Sujet Précédent Sujet Suivant

Privacy danger

Fermé
Llivia Messages postés 12 Date d'inscription mardi 29 juillet 2008 Statut Membre Dernière intervention 4 octobre 2008 - 29 juil. 2008 à 20:18
Llivia Messages postés 12 Date d'inscription mardi 29 juillet 2008 Statut Membre Dernière intervention 4 octobre 2008 - 17 août 2008 à 10:39
Bonjour,

ce virus est en train de me rendre dingue!!! j'ai suivi les consignes données dans l'onglet astuce et je poste les deux rapports de smitfraudfix que j'ai obtenus. Si quelqu'un pouvait me dire si je me suis définitivement débarrassé de cette sacrée foutue m... ce serait super gentil.


1 er rapport obtenu

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{1b17f1db-790e-4d42-8e0c-d4d19123ee5b}"="coronally"

[HKEY_CLASSES_ROOT\CLSID\{1b17f1db-790e-4d42-8e0c-d4d19123ee5b}\InProcServer32]
@="C:\WINDOWS\system32\xnvaogd.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1b17f1db-790e-4d42-8e0c-d4d19123ee5b}\InProcServer32]
@="C:\WINDOWS\system32\xnvaogd.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"="lsass.exe"


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin


Rapport obtenu après le nettoyage en mode sans échecs:

SmitFraudFix v2.332

Rapport fait à 19:59:11,64, 29/07/2008
Executé à partir de C:\Documents and Settings\Redg\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{1b17f1db-790e-4d42-8e0c-d4d19123ee5b}"="coronally"

[HKEY_CLASSES_ROOT\CLSID\{1b17f1db-790e-4d42-8e0c-d4d19123ee5b}\InProcServer32]
@="C:\WINDOWS\system32\xnvaogd.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1b17f1db-790e-4d42-8e0c-d4d19123ee5b}\InProcServer32]
@="C:\WINDOWS\system32\xnvaogd.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


64.237.37.47 auto.search.msn.com

64.237.37.47 auto.search.msn.com

64.237.37.47 auto.search.msn.com

64.237.37.47 auto.search.msn.com

64.237.37.47 auto.search.msn.com

64.237.37.47 auto.search.msn.com

64.237.37.47 auto.search.msn.com

64.237.37.47 auto.search.msn.com
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

124.217.252.77 www.bravesentry.com
124.217.252.77 bravesentry.com
124.217.252.78 secure.isoftpay.com

124.217.252.77 www.bravesentry.com
124.217.252.77 bravesentry.com
124.217.252.78 secure.isoftpay.com

124.217.252.77 www.bravesentry.com
124.217.252.77 bravesentry.com
124.217.252.78 secure.isoftpay.com

124.217.252.77 www.bravesentry.com
124.217.252.77 bravesentry.com
124.217.252.78 secure.isoftpay.com

124.217.252.77 www.bravesentry.com
124.217.252.77 bravesentry.com
124.217.252.78 secure.isoftpay.com

124.217.252.77 www.bravesentry.com
124.217.252.77 bravesentry.com
124.217.252.78 secure.isoftpay.com

124.217.252.77 www.bravesentry.com
124.217.252.77 bravesentry.com
124.217.252.78 secure.isoftpay.com

124.217.252.77 www.bravesentry.com
124.217.252.77 bravesentry.com
124.217.252.78 secure.isoftpay.com

124.217.252.77 www.bravesentry.com
124.217.252.77 bravesentry.com
124.217.252.78 secure.isoftpay.com

124.217.252.77 www.bravesentry.com
124.217.252.77 bravesentry.com
124.217.252.78 secure.isoftpay.com

124.217.252.77 www.bravesentry.com
124.217.252.77 bravesentry.com
124.217.252.78 secure.isoftpay.com

124.217.252.77 www.bravesentry.com
124.217.252.77 bravesentry.com
124.217.252.78 secure.isoftpay.com

124.217.252.77 www.bravesentry.com
124.217.252.77 bravesentry.com
124.217.252.78 secure.isoftpay.com

124.217.252.77 www.bravesentry.com
124.217.252.77 bravesentry.com
124.217.252.78 secure.isoftpay.com

124.217.252.77 www.bravesentry.com
124.217.252.77 bravesentry.com
124.217.252.78 secure.isoftpay.com

