Sujet Précédent Sujet Suivant

Pb trojan

Résolu
rototo943 Messages postés 22 Statut Membre -  
 Utilisateur anonyme -
Bonjour,
je suis manifestement infecté par un trojan (ou plusieurs?!) d'après avast, ou bitdefender
les scans et mises en quarantaine n'y font rien
voici mon hijackthis (merci d'avance pour les réponses):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:45:32, on 14/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Filseclab\xfilter\xfilter.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Creative\MEDIAS~1\CTCMS.exe
F:\vundo\VundoFix.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Documents and Settings\Roro la pupute!\Bureau\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [XFILTER] C:\Program Files\Filseclab\xfilter\xfilter.exe
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\ItsLabel\ItsTV.exe"
O4 - HKLM\..\Run: [30a685e4] rundll32.exe "C:\WINDOWS\system32\ibbcbggr.dll",b
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [yizqakxel] c:\documents and settings\roro la pupute!\local settings\application data\yizqakxel.exe yizqakxel
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-f82665215bfa7adf.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.EXE (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
A voir également:

34 réponses

Précédent
  • 1
  • 2
Réponse 21 / 34
rototo943 Messages postés 22 Statut Membre
 
j'ai renommé Hijackthis, tu ne l'a pas précisé, mais je poste le rapport suite à ça (?):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:07:11, on 17/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Azureus\Azureus.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Creative\MediaSource\CTCMS.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {468952AE-8125-4E1E-80B8-9AB475CF0D47} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8E327C20-5EEC-42FE-B19E-64A4158807A9} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: {7bb69972-7f85-997b-33c4-c8cff9c98f0c} - {c0f89c9f-fc8c-4c33-b799-58f727996bb7} - C:\WINDOWS\system32\wnjftbet.dll
O2 - BHO: (no name) - {d085af9c-c11f-443a-9f92-138e566ee648} - C:\WINDOWS\system32\tpsbexuk.dll
O2 - BHO: (no name) - {DD4A65C7-61D7-445F-BCF1-5065F765EAF9} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\ItsLabel\ItsTV.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-f82665215bfa7adf.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.EXE (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 22 / 34
rototo943 Messages postés 22 Statut Membre
 
effectivement, il y a eut une c.... dans le rapport, mais g bien supprimé les infections, voici le bon rapport:

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 755

Type de recherche: Examen complet (C:\|E:\|F:\|)
Eléments examinés: 135512
Temps écoulé: 1 hour(s), 15 minute(s), 24 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 9
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 8

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\pmnnKDtS.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78bf2711-59bd-4286-9212-d102dab3c47a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{78bf2711-59bd-4286-9212-d102dab3c47a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM3395b678 (Trojan.Agent) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\pmnnkdts -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\pmnnkdts -> Delete on reboot.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\gejguend.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dneugjeg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwlsvaxy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yxavslwm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnnKDtS.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\StDKnnmp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\StDKnnmp.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\icotmtvm.dll (Trojan.Agent) -> Delete on reboot.
0
Réponse 23 / 34
rototo943 Messages postés 22 Statut Membre
 
ok, voila le post

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:42, on 17/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: (no name) - {468952AE-8125-4E1E-80B8-9AB475CF0D47} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8E327C20-5EEC-42FE-B19E-64A4158807A9} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: {7bb69972-7f85-997b-33c4-c8cff9c98f0c} - {c0f89c9f-fc8c-4c33-b799-58f727996bb7} - C:\WINDOWS\system32\wnjftbet.dll
O2 - BHO: (no name) - {d085af9c-c11f-443a-9f92-138e566ee648} - C:\WINDOWS\system32\tpsbexuk.dll
O2 - BHO: (no name) - {DD4A65C7-61D7-445F-BCF1-5065F765EAF9} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-f82665215bfa7adf.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.EXE (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 24 / 34
rototo943 Messages postés 22 Statut Membre
 
résultat vundofix:

Beginning removal...

Beginning removal...

VundoFix V7.0.3

Scan started at 19:36:50 14/05/2008

Listing files found while scanning....

No infected files were found.

VundoFix V7.0.3

Scan started at 11:13:06 17/05/2008

Listing files found while scanning....

No infected files were found.

Beginning removal...
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 34
rototo943 Messages postés 22 Statut Membre
 
le moveit...

DllUnregisterServer procedure not found in C:\WINDOWS\system32\wnjftbet.dll
C:\WINDOWS\system32\wnjftbet.dll NOT unregistered.
C:\WINDOWS\system32\wnjftbet.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\tpsbexuk.dll
C:\WINDOWS\system32\tpsbexuk.dll NOT unregistered.
C:\WINDOWS\system32\tpsbexuk.dll moved successfully.
< Emptytemp >
File delete failed. C:\DOCUME~1\ROROLA~1\LOCALS~1\Temp\swt-gdip-win32-3430.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROROLA~1\LOCALS~1\Temp\swt-win32-3430.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROROLA~1\LOCALS~1\Temp\~DFCA83.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROROLA~1\LOCALS~1\Temp\~DFCE4D.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROROLA~1\LOCALS~1\Temp\~DFCEB1.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROROLA~1\LOCALS~1\Temp\~DFDA29.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROROLA~1\LOCALS~1\Temp\~DFDD42.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROROLA~1\LOCALS~1\Temp\~DFF2DE.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROROLA~1\LOCALS~1\Temp\~DFF33B.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROROLA~1\LOCALS~1\Temp\e4j3B.tmp_dir28700\exe4jlib.jar scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ROROLA~1\LOCALS~1\Temp\hsperfdata_Roro la pupute!\3976 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_748.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT0221a.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT056bd.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\unp50058713.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05172008_114314

