_Me/catchme.zip/rnlzrf.exe Infected: Trojan.Win32.DNSChanger.bck skipped
C:\Documents and Settings\Rouss'\Bureau\Upload_Me.zip/DOCUME~1/Rouss'/Bureau/Upload_Me/catchme.zip Infected: Trojan.Win32.DNSChanger.bck skipped
C:\Documents and Settings\Rouss'\Bureau\Upload_Me.zip ZIP: infected - 2 skipped
C:\Documents and Settings\Rouss'\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\dbdam Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\dbdao Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\dbeam Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\dbeao Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\dbm Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\fii.cf1 Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\fiih.ht1 Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\hp Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\rpm.cf1 Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\rpm1m.cf1 Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\rpm1mh.ht1 Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Microsoft\Messenger\castalibellule@hotmail.fr\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Microsoft\Messenger\castalibellule@hotmail.fr\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Microsoft\Messenger\castalibellule@hotmail.fr\SharingMetadata\Working\database_B04C_33EE_4C33_ADCA\dfsr.db Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Microsoft\Messenger\castalibellule@hotmail.fr\SharingMetadata\Working\database_B04C_33EE_4C33_ADCA\fsr.log Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Microsoft\Messenger\castalibellule@hotmail.fr\SharingMetadata\Working\database_B04C_33EE_4C33_ADCA\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Microsoft\Messenger\castalibellule@hotmail.fr\SharingMetadata\Working\database_B04C_33EE_4C33_ADCA\tmp.edb Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Microsoft\Windows Live Contacts\castalibellule@hotmail.fr\real\members.stg Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Microsoft\Windows Live Contacts\castalibellule@hotmail.fr\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Historique\History.IE5\MSHist012008031720080318\index.dat Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Temp\~DF34DB.tmp Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Temp\~DF6DC7.tmp Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Temp\~DFBF1C.tmp Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Temp\~DFBFEE.tmp Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Temp\~DFE400.tmp Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Temp\~DFE41E.tmp Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Rouss'\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Rouss'\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP287\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_574.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/03/2008
Kaspersky Anti-Virus database records: 635906
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 88746
Number of viruses found 1
Number of infected objects 3
Number of suspicious objects 0
Duration of the scan process 01:15:10
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Rouss'\Application Data\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped
C:\Documents and Settings\Rouss'\Application Data\Mozilla\Firefox\Profiles\p5ezdfo1.default\cert8.db Object is locked skipped
C:\Documents and Settings\Rouss'\Application Data\Mozilla\Firefox\Profiles\p5ezdfo1.default\history.dat Object is locked skipped
C:\Documents and Settings\Rouss'\Application Data\Mozilla\Firefox\Profiles\p5ezdfo1.default\key3.db Object is locked skipped
C:\Documents and Settings\Rouss'\Application Data\Mozilla\Firefox\Profiles\p5ezdfo1.default\parent.lock Object is locked skipped
C:\Documents and Settings\Rouss'\Application Data\Mozilla\Firefox\Profiles\p5ezdfo1.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Rouss'\Application Data\Mozilla\Firefox\Profiles\p5ezdfo1.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Rouss'\Application Data\Skype\joubert.sophie\call256.dbb Object is locked skipped
C:\Documents and Settings\Rouss'\Application Data\Skype\joubert.sophie\callmember256.dbb Object is locked skipped
C:\Documents and Settings\Rouss'\Application Data\Skype\joubert.sophie\chat512.dbb Object is locked skipped
C:\Documents and Settings\Rouss'\Application Data\Skype\joubert.sophie\chatmember256.dbb Object is locked skipped
C:\Documents and Settings\Rouss'\Application Data\Skype\joubert.sophie\chatmsg2048.dbb Object is locked skipped
C:\Documents and Settings\Rouss'\Application Data\Skype\joubert.sophie\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\Rouss'\Application Data\Skype\joubert.sophie\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\Rouss'\Application Data\Skype\joubert.sophie\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\Rouss'\Application Data\Skype\joubert.sophie\dyncontent\bundle.dat Object is locked skipped
C:\Documents and Settings\Rouss'\Application Data\Skype\joubert.sophie\index2.dat Object is locked skipped
C:\Documents and Settings\Rouss'\Application Data\Skype\joubert.sophie\profile4096.dbb Object is locked skipped
C:\Documents and Settings\Rouss'\Application Data\Skype\joubert.sophie\user1024.dbb Object is locked skipped
C:\Documents and Settings\Rouss'\Application Data\Skype\joubert.sophie\user16384.dbb Object is locked skipped
C:\Documents and Settings\Rouss'\Bureau\Upload_Me.zip/DOCUME~1/Rouss'/Bureau/Upload_Me/catchme.zip/rnlzrf.exe Infected: Trojan.Win32.DNSChanger.bck skipped
C:\Documents and Settings\Rouss'\Bureau\Upload_Me.zip/DOCUME~1/Rouss'/Bureau/Upload_Me/catchme.zip Infected: Trojan.Win32.DNSChanger.bck skipped
C:\Documents and Settings\Rouss'\Bureau\Upload_Me.zip ZIP: infected - 2 skipped