124.217.252.77 www.bravesentry.com
124.217.252.77 bravesentry.com
124.217.252.78 secure.isoftpay.com

124.217.252.77 www.bravesentry.com
124.217.252.77 bravesentry.com
124.217.252.78 secure.isoftpay.com

124.217.252.77 www.bravesentry.com
124.217.252.77 bravesentry.com
124.217.252.78 secure.isoftpay.com

124.217.252.77 www.bravesentry.com
124.217.252.77 bravesentry.com
124.217.252.78 secure.isoftpay.com

124.217.252.77 www.bravesentry.com
124.217.252.77 bravesentry.com
124.217.252.78 secure.isoftpay.com

124.217.252.77 www.bravesentry.com
124.217.252.77 bravesentry.com
124.217.252.78 secure.isoftpay.com

124.217.252.77 www.bravesentry.com
124.217.252.77 bravesentry.com
124.217.252.78 secure.isoftpay.com

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\jetctrl.dll supprimé
Deleting [HKEY_CLASSES_ROOT\CLSID\{A742BD9D-EF2E-4E3E-99FB-04976EE136AB}]
C:\Documents and Settings\Redg\Application Data\Install.dat supprimé
C:\Program Files\BraveSentry\ supprimé
C:\Program Files\Video Add-on\ supprimé
C:\Program Files\Video AX Object\ supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"="lsass.exe"


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
A voir également:

4 réponses

Réponse 1 / 4
Utilisateur anonyme
29 juil. 2008 à 20:21
Salut


Télécharge cet outil de SiRi:

http://siri.urz.free.fr/RHosts.php

Double cliquer dessus pour l'exécuter

et cliquer sur " Restore original Hosts "

ps : c est normal que rien ne se passe


et redémarre le pc

télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)


Tutorial ( aide ) : http://bibou0007.com/outils-specifiques-f78/tuto-lop-sd-t956.htm


0
Réponse 2 / 4
Llivia Messages postés 12 Date d'inscription mardi 29 juillet 2008 Statut Membre Dernière intervention 4 octobre 2008
30 juil. 2008 à 10:38
Salut Chiquitine,

merci de ta réponse, je te poste le rapport que j'obtiens. Je pense que je ne pourrais pas en faire plus dans l'immédiat car je pars 3 semaines. Je ne suis pas la seule à me servir de l'ordi mais comme les autres sont encore plus bille que moi je préfère m'en occuper personnellement.


--------------------\\ Lop S&D 4.2.2-4 XP/Vista

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Redg ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 30/07/2008 | 10:27:57,97 ] [ PC : ANDROMEDE ]
[ MAJ : 25-07-2008 | 17:45 ]

--------------------\\ Listing des dossiers dans APPLIC~1

[02/10/2004|10:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
[29/01/2006|14:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\Help
[12/02/2007|10:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
[29/01/2006|14:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[29/01/2006|14:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
[12/02/2007|10:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback

[14/07/2008|12:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[12/11/2007|11:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[12/11/2007|11:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[16/04/2008|16:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[16/04/2008|09:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Awem
[22/07/2007|10:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comp Size Help Does
[02/10/2004|10:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[12/02/2007|00:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[20/04/2008|19:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
[24/11/2007|12:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[22/05/2008|15:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MythPeople
[13/12/2007|22:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
[30/10/2004|09:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[22/05/2008|17:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Realv1005
[14/05/2008|23:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skyline
[24/11/2007|12:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[05/10/2004|21:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[22/03/2007|01:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[21/05/2006|22:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[05/12/2007|22:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