Files moved on Reboot...
DllUnregisterServer procedure not found in C:\DOCUME~1\ROROLA~1\LOCALS~1\Temp\swt-gdip-win32-3430.dll
C:\DOCUME~1\ROROLA~1\LOCALS~1\Temp\swt-gdip-win32-3430.dll NOT unregistered.
C:\DOCUME~1\ROROLA~1\LOCALS~1\Temp\swt-gdip-win32-3430.dll moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\ROROLA~1\LOCALS~1\Temp\swt-win32-3430.dll
C:\DOCUME~1\ROROLA~1\LOCALS~1\Temp\swt-win32-3430.dll NOT unregistered.
C:\DOCUME~1\ROROLA~1\LOCALS~1\Temp\swt-win32-3430.dll moved successfully.
File C:\DOCUME~1\ROROLA~1\LOCALS~1\Temp\~DFCA83.tmp not found!
File C:\DOCUME~1\ROROLA~1\LOCALS~1\Temp\~DFCE4D.tmp not found!
File C:\DOCUME~1\ROROLA~1\LOCALS~1\Temp\~DFCEB1.tmp not found!
File C:\DOCUME~1\ROROLA~1\LOCALS~1\Temp\~DFDA29.tmp not found!
File C:\DOCUME~1\ROROLA~1\LOCALS~1\Temp\~DFDD42.tmp not found!
File C:\DOCUME~1\ROROLA~1\LOCALS~1\Temp\~DFF2DE.tmp not found!
File C:\DOCUME~1\ROROLA~1\LOCALS~1\Temp\~DFF33B.tmp not found!
C:\DOCUME~1\ROROLA~1\LOCALS~1\Temp\e4j3B.tmp_dir28700\exe4jlib.jar moved successfully.
File C:\DOCUME~1\ROROLA~1\LOCALS~1\Temp\hsperfdata_Roro la pupute!\3976 not found!
File C:\WINDOWS\temp\Perflib_Perfdata_748.dat not found!
File C:\WINDOWS\temp\ZLT0221a.TMP not found!
File C:\WINDOWS\temp\ZLT056bd.TMP not found!
File C:\WINDOWS\temp\_avast4_\unp50058713.tmp not found!
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
0
Réponse 26 / 34
rototo943 Messages postés 22 Statut Membre
 
...et le hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:40, on 17/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: (no name) - {468952AE-8125-4E1E-80B8-9AB475CF0D47} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8E327C20-5EEC-42FE-B19E-64A4158807A9} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: {7bb69972-7f85-997b-33c4-c8cff9c98f0c} - {c0f89c9f-fc8c-4c33-b799-58f727996bb7} - C:\WINDOWS\system32\wnjftbet.dll (file missing)
O2 - BHO: (no name) - {d085af9c-c11f-443a-9f92-138e566ee648} - C:\WINDOWS\system32\tpsbexuk.dll (file missing)
O2 - BHO: (no name) - {DD4A65C7-61D7-445F-BCF1-5065F765EAF9} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-f82665215bfa7adf.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.EXE (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 27 / 34
rototo943 Messages postés 22 Statut Membre
 
rapport cleanup:

CleanUp! started on 05/17/08 13:26:36.
...
C:\Documents and Settings\Roro la pupute!\Local Settings\Temporary Internet Files\Content.IE5\85FECN7F\Tabicon[1].png - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Temporary Internet Files\Content.IE5\85FECN7F\zzzz[1].css - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Temporary Internet Files\Content.IE5\8ZLLNBU0\11[1].gif - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Temporary Internet Files\Content.IE5\8ZLLNBU0\20F540E7D23D56A562C9CE6A464B[1].jpg - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Temporary Internet Files\Content.IE5\8ZLLNBU0\32[1].gif - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Temporary Internet Files\Content.IE5\8ZLLNBU0\6A13997D99A43235C7ECD1F16B5E3E[1].png - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Temporary Internet Files\Content.IE5\8ZLLNBU0\ADSAdClient31[2].htm - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Temporary Internet Files\Content.IE5\8ZLLNBU0\D257D215AADA5CDFCD984F3A2531A[1].png - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Temporary Internet Files\Content.IE5\8ZLLNBU0\D444C1C0EA623455B157ED637874CA[1].jpg - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Temporary Internet Files\Content.IE5\8ZLLNBU0\frfr[1].js - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Temporary Internet Files\Content.IE5\8ZLLNBU0\heart_msnfr[1].png - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Temporary Internet Files\Content.IE5\8ZLLNBU0\ie[1].css - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Temporary Internet Files\Content.IE5\8ZLLNBU0\ilm_news_mdr_awards[1].png - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Temporary Internet Files\Content.IE5\8ZLLNBU0\ix[1].e - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Temporary Internet Files\Content.IE5\8ZLLNBU0\newpicto_tab_buddyGirl[1].png - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Temporary Internet Files\Content.IE5\8ZLLNBU0\pictonike[1].png - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Temporary Internet Files\Content.IE5\8ZLLNBU0\PictoTabIndy[1].png - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Temporary Internet Files\Content.IE5\8ZLLNBU0\picto_kdo[1].png - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Temporary Internet Files\Content.IE5\8ZLLNBU0\srchbutton[1].gif - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Temporary Internet Files\Content.IE5\S2MLUE1F\10C8DEB9C5F872C27AADBF43581385[1].png - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Temporary Internet Files\Content.IE5\S2MLUE1F\15F9D3439C531C2443464DA258E2C7[1].jpg - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Temporary Internet Files\Content.IE5\S2MLUE1F\5B23F32978DFFEAFBC5A3165DC8F[1].gif - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Temporary Internet Files\Content.IE5\S2MLUE1F\ADSAdClient31[1].htm - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Temporary Internet Files\Content.IE5\S2MLUE1F\bullet-media[1].gif - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Temporary Internet Files\Content.IE5\S2MLUE1F\CH_sport_2000[1].png - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Temporary Internet Files\Content.IE5\S2MLUE1F\DEB6DFEBECABB78484C8E03A4F5418[1].jpg - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Temporary Internet Files\Content.IE5\S2MLUE1F\delivermedia[2].asx - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Temporary Internet Files\Content.IE5\S2MLUE1F\ebay[1].png - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Temporary Internet Files\Content.IE5\S2MLUE1F\home[1].htm - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Temporary Internet Files\Content.IE5\S2MLUE1F\Image40[1].jpg - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Temporary Internet Files\Content.IE5\S2MLUE1F\loading[1].gif - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Temporary Internet Files\Content.IE5\S2MLUE1F\MsgrConfig[1].xml - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Temporary Internet Files\Content.IE5\S2MLUE1F\onglet-finances[1].png - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Temporary Internet Files\Content.IE5\S2MLUE1F\picto_18x18[1].png - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Temporary Internet Files\Content.IE5\S2MLUE1F\picto_shopping_20071112[1].png - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Temporary Internet Files\Content.IE5\S2MLUE1F\seulstwo_onglet_msn[1].png - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Temporary Internet Files\Content.IE5\S2MLUE1F\s_code[1].js - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Temporary Internet Files\Content.IE5\S2MLUE1F\views[1] - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Temporary Internet Files\Content.IE5\V2TYYL5K\DC69F6683AFE7835B8C2CE7CAFD727[1].jpg - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Temporary Internet Files\Content.IE5\V2TYYL5K\ - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Temporary Internet Files\Content.MSO\ - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Temporary Internet Files\Content.Word\ - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
http://estb.msn.com/i/39/4B5A8E6B8E867597A88582169247C7.jpg - deleted