C:\Documents and Settings\Rouss'\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\dbdam Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\dbdao Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\dbeam Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\dbeao Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\dbm Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\fii.cf1 Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\fiih.ht1 Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\hp Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\rpm.cf1 Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\rpm1m.cf1 Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\rpm1mh.ht1 Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Google\Google Desktop\e438e3c93bdc\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Microsoft\Messenger\castalibellule@hotmail.fr\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Microsoft\Messenger\castalibellule@hotmail.fr\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Microsoft\Messenger\castalibellule@hotmail.fr\SharingMetadata\Working\database_B04C_33EE_4C33_ADCA\dfsr.db Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Microsoft\Messenger\castalibellule@hotmail.fr\SharingMetadata\Working\database_B04C_33EE_4C33_ADCA\fsr.log Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Microsoft\Messenger\castalibellule@hotmail.fr\SharingMetadata\Working\database_B04C_33EE_4C33_ADCA\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Microsoft\Messenger\castalibellule@hotmail.fr\SharingMetadata\Working\database_B04C_33EE_4C33_ADCA\tmp.edb Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Microsoft\Windows Live Contacts\castalibellule@hotmail.fr\real\members.stg Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Application Data\Microsoft\Windows Live Contacts\castalibellule@hotmail.fr\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Historique\History.IE5\MSHist012008031720080318\index.dat Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Temp\~DF34DB.tmp Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Temp\~DF6DC7.tmp Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Temp\~DFBF1C.tmp Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Temp\~DFBFEE.tmp Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Temp\~DFE400.tmp Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Temp\~DFE41E.tmp Object is locked skipped
C:\Documents and Settings\Rouss'\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Rouss'\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Rouss'\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP287\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_574.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
17 mars 2008 à 19:23
17 mars 2008 à 19:23
utilise pour supprimer tes traces
CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
-----------------------
télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\Documents and Settings\Rouss'\Bureau\Upload_Me.zip/DOCUME~1/Rouss'/Bureau/Upload_Me/catchme.zip/rnlzrf.exe
C:\Documents and Settings\Rouss'\Bureau\Upload_Me.zip/DOCUME~1/Rouss'/Bureau/Upload_Me/catchme.zip
C:\Documents and Settings\Rouss'\Bureau\Upload_Me.zip ZIP
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
______________
vire ce qui est dans moved file en allant dans poste de travail puis c puis otmovit
voila ca devrait etre bon
encore des soucis?
CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
-----------------------
télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\Documents and Settings\Rouss'\Bureau\Upload_Me.zip/DOCUME~1/Rouss'/Bureau/Upload_Me/catchme.zip/rnlzrf.exe
C:\Documents and Settings\Rouss'\Bureau\Upload_Me.zip/DOCUME~1/Rouss'/Bureau/Upload_Me/catchme.zip
C:\Documents and Settings\Rouss'\Bureau\Upload_Me.zip ZIP
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
______________
vire ce qui est dans moved file en allant dans poste de travail puis c puis otmovit
voila ca devrait etre bon
encore des soucis?
File/Folder C:\Documents and Settings\Rouss'\Bureau\Upload_Me.zip/DOCUME~1/Rouss'/Bureau/Upload_Me/catchme.zip/rnlzrf.exe not found.
File/Folder C:\Documents and Settings\Rouss'\Bureau\Upload_Me.zip/DOCUME~1/Rouss'/Bureau/Upload_Me/catchme.zip not found.
File/Folder C:\Documents and Settings\Rouss'\Bureau\Upload_Me.zip ZIP not found.
OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03172008_195955
File/Folder C:\Documents and Settings\Rouss'\Bureau\Upload_Me.zip/DOCUME~1/Rouss'/Bureau/Upload_Me/catchme.zip not found.
File/Folder C:\Documents and Settings\Rouss'\Bureau\Upload_Me.zip ZIP not found.
OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03172008_195955
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
17 mars 2008 à 20:11
17 mars 2008 à 20:11
ok c'est bon!
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
18 mars 2008 à 09:58
18 mars 2008 à 09:58
bonne suite!
Les scans disent que c'est bon donc on va dire que c'est bon. Merci encore pour ton\votre aide et espérant n'avoir plus jamais à la réclamer.
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
19 mars 2008 à 11:52
19 mars 2008 à 11:52
ok !
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
28 mars 2008 à 08:21
28 mars 2008 à 08:21
slt cré ton propre post! et on t'aidera
16 mars 2008 à 23:07
C:\Documents and Settings\Rouss'\Bureau\MSNFix
Fix exécuté le 16/03/2008 - 23:01:39,82 By Rouss'
mode sans échec
************************ Recherche les fichiers présents
Aucun Fichier trouvé
************************ Recherche les dossiers présents
... \TEMP\
... C:\Temp\
************************ Suppression des fichiers
.. OK ... C:\DOCUME~1\Rouss'\LOCALS~1\Temp\winlogon.exe
.. OK ... C:\DOCUME~1\Rouss'\LOCALS~1\Temp\services.exe
************************ Suppression des dossiers
/!\ ... \TEMP\
/!\ ... C:\Temp\
************************ Nettoyage du registre
************************ Fichiers suspects
Aucun Fichier trouvé
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 16032008_23025707.zip
************************ HKLM\...\Winlogon\Userinit
Userinit = C:\WINDOWS\system32\userinit.exe,
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------