[19/06/2005|12:34] C:\DOCUME~1\BigChief\APPLIC~1\acai
[07/02/2008|22:56] C:\DOCUME~1\BigChief\APPLIC~1\Adobe
[15/08/2006|19:09] C:\DOCUME~1\BigChief\APPLIC~1\AdobeDLM.log
[23/11/2004|14:50] C:\DOCUME~1\BigChief\APPLIC~1\AdobeUM
[23/03/2008|23:55] C:\DOCUME~1\BigChief\APPLIC~1\Apple Computer
[02/10/2004|10:28] C:\DOCUME~1\BigChief\APPLIC~1\desktop.ini
[15/08/2006|19:09] C:\DOCUME~1\BigChief\APPLIC~1\dm.ini
[22/07/2007|10:15] C:\DOCUME~1\BigChief\APPLIC~1\Download mapi noun
[27/03/2005|11:27] C:\DOCUME~1\BigChief\APPLIC~1\Help
[04/01/2007|14:01] C:\DOCUME~1\BigChief\APPLIC~1\Hewlett-Packard
[08/06/2008|14:35] C:\DOCUME~1\BigChief\APPLIC~1\hpothb07.dat
[08/06/2008|14:35] C:\DOCUME~1\BigChief\APPLIC~1\hpothb07.tif
[02/10/2004|18:44] C:\DOCUME~1\BigChief\APPLIC~1\Identities
[11/04/2008|08:05] C:\DOCUME~1\BigChief\APPLIC~1\Install.dat
[02/10/2004|18:49] C:\DOCUME~1\BigChief\APPLIC~1\Lavasoft
[06/10/2004|22:33] C:\DOCUME~1\BigChief\APPLIC~1\Macromedia
[17/05/2007|16:05] C:\DOCUME~1\BigChief\APPLIC~1\Microsoft
[10/02/2008|17:01] C:\DOCUME~1\BigChief\APPLIC~1\Mozilla
[26/08/2007|16:41] C:\DOCUME~1\BigChief\APPLIC~1\OLYMPUS
[30/07/2008|07:35] C:\DOCUME~1\BigChief\APPLIC~1\OpenOffice.org2
[11/11/2004|03:51] C:\DOCUME~1\BigChief\APPLIC~1\Real
[30/05/2006|22:26] C:\DOCUME~1\BigChief\APPLIC~1\SoftPerfect Personal Firewall
[06/10/2004|00:42] C:\DOCUME~1\BigChief\APPLIC~1\Sun
[14/09/2005|22:09] C:\DOCUME~1\BigChief\APPLIC~1\Symantec
[02/10/2004|18:49] C:\DOCUME~1\BigChief\APPLIC~1\Talkback
[25/09/2007|22:49] C:\DOCUME~1\BigChief\APPLIC~1\WinRAR

[02/10/2004|10:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[02/10/2004|09:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[02/10/2004|10:28] C:\DOCUME~1\INVIT~1\APPLIC~1\desktop.ini
[08/01/2007|11:56] C:\DOCUME~1\INVIT~1\APPLIC~1\Help
[06/10/2004|08:23] C:\DOCUME~1\INVIT~1\APPLIC~1\Identities
[05/05/2007|09:24] C:\DOCUME~1\INVIT~1\APPLIC~1\Macromedia
[29/05/2007|07:51] C:\DOCUME~1\INVIT~1\APPLIC~1\Microsoft
[10/10/2004|10:11] C:\DOCUME~1\INVIT~1\APPLIC~1\Mozilla
[05/05/2007|09:45] C:\DOCUME~1\INVIT~1\APPLIC~1\OpenOffice.org2
[12/11/2004|00:51] C:\DOCUME~1\INVIT~1\APPLIC~1\Real
[08/01/2007|12:01] C:\DOCUME~1\INVIT~1\APPLIC~1\SoftPerfect Personal Firewall
[10/10/2004|10:11] C:\DOCUME~1\INVIT~1\APPLIC~1\Talkback


[02/10/2004|09:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[09/02/2008|10:53] C:\DOCUME~1\Monelle\APPLIC~1\Adobe
[06/01/2008|12:48] C:\DOCUME~1\Monelle\APPLIC~1\AdobeUM
[16/12/2007|13:52] C:\DOCUME~1\Monelle\APPLIC~1\Apple Computer
[02/10/2004|10:28] C:\DOCUME~1\Monelle\APPLIC~1\desktop.ini
[21/03/2007|15:50] C:\DOCUME~1\Monelle\APPLIC~1\Google
[25/08/2006|11:36] C:\DOCUME~1\Monelle\APPLIC~1\Help
[25/08/2006|11:35] C:\DOCUME~1\Monelle\APPLIC~1\Identities
[13/04/2008|14:43] C:\DOCUME~1\Monelle\APPLIC~1\Install.dat
[24/11/2007|12:30] C:\DOCUME~1\Monelle\APPLIC~1\Lavasoft
[12/10/2006|13:53] C:\DOCUME~1\Monelle\APPLIC~1\Macromedia
[11/02/2007|20:35] C:\DOCUME~1\Monelle\APPLIC~1\Microsoft
[22/05/2008|22:21] C:\DOCUME~1\Monelle\APPLIC~1\Mozilla
[29/07/2008|19:14] C:\DOCUME~1\Monelle\APPLIC~1\OpenOffice.org2
[25/08/2006|11:35] C:\DOCUME~1\Monelle\APPLIC~1\SoftPerfect Personal Firewall
[05/11/2006|21:11] C:\DOCUME~1\Monelle\APPLIC~1\Sun
[12/10/2006|13:53] C:\DOCUME~1\Monelle\APPLIC~1\Talkback