http://estc.msn.com/br/tdy/css/12/decoration/loading.gif - deleted
http://st.msn.com/as/wea3/i/fr/saw/11.gif - deleted
https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2ffrmarkettabs.msn.fr%2f_pictos%2fshopping%2fpicto_shopping_20071112.png%3f - deleted
https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2ffrmarkettabs.msn.fr%2f_pictos%2fspaces%2fnewpicto_tab_buddyGirl.png%3f - deleted
https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2ffrmarkettabs.msn.fr%2f_pictos%2fautomobile%2fonglet-auto.png%3f - deleted
http://estb.msn.com/i/6D/CE4176A4E0B86C2227D5F2B31261.gif - deleted
https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f - deleted
http://estb.msn.com/i/33/6A13997D99A43235C7ECD1F16B5E3E.png - deleted
http://media.abonnez-vous.orange.fr/MSN/Image40.jpg - deleted
http://estb.msn.com/i/74/443A976443912B6F461FAE7D192783.png - deleted
http://estc.msn.com/br/tdy/css/12/zzzz.css - deleted
http://estb.msn.com/i/98/DEB6DFEBECABB78484C8E03A4F5418.jpg - deleted
http://estb.msn.com/i/44/5B23F32978DFFEAFBC5A3165DC8F.gif - deleted
https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2ffrmarkettabs.msn.fr%2f_pictos%2fcellfish%2fpicto_kdo.png%3f - deleted
http://estb.msn.com/i/8C/AB112598383CEB3C82B2C731D4FAE.png - deleted
http://estc.msn.com/br/gbl/css/5/ie.css - deleted
https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2ffrmarkettabs.msn.fr%2f_pictos%2fNRJ%2fNRJTTB_fd_trans.png%3f - deleted
http://st.msn.com/as/wea3/i/fr/saw/30.gif - deleted
http://estb.msn.com/i/73/D257D215AADA5CDFCD984F3A2531A.png - deleted
https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2ffrmarkettabs.msn.fr%2f_pictos%2fprobtp%2fpepette2.png%3f - deleted
http://estc.msn.com/br/gbl/css/5/gtl_sitegeneric.css - deleted
https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2ffrmarkettabs.msn.fr%2f_pictos%2fdivertissements%2fseulstwo%2fseulstwo_onglet_msn.png%3f - deleted
https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2ffrmarkettabs.msn.fr%2f_pictos%2fMessengerMobile%2fpicto3.png%3f - deleted
http://estb.msn.com/i/37/61B8941A35B49C2FCEB680DA1E5A22.jpg - deleted
http://estb.msn.com/i/88/22034EDE8AAE79F619080B4C9D79B.jpg - deleted
https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2ffrmarkettabs.msn.fr%2f_pictos%2ffinances%2fonglet-finances.png%3f - deleted
https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2ffrmarkettabs.msn.fr%2f_pictos%2fmessengertv%2fpicto_18x18.png%3f - deleted
https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2ffrmarkettabs.msn.fr%2f_pictos%2fdivertissements%2findianajones%2fPictoTabIndy.png%3f - deleted
https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2ffrmarkettabs.msn.fr%2f_pictos%2fWLFavorites%2fTabicon.png%3f - deleted
http://st.msn.com/as/wea3/i/fr/sab/11.gif - deleted
http://estc.msn.com/br/tdy/css/12/decoration/button_bg.png - deleted
https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2ffrmarkettabs.msn.fr%2f_pictos%2film%2film_news_mdr_awards.png%3f - deleted
http://estc.msn.com/br/tdy/css/12/decoration/srchbutton.gif - deleted
http://estb.msn.com/i/8F/795EA68F57B2DF117E175DAA333B2.jpg - deleted
http://estb.msn.com/i/8C/D444C1C0EA623455B157ED637874CA.jpg - deleted
http://media.abonnez-vous.orange.fr/MSN/Image2.jpg - deleted
http://estc.msn.com/br/gbl/css/5/decoration/pipe.gif - deleted
http://estc.msn.com/br/tdy/css/12/decoration/Home.png - deleted
http://estc.msn.com/br/gbl/css/5/decoration/bullet.gif - deleted
http://st.msn.com/as/wea3/i/fr/saw/32.gif - deleted
http://estc.msn.com/br/gbl/css/5/decoration/bullet-media.gif - deleted
http://estb.msn.com/i/CD/10C8DEB9C5F872C27AADBF43581385.png - deleted
http://pics.ebaystatic.com/aw/pics/ca/msn/ebay.png - deleted
http://estc.msn.com/br/tdy/css/12/decoration/header_bg.png - deleted
http://estb.msn.com/i/4F/8B835534F0CE944C847AE827742746.jpg - deleted
http://estb.msn.com/i/22/15F9D3439C531C2443464DA258E2C7.jpg - deleted
res://C:\WINDOWS\System32\mmcndmgr.dll/views.htm - deleted
http://media.abonnez-vous.orange.fr/MSN/Image3.jpg - deleted
http://estb.msn.com/i/A6/C93D1A9B65E949BBB26793815DC4.jpg - deleted
http://cp.intl.match.com/msn/icons/heart_msnfr.png - deleted
http://estj.msn.com/br/om/js/1/s_code.js - deleted
http://estj.msn.com/br/tdy/js/11/frfr.js - deleted
http://estb.msn.com/i/FD/20F540E7D23D56A562C9CE6A464B.jpg - deleted
https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2ffrmarkettabs.msn.fr%2f_pictos%2fnike%2fpictonike.png%3f - deleted
https://www.msn.com/en-gb - deleted
https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2ffrmarkettabs.msn.fr%2f_pictos%2fxbox%2fpictoxbox.png%3f - deleted
http://config.messenger.msn.com/Config/MsgrConfig.asmx?op=GetClientConfig&Country=FR&CLCID=040c&PLCID=040c&GeoID=84&ver=8.5.1302 - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Historique\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Roro la pupute!\Local Settings\Historique\History.IE5\MSHist012008051320080514\ - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Historique\History.IE5\MSHist012008051420080515\index.dat - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Historique\History.IE5\MSHist012008051420080515\ - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Historique\History.IE5\MSHist012008051520080516\index.dat - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Historique\History.IE5\MSHist012008051520080516\ - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Historique\History.IE5\MSHist012008051620080517\index.dat - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Historique\History.IE5\MSHist012008051620080517\ - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Historique\History.IE5\MSHist012008051720080518\index.dat - deleted