[02/10/2004|09:51] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[07/02/2008|19:28] C:\DOCUME~1\Redg\APPLIC~1\Adobe
[14/07/2008|12:31] C:\DOCUME~1\Redg\APPLIC~1\AdobeUM
[02/10/2004|10:28] C:\DOCUME~1\Redg\APPLIC~1\desktop.ini
[16/03/2007|10:59] C:\DOCUME~1\Redg\APPLIC~1\Google
[24/10/2004|10:48] C:\DOCUME~1\Redg\APPLIC~1\Help
[05/10/2004|21:35] C:\DOCUME~1\Redg\APPLIC~1\Hewlett-Packard
[16/04/2008|09:39] C:\DOCUME~1\Redg\APPLIC~1\Identities
[02/10/2004|16:59] C:\DOCUME~1\Redg\APPLIC~1\Lavasoft
[10/10/2004|11:15] C:\DOCUME~1\Redg\APPLIC~1\Macromedia
[25/12/2005|13:19] C:\DOCUME~1\Redg\APPLIC~1\Microsoft
[07/02/2008|18:04] C:\DOCUME~1\Redg\APPLIC~1\Mozilla
[30/07/2008|10:24] C:\DOCUME~1\Redg\APPLIC~1\OpenOffice.org2
[01/06/2006|10:40] C:\DOCUME~1\Redg\APPLIC~1\Real
[29/05/2006|14:55] C:\DOCUME~1\Redg\APPLIC~1\SoftPerfect Personal Firewall
[02/10/2004|17:09] C:\DOCUME~1\Redg\APPLIC~1\Sun
[29/05/2006|14:58] C:\DOCUME~1\Redg\APPLIC~1\sversion.ini
[29/01/2006|13:18] C:\DOCUME~1\Redg\APPLIC~1\Symantec
[02/10/2004|17:19] C:\DOCUME~1\Redg\APPLIC~1\Talkback
[06/04/2008|19:29] C:\DOCUME~1\Redg\APPLIC~1\TheScruffs
[16/04/2008|09:39] C:\DOCUME~1\Redg\APPLIC~1\Zylom

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[01/06/2008 20:51][--a------] C:\WINDOWS\tasks\Nettoyage de disque.job
[12/07/2008 20:35][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[17/06/2007 14:58][--a------] C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1168260935.job
[16/05/2008 20:00][--a------] C:\WINDOWS\tasks\Norton AntiVirus - Analyser mon ordinateur - Redg.job
[30/07/2008 10:23][--ah-----] C:\WINDOWS\tasks\SA.DAT
[24/04/2003 14:00][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[10/04/2006|17:13] C:\Program Files\Adobe
[27/05/2006|11:51] C:\Program Files\Alwil Software
[03/07/2008|00:52] C:\Program Files\Antivirus 2009
[12/11/2007|11:29] C:\Program Files\Apple Software Update
[29/07/2008|16:40] C:\Program Files\asw10.log
[19/05/2008|15:56] C:\Program Files\aswclnr.exe
[22/05/2008|21:32] C:\Program Files\aswclnr.log
[22/05/2008|19:55] C:\Program Files\aswclnr.tmp
[16/04/2008|16:40] C:\Program Files\Avira
[04/06/2006|15:07] C:\Program Files\C-Media
[02/10/2004|18:25] C:\Program Files\Common Files
[02/10/2004|09:49] C:\Program Files\ComPlus Applications
[11/03/2007|13:39] C:\Program Files\Corel
[23/06/2005|17:19] C:\Program Files\directx
[23/06/2005|17:17] C:\Program Files\Disney Interactive
[08/10/2006|17:48] C:\Program Files\DivX
[07/05/2007|18:00] C:\Program Files\Download mapi noun
[05/07/2008|23:17] C:\Program Files\eMule
[07/02/2008|18:03] C:\Program Files\Fichiers communs
[13/07/2007|23:08] C:\Program Files\Google
[08/01/2007|14:48] C:\Program Files\Hewlett-Packard
[26/08/2007|16:40] C:\Program Files\InstallShield Installation Information
[12/12/2007|19:13] C:\Program Files\Internet Explorer
[03/10/2007|13:22] C:\Program Files\Java
[01/06/2006|11:38] C:\Program Files\Kodak
[23/06/2005|01:57] C:\Program Files\Messenger
[02/10/2004|09:51] C:\Program Files\microsoft frontpage
[24/10/2004|10:56] C:\Program Files\Microsoft Office
[09/04/2005|16:59] C:\Program Files\Movie Maker
[30/07/2008|10:24] C:\Program Files\Mozilla Firefox
[07/02/2008|18:02] C:\Program Files\mozilla.org
[02/10/2004|09:48] C:\Program Files\MSN Gaming Zone
[25/11/2007|15:22] C:\Program Files\MSN Messenger
[26/08/2007|22:53] C:\Program Files\MSXML 4.0
[24/10/2004|22:13] C:\Program Files\NetMeeting
[29/05/2006|13:35] C:\Program Files\norton antivirus 2005. 6-10-04
[29/05/2006|13:47] C:\Program Files\OpenOffice.org 2.0
[29/05/2006|14:58] C:\Program Files\OpenOffice.org1.1.2
[13/06/2007|00:11] C:\Program Files\Outlook Express
[26/08/2007|16:37] C:\Program Files\PIXELA
[12/11/2007|11:31] C:\Program Files\QuickTime
[26/07/2008|14:09] C:\Program Files\Real
[22/05/2008|14:10] C:\Program Files\RichFX
[22/05/2008|14:11] C:\Program Files\RngInterstitial.dll
[02/09/2006|19:08] C:\Program Files\Room Arranger
[25/02/2007|18:47] C:\Program Files\SAGEM
[25/02/2007|13:55] C:\Program Files\Securitoo
[20/02/2006|13:45] C:\Program Files\Services en ligne
[06/07/2005|15:08] C:\Program Files\Sierra On-Line
[14/05/2008|23:41] C:\Program Files\Skyline
[24/11/2007|12:30] C:\Program Files\Spybot - Search & Destroy
[27/05/2006|11:11] C:\Program Files\Symantec
[02/10/2004|09:57] C:\Program Files\Uninstall Information
[25/12/2006|12:45] C:\Program Files\USBDisk
[09/04/2006|22:19] C:\Program Files\VDCodecPack1.6
[30/07/2008|10:23] C:\Program Files\Wanadoo
[08/10/2006|19:23] C:\Program Files\Wanadoo Messager
[31/05/2008|19:13] C:\Program Files\Win stream plugin
[16/12/2006|23:51] C:\Program Files\Windows Media Connect 2
[16/12/2006|23:51] C:\Program Files\Windows Media Player
[24/10/2004|22:13] C:\Program Files\Windows NT
[02/10/2004|09:48] C:\Program Files\WindowsUpdate
[02/10/2004|09:51] C:\Program Files\xerox
[26/07/2008|13:02] C:\Program Files\YesMessenger
[17/04/2008|12:51] C:\Program Files\Zylom Games

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[14/07/2008|12:39] C:\Program Files\Fichiers communs\Adobe
[28/12/2005|02:32] C:\Program Files\Fichiers communs\btmfsmml
[05/10/2004|21:32] C:\Program Files\Fichiers communs\Hewlett-Packard
[26/08/2007|16:25] C:\Program Files\Fichiers communs\InstallShield
[04/06/2006|19:24] C:\Program Files\Fichiers communs\Java
[30/10/2004|09:17] C:\Program Files\Fichiers communs\KODAK
[24/10/2004|10:56] C:\Program Files\Fichiers communs\Microsoft Shared
[07/02/2008|18:48] C:\Program Files\Fichiers communs\mozilla.org
[02/10/2004|09:49] C:\Program Files\Fichiers communs\MSSoap
[02/10/2004|10:29] C:\Program Files\Fichiers communs\ODBC
[22/05/2008|14:11] C:\Program Files\Fichiers communs\Real
[02/10/2004|09:49] C:\Program Files\Fichiers communs\Services
[02/10/2004|10:29] C:\Program Files\Fichiers communs\SpeechEngines
[27/05/2006|11:11] C:\Program Files\Fichiers communs\Symantec Shared
[13/06/2007|00:11] C:\Program Files\Fichiers communs\System