C:\Documents and Settings\Roro la pupute!\Local Settings\Historique\History.IE5\MSHist012008051720080518\ - deleted
'Typed URLs' (Internet Explorer) - removed from the registry.
Visited: Roro la pupute!@http://db2.t.msn.com/fr-fr/home.aspx?ver=8.5.1302&did=1&t=96jLEs4hbHB4gO2dl0YjVKwxBOqbsX6SCXxYyoILZaetnE4vGeFK505QTCD2!DV51PMs8Bg1mNr*6YcXGlYE5i68gptF1rvB!K2EyUuSXUVYt!l1OlX3NynX7dI3g3CDPd7YOickIZa!Q$&p=90L8dgwsrEZ1FTf4KotXXwZ*8n8SzzKsJzmDonRjskap!QRDp3NtICDT1F*PQrfQxqs4pw8!bkCfipsuoqMckLApN0mnyUEQvdAzH4f3i1h*bVnDg*VylampdVVd3y5ZoivbxNWAO9Xj2pQAQn31AFtBq!eQFXzN1p08W0A33!ZWuy4Y9!MzVuNs0!h3R1XIXgtB!7X3tZzaoX1V2SbRVXrw$$ - deleted
Visited: Roro la pupute!@res://c:\windows\system32\mmcndmgr.dll/views.htm - deleted
Visited: Roro la pupute!@--mmc:pagebreak.1 - deleted
Visited: Roro la pupute!@http://db2.t.msn.com/fr-fr/home.aspx?ver=8.5.1302&did=1 - deleted
C:\Documents and Settings\Roro la pupute!\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Roro la pupute!\Cookies\roro_la_pupute!@82.98.235[1].txt - deleted
C:\Documents and Settings\Roro la pupute!\Cookies\roro_la_pupute!@85.12.43[1].txt - deleted
C:\Documents and Settings\Roro la pupute!\Cookies\roro_la_pupute!@89.188.16[2].txt - deleted
C:\Documents and Settings\Roro la pupute!\Cookies\roro_la_pupute!@bucksbill[1].txt - deleted
C:\Documents and Settings\Roro la pupute!\Cookies\roro_la_pupute!@c.msn[1].txt - deleted
C:\Documents and Settings\Roro la pupute!\Cookies\roro_la_pupute!@c.msn[2].txt - deleted
C:\Documents and Settings\Roro la pupute!\Cookies\roro_la_pupute!@cybermonitor[1].txt - deleted
C:\Documents and Settings\Roro la pupute!\Cookies\roro_la_pupute!@google[1].txt - deleted
C:\Documents and Settings\Roro la pupute!\Cookies\roro_la_pupute!@google[2].txt - deleted
C:\Documents and Settings\Roro la pupute!\Cookies\roro_la_pupute!@hotmail.msn[1].txt - deleted
C:\Documents and Settings\Roro la pupute!\Cookies\roro_la_pupute!@live[1].txt - deleted
C:\Documents and Settings\Roro la pupute!\Cookies\roro_la_pupute!@live[2].txt - deleted
C:\Documents and Settings\Roro la pupute!\Cookies\roro_la_pupute!@login.live[2].txt - deleted
C:\Documents and Settings\Roro la pupute!\Cookies\roro_la_pupute!@messenger.msn[1].txt - deleted
C:\Documents and Settings\Roro la pupute!\Cookies\roro_la_pupute!@messenger.msn[2].txt - deleted
C:\Documents and Settings\Roro la pupute!\Cookies\roro_la_pupute!@msn[1].txt - deleted
C:\Documents and Settings\Roro la pupute!\Cookies\roro_la_pupute!@msn[2].txt - deleted
C:\Documents and Settings\Roro la pupute!\Cookies\roro_la_pupute!@rad.msn[2].txt - deleted
C:\Documents and Settings\Roro la pupute!\Cookies\roro_la_pupute!@rad.msn[3].txt - deleted
C:\Documents and Settings\Roro la pupute!\Cookies\roro_la_pupute!@scache2.eorezo[1].txt - deleted
C:\Documents and Settings\Roro la pupute!\Cookies\roro_la_pupute!@statsgod[1].txt - deleted
C:\Documents and Settings\Roro la pupute!\Cookies\roro_la_pupute!@t.msn[1].txt - deleted
C:\Documents and Settings\Roro la pupute!\Cookies\roro_la_pupute!@t.msn[3].txt - deleted
C:\Documents and Settings\Roro la pupute!\Cookies\roro_la_pupute!@windowsmarketplace[2].txt - deleted
C:\Documents and Settings\Roro la pupute!\Cookies\roro_la_pupute!@yahoo[2].txt - deleted
C:\Documents and Settings\Roro la pupute!\Cookies\roro_la_pupute!@zune[2].txt - deleted
Cookie:roro la pupute!@messenger.msn.com/ - deleted
Cookie:roro la pupute!@msn.com/ - deleted
Cookie:roro la pupute!@rad.msn.com/ - deleted
Cookie:roro la pupute!@c.msn.com/ - deleted
Cookie:roro la pupute!@t.msn.com/ - deleted
Cookie:roro la pupute!@live.com/ - deleted
C:\Documents and Settings\Roro la pupute!\Application Data\Mozilla\Firefox\Profiles\01444sfo.default\history.dat - deleted
C:\Documents and Settings\Roro la pupute!\Application Data\Mozilla\Firefox\Profiles\01444sfo.default\cookies.txt.old - deleted
C:\Documents and Settings\Roro la pupute!\Recent\02 Chet Baker.wma.lnk - deleted
C:\Documents and Settings\Roro la pupute!\Recent\03 Make It Rain.mp3.lnk - deleted
C:\Documents and Settings\Roro la pupute!\Recent\04 Modern World.mp3.lnk - deleted
C:\Documents and Settings\Roro la pupute!\Recent\05 I Don't Wanna Hurt No More.mp3.lnk - deleted
C:\Documents and Settings\Roro la pupute!\Recent\05 Piste 5.wma.lnk - deleted
C:\Documents and Settings\Roro la pupute!\Recent\06 Good God.mp3.lnk - deleted
C:\Documents and Settings\Roro la pupute!\Recent\06 Piste 6.wma.lnk - deleted
C:\Documents and Settings\Roro la pupute!\Recent\07 Piste 7.wma.lnk - deleted
C:\Documents and Settings\Roro la pupute!\Recent\07 The Difference.mp3.lnk - deleted
C:\Documents and Settings\Roro la pupute!\Recent\08 Piste 8.wma.lnk - deleted