--------------------\\ Process

( 49 Processus )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

disk not found C:\
please note that you need administrator rights to perform deep scan

--------------------\\ Recherche d'autres infections

C:\WINDOWS\System32\nvs2.inf
[b]==> EGDACCESS <==/b

[HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.115.52 85.255.112.117

[HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
DhcpNameServer REG_SZ 85.255.115.52 85.255.112.117

[HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.115.66 85.255.112.98

[HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.114.71 85.255.112.60

[HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.115.52 85.255.112.117

[HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters]
DhcpNameServer REG_SZ 85.255.115.52 85.255.112.117

[HKLM\SYSTEM\CurrentControlSet\..\{1FA315DF-C857-40E1-B988-D4F559D506C1}]
DhcpNameServer REG_SZ 85.255.115.52,85.255.112.117

[HKLM\SYSTEM\CurrentControlSet\..\{5C036EBE-0255-490D-98FE-56EB006A4E6F}]
NameServer REG_SZ 85.255.115.52,85.255.112.117

[HKLM\SYSTEM\CurrentControlSet\..\{5C036EBE-0255-490D-98FE-56EB006A4E6F}]
DhcpNameServer REG_SZ 85.255.115.52,85.255.112.117

[HKLM\SYSTEM\ControlSet001\..\{1FA315DF-C857-40E1-B988-D4F559D506C1}]
DhcpNameServer REG_SZ 85.255.115.66,85.255.112.98

[HKLM\SYSTEM\ControlSet001\..\{5C036EBE-0255-490D-98FE-56EB006A4E6F}]
NameServer REG_SZ 85.255.115.66,85.255.112.98

[HKLM\SYSTEM\ControlSet002\..\{1FA315DF-C857-40E1-B988-D4F559D506C1}]
DhcpNameServer REG_SZ 85.255.115.52,85.255.112.117

[HKLM\SYSTEM\ControlSet002\..\{5C036EBE-0255-490D-98FE-56EB006A4E6F}]
NameServer REG_SZ 85.255.114.71,85.255.112.60

[HKLM\SYSTEM\ControlSet003\..\{1FA315DF-C857-40E1-B988-D4F559D506C1}]
DhcpNameServer REG_SZ 85.255.115.52,85.255.112.117

[HKLM\SYSTEM\ControlSet003\..\{5C036EBE-0255-490D-98FE-56EB006A4E6F}]
NameServer REG_SZ 85.255.115.52,85.255.112.117

[HKLM\SYSTEM\ControlSet003\..\{5C036EBE-0255-490D-98FE-56EB006A4E6F}]
DhcpNameServer REG_SZ 85.255.115.52,85.255.112.117

[b]==> WAREOUT <==/b


[F:180][D:59]-> C:\DOCUME~1\Redg\LOCALS~1\Temp
[F:18][D:0]-> C:\DOCUME~1\Redg\Cookies
[F:2110][D:9]-> C:\DOCUME~1\Redg\LOCALS~1\TEMPOR~1\content.IE5

--------------------\\ Fin du rapport a 10:30:13,19
l
0
Réponse 3 / 4
Utilisateur anonyme
30 juil. 2008 à 15:48
* Télécharge FixWareout de ce site sur le bureau:
http://download.bleepingcomputer.com/lonny/Fixwareout.exe


* Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

*Poste (Copie/colle) le contenu du rapport qui va s'afficher à l'écran (report.txt) avec un nouveau rapport HijackThis! dans ta prochaine réponse.


ensuite :

Télécharge HijackThis ici :

-> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe


Tutoriel d´instalation :

-> https://forums.cnetfrance.fr

Tutoriel d´utilisation :

-> https://forums.cnetfrance.fr

Post le rapport généré ici stp...

0
Réponse 4 / 4
Llivia Messages postés 12 Date d'inscription mardi 29 juillet 2008 Statut Membre Dernière intervention 4 octobre 2008
17 août 2008 à 10:39
Salut,

me voilà de retour et voici les deux rapports que tu m'a demandé. Merci et à bientôt!

Username "Redg" - 17/08/2008 10:25:47 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check
HKLM\SOFTWARE\~\CurrentVersion\Run\ ="dmhxs"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.115.52 85.255.112.117" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{5C036EBE-0255-490D-98FE-56EB006A4E6F}
"nameserver"="85.255.115.5,85.255.112.236" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{1FA315DF-C857-40E1-B988-D4F559D506C1}
"DhcpNameServer"="85.255.115.52,85.255.112.117" <Value cleared.