C:\Documents and Settings\Roro la pupute!\Recent\08 Whatever You Say.mp3.lnk - deleted
C:\Documents and Settings\Roro la pupute!\Recent\09 Ball and Chain.mp3.lnk - deleted
C:\Documents and Settings\Roro la pupute!\Recent\09 Piste 9.wma.lnk - deleted
C:\Documents and Settings\Roro la pupute!\Recent\10 Daze.mp3.lnk - deleted
C:\Documents and Settings\Roro la pupute!\Recent\10 La Melodie.wma.lnk - deleted
C:\Documents and Settings\Roro la pupute!\Recent\10 Piste 10.wma.lnk - deleted
C:\Documents and Settings\Roro la pupute!\Recent\11 If You Were Mine.mp3.lnk - deleted
C:\Documents and Settings\Roro la pupute!\Recent\11 Piste 11.wma.lnk - deleted
C:\Documents and Settings\Roro la pupute!\Recent\12 Good God (The Anonymous Remix).mp3.lnk - deleted
C:\Documents and Settings\Roro la pupute!\Recent\12 Piste 12.wma.lnk - deleted
C:\Documents and Settings\Roro la pupute!\Recent\343.htm.lnk - deleted
C:\Documents and Settings\Roro la pupute!\Recent\Amy_Winehouse-Back_To_Black_(Deluxe_Edition)-2CD-2007-UKP.lnk - deleted
C:\Documents and Settings\Roro la pupute!\Recent\Anouk - Together Alone(1997).lnk - deleted
C:\Documents and Settings\Roro la pupute!\Recent\anouk unpluged.lnk - deleted
C:\Documents and Settings\Roro la pupute!\Recent\anouk.lnk - deleted
C:\Documents and Settings\Roro la pupute!\Recent\AYO JOYFUL.lnk - deleted
C:\Documents and Settings\Roro la pupute!\Recent\Azureus Downloads.lnk - deleted
C:\Documents and Settings\Roro la pupute!\Recent\catchme.lnk - deleted
C:\Documents and Settings\Roro la pupute!\Recent\Disque local (C).lnk - deleted
C:\Documents and Settings\Roro la pupute!\Recent\Divinidylle.lnk - deleted
C:\Documents and Settings\Roro la pupute!\Recent\mbam-log-5-16-2008 (22-08-27).txt.lnk - deleted
C:\Documents and Settings\Roro la pupute!\Recent\putain.docx.lnk - deleted
C:\Documents and Settings\Roro la pupute!\Recent\rapports.lnk - deleted
C:\Documents and Settings\Roro la pupute!\Recent\rapport_navilog1.lnk - deleted
C:\Documents and Settings\Roro la pupute!\Recent\rapport_OTMoveit.log.lnk - deleted
C:\Documents and Settings\Roro la pupute!\Recent\report_navilog1.txt (2).lnk - deleted
C:\Documents and Settings\Roro la pupute!\Recent\report_navilog1.txt.lnk - deleted
C:\Documents and Settings\Roro la pupute!\Recent\report_SDfix.txt.lnk - deleted
C:\Documents and Settings\Roro la pupute!\Recent\The Do - A Mouthful (2008).lnk - deleted
C:\Documents and Settings\Roro la pupute!\Recent\Topless_Girls_Parade-_Girls_On_Bulls_-_Desert_[INDV00005907].mkv.lnk - deleted
C:\Documents and Settings\Roro la pupute!\Recent\VBG.TXT.lnk - deleted
C:\Documents and Settings\Roro la pupute!\Recent\vundofix.txt.lnk - deleted
C:\DOCUME~1\ROROLA~1\LOCALS~1\Temp\051508225201\ - deleted
C:\DOCUME~1\ROROLA~1\LOCALS~1\Temp\e4j3B.tmp_dir28700\ - deleted
C:\DOCUME~1\ROROLA~1\LOCALS~1\Temp\Google Toolbar\ - deleted
C:\DOCUME~1\ROROLA~1\LOCALS~1\Temp\hsperfdata_Roro la pupute!\ - deleted
C:\DOCUME~1\ROROLA~1\LOCALS~1\Temp\MessengerCache\icVlmq1H7gYzhFf+UAbxqy4BuWI= - deleted
C:\DOCUME~1\ROROLA~1\LOCALS~1\Temp\MessengerCache\ - deleted
C:\DOCUME~1\ROROLA~1\LOCALS~1\Temp\WPDNSE\ - deleted
C:\DOCUME~1\ROROLA~1\LOCALS~1\Temp\_avast4_\ - deleted
C:\DOCUME~1\ROROLA~1\LOCALS~1\Temp\~nsu.tmp\ - deleted
C:\WINDOWS\nspC9.tmp - deleted
C:\WINDOWS\temp\Perflib_Perfdata_780.dat currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\ZLT009cd.TMP currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\ZLT027e9.TMP currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\Cookies\ - deleted
C:\WINDOWS\temp\Fichiers Internet temporaires\Content.IE5\6YGNZTAD\ - deleted
C:\WINDOWS\temp\Fichiers Internet temporaires\Content.IE5\93V8UB6Y\ - deleted
C:\WINDOWS\temp\Fichiers Internet temporaires\Content.IE5\RGAG0WLN\ - deleted
C:\WINDOWS\temp\Fichiers Internet temporaires\Content.IE5\WLT9MZVS\ - deleted
C:\WINDOWS\temp\Fichiers Internet temporaires\Content.IE5\ - deleted
C:\WINDOWS\temp\Fichiers Internet temporaires\ - deleted
C:\WINDOWS\temp\History\History.IE5\ - deleted
C:\WINDOWS\temp\History\ - deleted
C:\WINDOWS\temp\tmp00004702\ - deleted
C:\WINDOWS\temp\tmp00004a6d\ - deleted
C:\WINDOWS\temp\tmp000072d9\ - deleted
C:\WINDOWS\temp\tmp00007a7a\ - deleted
C:\WINDOWS\temp\_avast4_\Webshlock.txt currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Roro la pupute!\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Roro la pupute!\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Roro la pupute!\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Roro la pupute!\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\NetworkService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\NetworkService\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\NetworkService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat - deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\ - deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat - deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\Historique\History.IE5\index.dat - deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat - deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Default User\Cookies\index.dat - deleted
C:\Documents and Settings\Default User\locals~1\tempor~1\Content.IE5\index.dat - deleted