Cache de résolution DNS vidé.

System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"="lsass.exe"
....
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion "ucrsc" Value deleted
HKCR\CLSID\{61EE6B5A-B4B2-4853-AC33-D051EE17F098}\_h\4 Deleted.
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fmdcnazy"="C:\\WINDOWS\\system32\\zuwcys.exe"
"MSNSysRestore"="C:\\WINDOWS\\system32\\pc32.exe bg"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"WOOWATCH"="C:\\PROGRA~1\\Wanadoo\\Watch.exe"
"WOOTASKBARICON"="C:\\PROGRA~1\\Wanadoo\\GestMaj.exe TaskBarIcon.exe"
"Helpdoessite64"="C:\\Documents and Settings\\All Users\\Application Data\\Comp Size Help Does\\Program Balm.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"DriveSystem"="C:\\WINDOWS\\system32\\maxpaynowti1.exe"
"SystemDrive"="C:\\WINDOWS\\system32\\maxpaynow1.exe"
"PromoReg"="C:\\WINDOWS\\system32\\alt.exe.exe"
"msdefender.exe"="C:\\WINDOWS\\system32\\msdefender.exe"
"taskmon"="C:\\WINDOWS\\taskmon.exe"
"avgnt"="\"C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"neufbox_reminder"="\"C:\\Program Files\\Kit ADSL\\Wizard\\PostInstall_Checker.exe\" -r"
"WOOKIT"="C:\\Program Files\\Wanadoo\\GestMaj.exe EspaceWanadoo.exe"
"OM_Monitor"="C:\\Program Files\\OLYMPUS\\OLYMPUS Master\\Monitor.exe -NoStart"
"kavir"="C:\\WINDOWS\\kavir.exe"
"Service Pack 1"="C:\\WINDOWS\\system32\\vedxg6ame4.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:56, on 17/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\PROGRA~1\WINSTR~1\tbhelper.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1B44E59C-165C-4EE2-B3CD-4DFD348BE123} - C:\WINDOWS\system32\tuvSjKCu.dll (file missing)
O2 - BHO: (no name) - {623EABC6-D3C0-477F-A56D-1CB59A443D31} - C:\WINDOWS\system32\iifdExVp.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\norton antivirus 2005. 6-10-04\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [fmdcnazy] C:\WINDOWS\system32\zuwcys.exe
O4 - HKLM\..\Run: [MSNSysRestore] C:\WINDOWS\system32\pc32.exe bg
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Helpdoessite64] C:\Documents and Settings\All Users\Application Data\Comp Size Help Does\Program Balm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DriveSystem] C:\WINDOWS\system32\maxpaynowti1.exe
O4 - HKLM\..\Run: [SystemDrive] C:\WINDOWS\system32\maxpaynow1.exe
O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\system32\alt.exe.exe
O4 - HKLM\..\Run: [msdefender.exe] C:\WINDOWS\system32\msdefender.exe
O4 - HKLM\..\Run: [taskmon] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [neufbox_reminder] "C:\Program Files\Kit ADSL\Wizard\PostInstall_Checker.exe" -r
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [kavir] C:\WINDOWS\kavir.exe
O4 - HKCU\..\Run: [Service Pack 1] C:\WINDOWS\system32\vedxg6ame4.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Messager Wanadoo - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C036EBE-0255-490D-98FE-56EB006A4E6F}: NameServer = 85.255.115.52,85.255.112.117
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.66 85.255.112.98
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.52 85.255.112.117
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.52 85.255.112.117
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.52 85.255.112.117
O20 - Winlogon Notify: tuvSjKCu - tuvSjKCu.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\norton antivirus 2005. 6-10-04\SAVScan.exe
0

Discussions similaires

Privacy shield ???
DYLLEN76 -
stam18 -

13 réponses
PC Privacy Shield
Fred -
MisteryBean -

5 réponses
nettoyage PC suite à arnaque telephonique " votre pc es infecté"
djoudjoudjou -
djoudjoudjou -

4 réponses
Désinstaller PC privacy shield 2018 impossible
Bento -
Malekal_morte- -

1 réponse
Quel moteur de recherche sécurisé existe t'il ?
Skydevil -
parieurprof -

4 réponses