C:\Documents and Settings\Default User\locals~1\tempor~1\Content.IE5\ - deleted
C:\WINDOWS\Prefetch\ADOBEUPDATEMANAGER.EXE-32021652.pf - deleted
C:\WINDOWS\Prefetch\ALERTMODULE.EXE-2A9DA7CC.pf - deleted
C:\WINDOWS\Prefetch\ALG.EXE-0F138680.pf - deleted
C:\WINDOWS\Prefetch\ASHDISP.EXE-0B874892.pf - deleted
C:\WINDOWS\Prefetch\ASHMAISV.EXE-12E27032.pf - deleted
C:\WINDOWS\Prefetch\ASHWEBSV.EXE-0548EF0A.pf - deleted
C:\WINDOWS\Prefetch\AU_.EXE-16452760.pf - deleted
C:\WINDOWS\Prefetch\AVAST.SETUP-032170A8.pf - deleted
C:\WINDOWS\Prefetch\AVGAS.EXE-27525987.pf - deleted
C:\WINDOWS\Prefetch\AZUREUS.EXE-008B7A30.pf - deleted
C:\WINDOWS\Prefetch\CLEANUP.EXE-3438663A.pf - deleted
C:\WINDOWS\Prefetch\CLEANUP452.EXE-01643773.pf - deleted
C:\WINDOWS\Prefetch\CLEDX.EXE-01CE559A.pf - deleted
C:\WINDOWS\Prefetch\CTCMS.EXE-147D3CBD.pf - deleted
C:\WINDOWS\Prefetch\CTCMS.EXE-3897A504.pf - deleted
C:\WINDOWS\Prefetch\CTCMSGO.EXE-232EDEF5.pf - deleted
C:\WINDOWS\Prefetch\CTDETECT.EXE-3A528B09.pf - deleted
C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf - deleted
C:\WINDOWS\Prefetch\DIVXSM.EXE-25FDFA2C.pf - deleted
C:\WINDOWS\Prefetch\DRWTSN32.EXE-2B4B52AC.pf - deleted
C:\WINDOWS\Prefetch\FIREFOX.EXE-17EE503B.pf - deleted
C:\WINDOWS\Prefetch\FIREFOX.EXE-28641590.pf - deleted
C:\WINDOWS\Prefetch\GOOGLETOOLBARNOTIFIER.EXE-3629C61D.pf - deleted
C:\WINDOWS\Prefetch\GROOVEMONITOR.EXE-2606717A.pf - deleted
C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-34A0FC79.pf - deleted
C:\WINDOWS\Prefetch\HIJACKTHIS_HIJACKTHIS_2.02_AN-0B6639B6.pf - deleted
C:\WINDOWS\Prefetch\HJT.EXE-00830B0E.pf - deleted
C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf - deleted
C:\WINDOWS\Prefetch\LAUNCHER.EXE-13840303.pf - deleted
C:\WINDOWS\Prefetch\Layout.ini - deleted
C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf - deleted
C:\WINDOWS\Prefetch\MBAM.EXE-0BEE0439.pf - deleted
C:\WINDOWS\Prefetch\MMC.EXE-04EF131A.pf - deleted
C:\WINDOWS\Prefetch\MPLAYERC.EXE-06A9CBF3.pf - deleted
C:\WINDOWS\Prefetch\MRT.EXE-1B4A8D49.pf - deleted
C:\WINDOWS\Prefetch\MRTSTUB.EXE-0CFF2985.pf - deleted
C:\WINDOWS\Prefetch\MSCONFIG.EXE-35E4DAE9.pf - deleted
C:\WINDOWS\Prefetch\MSNMSGR.EXE-030AB647.pf - deleted
C:\WINDOWS\Prefetch\MSNTBUP.EXE-0D913FB9.pf - deleted
C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf - deleted
C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf - deleted
C:\WINDOWS\Prefetch\OTMOVEIT2.EXE-317FB98F.pf - deleted
C:\WINDOWS\Prefetch\QTTASK.EXE-342507FB.pf - deleted
C:\WINDOWS\Prefetch\RCMAN.EXE-25D6A82D.pf - deleted
C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf - deleted
C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf - deleted
C:\WINDOWS\Prefetch\ROCKETDOCK.EXE-2D5722F9.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-13DF4D5C.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-147710F4.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-1BC55A4F.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-2D91DFC7.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-2F7D56B7.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-311943EE.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-3BE970A5.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-40831FDE.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-44F2A2E4.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-4905AB4E.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-49139FA2.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-4BB012E1.pf - deleted
C:\WINDOWS\Prefetch\SEARCHFILTERHOST.EXE-148579FB.pf - deleted
C:\WINDOWS\Prefetch\SEARCHPROTOCOLHOST.EXE-34E0253A.pf - deleted
C:\WINDOWS\Prefetch\SPKSET.EXE-0F68E1CE.pf - deleted
C:\WINDOWS\Prefetch\SSCHK.EXE-03401E44.pf - deleted
C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf - deleted
C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf - deleted
C:\WINDOWS\Prefetch\TRJSCAN.EXE-2857538B.pf - deleted
C:\WINDOWS\Prefetch\UNINSTALL.EXE-37345CBA.pf - deleted
C:\WINDOWS\Prefetch\UPDCLIENT.EXE-215FC96B.pf - deleted
C:\WINDOWS\Prefetch\USNSVC.EXE-2DF2835C.pf - deleted
C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf - deleted
C:\WINDOWS\Prefetch\VUNDOFIX.EXE-3AF04AC5.pf - deleted
C:\WINDOWS\Prefetch\WINAMPA.EXE-0536E33F.pf - deleted
C:\WINDOWS\Prefetch\WINDOWS-KB890830-V1.41-DELTA.-05BA7F44.pf - deleted
C:\WINDOWS\Prefetch\WINRAR.EXE-39C6DAD9.pf - deleted
C:\WINDOWS\Prefetch\WINWORD.EXE-07381162.pf - deleted
C:\WINDOWS\Prefetch\WLLOGINPROXY.EXE-2D4B6027.pf - deleted
C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf - deleted
C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEFA4.pf - deleted
C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf - deleted
C:\WINDOWS\Prefetch\YIZQAKXEL.EXE-14E1DC9D.pf.bd.ren - deleted
C:\WINDOWS\Prefetch\ZLCLIENT.EXE-1C550EB2.pf - deleted
Emptied Recycle Bin on drive C:
'Run MRU' list - removed from the registry.
Explorer Open/Save MRU list - removed from the registry.
Explorer Last Visited MRU list - removed from the registry.
Telnet's MRU list - removed from the registry.
CleanUp! 4.5.2 recovered 11.5 MB of disk space from 465 files.
CleanUp! finished on 05/17/08 13:26:53.
0
Réponse 28 / 34
rototo943 Messages postés 22 Statut Membre
 
rapport clean:

17/05/2008 a 13:37:44,65

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\mcrh.tmp FOUND
C:\WINDOWS\system32\SBFC.dat FOUND
C:\WINDOWS\system32\SBRC.dat FOUND
"C:\WINDOWS\Downloaded Program Files\CONFLICT.1" FOUND

*** Recherche des fichiers dans C:\Program Files
*** Fin du rapport !
0
Réponse 29 / 34
rototo943 Messages postés 22 Statut Membre
 
hijack again!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:42:16, on 17/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-f82665215bfa7adf.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 30 / 34
rototo943 Messages postés 22 Statut Membre
 
autant pour moi pour Planificateur LiveUpdate automatique, c fait (on peut rien te cacher! lol)

Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 17/05/2008 a 14:04:21,63

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:

*** Suppression des fichiers dans C:\WINDOWS\

*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\mcrh.tmp
tentative de suppression de C:\WINDOWS\system32\SBFC.dat
tentative de suppression de C:\WINDOWS\system32\SBRC.dat
tentative de suppression de "C:\WINDOWS\Downloaded Program Files\CONFLICT.1"

*** Suppression des fichiers dans C:\Program Files

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
0
Réponse 31 / 34
rototo943 Messages postés 22 Statut Membre
 
ok, TCleaner:

-->- Recherche:

C:\SDFIX: trouvé !
C:\Vundofix backups: trouvé !
C:\_OtMoveIt: trouvé !
C:\Documents and Settings\All Users\Bureau\Navilog1.lnk: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !
C:\Documents and Settings\Roro la pupute!\Bureau\SdFix.exe: trouvé !
C:\Documents and Settings\Roro la pupute!\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Roro la pupute!\Bureau\Clean.zip: trouvé !
C:\Documents and Settings\Roro la pupute!\Bureau\OtMoveIt2.exe: trouvé !
C:\Documents and Settings\Roro la pupute!\Bureau\Navilog1.exe: trouvé !
C:\Documents and Settings\Roro la pupute!\Bureau\vundoFix.exe: trouvé !
C:\Documents and Settings\Roro la pupute!\Bureau\clean\clean\tar.exe: trouvé !
C:\Documents and Settings\Roro la pupute!\Bureau\clean\clean\remove.reg: trouvé !
C:\Documents and Settings\Roro la pupute!\Bureau\clean\clean\pskill.exe: trouvé !
C:\Documents and Settings\Roro la pupute!\Bureau\clean\clean\LFiles.exe: trouvé !
C:\Documents and Settings\Roro la pupute!\Bureau\clean\clean\gzip.exe: trouvé !
C:\Documents and Settings\Roro la pupute!\Bureau\clean\clean\delsiri.cmd: trouvé !
C:\Documents and Settings\Roro la pupute!\Bureau\clean\clean\delr.cmd: trouvé !
C:\Documents and Settings\Roro la pupute!\Bureau\clean\clean\del3.cmd: trouvé !
C:\Documents and Settings\Roro la pupute!\Bureau\clean\clean\del2.cmd: trouvé !
C:\Documents and Settings\Roro la pupute!\Bureau\clean\clean\clean.cmd: trouvé !
C:\Documents and Settings\Roro la pupute!\Bureau\clean\clean\cherche.cmd: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Bureau\Navilog1.lnk: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé !
C:\Documents and Settings\Roro la pupute!\Bureau\SdFix.exe: supprimé !
C:\Documents and Settings\Roro la pupute!\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\Roro la pupute!\Bureau\Clean.zip: supprimé !
C:\Documents and Settings\Roro la pupute!\Bureau\OtMoveIt2.exe: supprimé !
C:\Documents and Settings\Roro la pupute!\Bureau\Navilog1.exe: supprimé !
C:\Documents and Settings\Roro la pupute!\Bureau\vundoFix.exe: supprimé !
C:\Documents and Settings\Roro la pupute!\Bureau\clean\clean\tar.exe: supprimé !
C:\Documents and Settings\Roro la pupute!\Bureau\clean\clean\remove.reg: supprimé !
C:\Documents and Settings\Roro la pupute!\Bureau\clean\clean\pskill.exe: supprimé !
C:\Documents and Settings\Roro la pupute!\Bureau\clean\clean\LFiles.exe: supprimé !
C:\Documents and Settings\Roro la pupute!\Bureau\clean\clean\gzip.exe: supprimé !
C:\Documents and Settings\Roro la pupute!\Bureau\clean\clean\delsiri.cmd: supprimé !
C:\Documents and Settings\Roro la pupute!\Bureau\clean\clean\delr.cmd: supprimé !
C:\Documents and Settings\Roro la pupute!\Bureau\clean\clean\del3.cmd: supprimé !
C:\Documents and Settings\Roro la pupute!\Bureau\clean\clean\del2.cmd: supprimé !
C:\Documents and Settings\Roro la pupute!\Bureau\clean\clean\clean.cmd: supprimé !
C:\Documents and Settings\Roro la pupute!\Bureau\clean\clean\cherche.cmd: supprimé !
C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\SDFIX: supprimé !
C:\Vundofix backups: supprimé !
C:\_OtMoveIt: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Sauvegarde du registre crée !
0
Réponse 32 / 34
rototo943 Messages postés 22 Statut Membre
 
ok, j'ai fait la désactivation/activation de la "Restauration du système"
on est bon là?
0
Réponse 33 / 34
rototo943 Messages postés 22 Statut Membre
 
non, plus de question
mais par contre, un énooooooooooorme merci! pour ton implication et tes précieux conseils (g pas tout compris keske g fait...)
g l'impression que mon pc est comme neuf, la différence depuis ton intervention est saisissante
donc merci mon cyrildu17, "mon jedi de l'informatique" :p
0
Réponse 34 / 34
Utilisateur anonyme
 
^^
Bèh de rien =)
Bonne continuation ,
en espérant ne plus te revoir sur le forum virus/sécurité ;)
++
0

Discussions similaires

Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Comment enlever mon virus trojan:win32/si...
bryanoulet -
juju666 -

58 réponses
qu'est ce qu'un "trojan agent/gen" ? svp
Saber03 -
jacques.gache -

33 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses