Ordi infecté par plusieurs virus
Fermé
lolotte33
Messages postés
42
Date d'inscription
mardi 2 octobre 2007
Statut
Membre
Dernière intervention
14 février 2011
-
8 sept. 2008 à 22:34
Utilisateur anonyme - 9 sept. 2008 à 22:05
Utilisateur anonyme - 9 sept. 2008 à 22:05
A voir également:
- Ordi infecté par plusieurs virus
- Ordi qui rame - Guide
- Comment reinitialiser un ordi - Guide
- Ordi scrabble - Télécharger - Jeux vidéo
- Virus mcafee - Accueil - Piratage
- Comment retourner ecran ordi - Guide
12 réponses
Utilisateur anonyme
8 sept. 2008 à 22:40
8 sept. 2008 à 22:40
hi Lolotte
tu as posté pour quel prob ?
ensuite on poursuit
bizz
tu as posté pour quel prob ?
ensuite on poursuit
bizz
lolotte33
Messages postés
42
Date d'inscription
mardi 2 octobre 2007
Statut
Membre
Dernière intervention
14 février 2011
8 sept. 2008 à 22:45
8 sept. 2008 à 22:45
bonjour c pour un cheval de troie et plusieurs fichiers infectés d'apres le scan de malwarebytes.
salut,mai a jour internet explorer https://support.microsoft.com/fr-fr/allproducts
lolotte33
Messages postés
42
Date d'inscription
mardi 2 octobre 2007
Statut
Membre
Dernière intervention
14 février 2011
8 sept. 2008 à 22:51
8 sept. 2008 à 22:51
la mise à jour va supprimer les virus?
et aussi adob acrobate reader
lolotte33
Messages postés
42
Date d'inscription
mardi 2 octobre 2007
Statut
Membre
Dernière intervention
14 février 2011
8 sept. 2008 à 22:53
8 sept. 2008 à 22:53
ok
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
8 sept. 2008 à 22:56
8 sept. 2008 à 22:56
il est ou le rapport ????? !!!! pas ici !!
lolotte33
Messages postés
42
Date d'inscription
mardi 2 octobre 2007
Statut
Membre
Dernière intervention
14 février 2011
8 sept. 2008 à 22:58
8 sept. 2008 à 22:58
je poste le rapport des que malwares a terminé le scan pour l'instant il a détecté 126 fichiers infectés
Utilisateur anonyme
>
lolotte33
Messages postés
42
Date d'inscription
mardi 2 octobre 2007
Statut
Membre
Dernière intervention
14 février 2011
8 sept. 2008 à 23:01
8 sept. 2008 à 23:01
ok je vois
termine tranquille et envoie le rapport
kiss
termine tranquille et envoie le rapport
kiss
jfkpresident
Messages postés
13408
Date d'inscription
lundi 3 septembre 2007
Statut
Contributeur sécurité
Dernière intervention
5 janvier 2015
1 175
8 sept. 2008 à 22:59
8 sept. 2008 à 22:59
bonsoir a tous ;
pour suivre ..
PS : il y a un rapport hijack !
pour suivre ..
PS : il y a un rapport hijack !
Utilisateur anonyme
8 sept. 2008 à 23:12
8 sept. 2008 à 23:12
ok mister ^^ tu ma U !!!bof jvais défendre mon K si c possible ^^
je dis fais ou poste malware et execute et poste 1 log hijack (c pour moi^^) je c tu irais + vite et loin va ^^mais t compréhensif loool
kisses
je dis fais ou poste malware et execute et poste 1 log hijack (c pour moi^^) je c tu irais + vite et loin va ^^mais t compréhensif loool
kisses
lolotte33
Messages postés
42
Date d'inscription
mardi 2 octobre 2007
Statut
Membre
Dernière intervention
14 février 2011
8 sept. 2008 à 23:27
8 sept. 2008 à 23:27
rapport hijackthis ci dessous mais malwares scan toujours en cours...c long
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:25:45, on 08/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\APPS\Powercinema\PCMService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
D:\Documents and Settings\jordan\Local Settings\Temporary Internet Files\Content.IE5\LEDLN0FC\HiJackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-2031290337-3766640776-3221108910-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'veronique')
O4 - HKUS\S-1-5-21-2031290337-3766640776-3221108910-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LEO')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:25:45, on 08/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\APPS\Powercinema\PCMService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
D:\Documents and Settings\jordan\Local Settings\Temporary Internet Files\Content.IE5\LEDLN0FC\HiJackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-2031290337-3766640776-3221108910-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'veronique')
O4 - HKUS\S-1-5-21-2031290337-3766640776-3221108910-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LEO')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
lolotte33
Messages postés
42
Date d'inscription
mardi 2 octobre 2007
Statut
Membre
Dernière intervention
14 février 2011
8 sept. 2008 à 23:27
8 sept. 2008 à 23:27
rapport hijackthis ci dessous mais malwares scan toujours en cours...c long
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:25:45, on 08/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\APPS\Powercinema\PCMService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
D:\Documents and Settings\jordan\Local Settings\Temporary Internet Files\Content.IE5\LEDLN0FC\HiJackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-2031290337-3766640776-3221108910-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'veronique')
O4 - HKUS\S-1-5-21-2031290337-3766640776-3221108910-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LEO')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:25:45, on 08/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\APPS\Powercinema\PCMService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
D:\Documents and Settings\jordan\Local Settings\Temporary Internet Files\Content.IE5\LEDLN0FC\HiJackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-2031290337-3766640776-3221108910-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'veronique')
O4 - HKUS\S-1-5-21-2031290337-3766640776-3221108910-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LEO')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
lolotte33
Messages postés
42
Date d'inscription
mardi 2 octobre 2007
Statut
Membre
Dernière intervention
14 février 2011
8 sept. 2008 à 23:27
8 sept. 2008 à 23:27
rapport hijackthis ci dessous mais malwares scan toujours en cours...c long
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:25:45, on 08/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\APPS\Powercinema\PCMService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
D:\Documents and Settings\jordan\Local Settings\Temporary Internet Files\Content.IE5\LEDLN0FC\HiJackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-2031290337-3766640776-3221108910-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'veronique')
O4 - HKUS\S-1-5-21-2031290337-3766640776-3221108910-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LEO')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:25:45, on 08/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\APPS\Powercinema\PCMService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
D:\Documents and Settings\jordan\Local Settings\Temporary Internet Files\Content.IE5\LEDLN0FC\HiJackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-2031290337-3766640776-3221108910-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'veronique')
O4 - HKUS\S-1-5-21-2031290337-3766640776-3221108910-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LEO')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
Utilisateur anonyme
8 sept. 2008 à 23:34
8 sept. 2008 à 23:34
ok jmatte ça mais termine malwarebytes stp
za+++
za+++
lolotte33
Messages postés
42
Date d'inscription
mardi 2 octobre 2007
Statut
Membre
Dernière intervention
14 février 2011
9 sept. 2008 à 07:19
9 sept. 2008 à 07:19
voici enfin le rapport de malwares merci beaucoup
Malwarebytes' Anti-Malware 1.27
Version de la base de données: 1130
Windows 5.1.2600 Service Pack 2
09/09/2008 07:16:03
mbam-log-2008-09-09 (07-16-03).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 161768
Temps écoulé: 6 hour(s), 0 minute(s), 43 second(s)
Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 17
Clé(s) du Registre infectée(s): 20
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 81
Processus mémoire infecté(s):
C:\APPS\Softex\OmniPass\OmniServ.exe (Trojan.FakeAlert.H) -> Unloaded process successfully.
C:\APPS\Softex\OmniPass\OPXPApp.exe (Trojan.FakeAlert.H) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\APPS\Softex\OmniPass\autheng.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\authntec.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\biologon.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\Cachedrv.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\cryptodll.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\ginastub.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\hdddrv.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\ldapdrv.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\mstrpwd.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\opfolderext.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\opfsdll.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\OPXPGina.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\secur32.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\sftxtgp.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\SSPLogon.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\storeng.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\userdata.dll (Trojan.FakeAlert.H) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{b7164b19-8fe8-4933-95db-12356730cc7f} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\omniserv (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\omniserv (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\omniserv (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{f23e9778-57da-4a7b-8100-dbd35ba0714c} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{18638023-5eed-4534-a9a8-5887f39da82f} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{22dbb81d-e3e9-42e9-9316-7f88fb87f956} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2ffbd1c6-d86b-4f9b-80ba-be7283ee5a89} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5bee58b6-4a2f-4ac8-8503-b3c256a85b4f} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84d7908a-6313-449b-8131-304891bc97f1} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8d596c18-1eea-49c0-a5df-0996641f01a1} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a12f9702-570c-4b17-a05d-1cc9c8261ecd} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d0ce97a0-415b-42e9-b251-34393af2d5f6} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d5b1944e-db4e-482e-b3f1-db05827f0978} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{eb8544bf-d305-41d3-9639-c244ec71a360} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e0d0ab01-c48f-4384-9301-52b056978611} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9e97e5b6-33dc-4df1-8dee-67d7e6722489} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opxpgina (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{b06baa10-63d5-43e1-baf3-94ac5462a7e1} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{dded71d8-354d-47b5-a15a-5e01e44489d0} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{d0ce97a0-415b-42e9-b251-34393af2d5f6} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{d5b1944e-db4e-482e-b3f1-db05827f0978} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\omnipass (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\APPS\Softex\OmniPass (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\Help (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\APPS\Softex\OmniPass\123id.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Atdiag.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\atmelcm.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\autheng.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\authntec.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\BioFP.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\biologon.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\btype0.dat (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\btype256.dat (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\btype259.dat (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\btype3.dat (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Cachedrv.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\cryptodll.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\devsig.bat (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\devsig.dat (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\DigiCert.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\EnrWiz.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\eventmsg.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\explorer.ocx (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\fujitsufp.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\ginastub.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\hdddrv.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\ISHF_Ex.tlb (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\ldapdrv.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\mstrpwd.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\ntranceFP.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\OmniServ.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\OP3Intc.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\OpFolderExt.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\OpFolderHelper.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\opfsdll.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\OPSetupDll.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\OPShellA.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\OPXPApp.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\OPXPGina.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\pendrv.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\pkc11drv.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\PrivarisFP.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\scard.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\scureapp.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\scurecpl.cpl (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\scuredll.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\scureicn.ico (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\secur32.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\setup.lst (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\sftxtgp.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\SSPLogon.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\storeng.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\tdtouchg5lib.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\tpmdrv.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\uninst.ico (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\uninst.iss (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\userdata.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\Validity.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Help\OPhelp.chm (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Access Denied.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Access Granted.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Beep Access Denied.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Beep Access Granted.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Beep Critical Stop.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Beep Enroll Instructions.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Beep Enrollment Complete.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Beep Enrollment Failed.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Beep Enter Password.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Beep Identity Switched.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Beep Incorrect User.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Beep Place Finger.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Beep User Logged Off.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Beep User Logged On.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Beep User Removed.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Critical Stop.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Enroll Instructions.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Enrollment Complete.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Enrollment Failed.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Enter Password.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Identity Switched.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Incorrect User.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Place Finger.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\User Logged Off.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\User Logged On.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\User Removed.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.27
Version de la base de données: 1130
Windows 5.1.2600 Service Pack 2
09/09/2008 07:16:03
mbam-log-2008-09-09 (07-16-03).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 161768
Temps écoulé: 6 hour(s), 0 minute(s), 43 second(s)
Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 17
Clé(s) du Registre infectée(s): 20
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 81
Processus mémoire infecté(s):
C:\APPS\Softex\OmniPass\OmniServ.exe (Trojan.FakeAlert.H) -> Unloaded process successfully.
C:\APPS\Softex\OmniPass\OPXPApp.exe (Trojan.FakeAlert.H) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\APPS\Softex\OmniPass\autheng.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\authntec.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\biologon.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\Cachedrv.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\cryptodll.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\ginastub.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\hdddrv.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\ldapdrv.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\mstrpwd.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\opfolderext.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\opfsdll.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\OPXPGina.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\secur32.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\sftxtgp.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\SSPLogon.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\storeng.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\userdata.dll (Trojan.FakeAlert.H) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{b7164b19-8fe8-4933-95db-12356730cc7f} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\omniserv (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\omniserv (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\omniserv (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{f23e9778-57da-4a7b-8100-dbd35ba0714c} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{18638023-5eed-4534-a9a8-5887f39da82f} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{22dbb81d-e3e9-42e9-9316-7f88fb87f956} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2ffbd1c6-d86b-4f9b-80ba-be7283ee5a89} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5bee58b6-4a2f-4ac8-8503-b3c256a85b4f} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84d7908a-6313-449b-8131-304891bc97f1} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8d596c18-1eea-49c0-a5df-0996641f01a1} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a12f9702-570c-4b17-a05d-1cc9c8261ecd} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d0ce97a0-415b-42e9-b251-34393af2d5f6} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d5b1944e-db4e-482e-b3f1-db05827f0978} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{eb8544bf-d305-41d3-9639-c244ec71a360} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e0d0ab01-c48f-4384-9301-52b056978611} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9e97e5b6-33dc-4df1-8dee-67d7e6722489} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opxpgina (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{b06baa10-63d5-43e1-baf3-94ac5462a7e1} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{dded71d8-354d-47b5-a15a-5e01e44489d0} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{d0ce97a0-415b-42e9-b251-34393af2d5f6} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{d5b1944e-db4e-482e-b3f1-db05827f0978} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\omnipass (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\APPS\Softex\OmniPass (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\Help (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\APPS\Softex\OmniPass\123id.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Atdiag.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\atmelcm.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\autheng.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\authntec.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\BioFP.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\biologon.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\btype0.dat (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\btype256.dat (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\btype259.dat (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\btype3.dat (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Cachedrv.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\cryptodll.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\devsig.bat (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\devsig.dat (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\DigiCert.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\EnrWiz.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\eventmsg.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\explorer.ocx (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\fujitsufp.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\ginastub.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\hdddrv.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\ISHF_Ex.tlb (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\ldapdrv.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\mstrpwd.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\ntranceFP.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\OmniServ.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\OP3Intc.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\OpFolderExt.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\OpFolderHelper.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\opfsdll.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\OPSetupDll.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\OPShellA.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\OPXPApp.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\OPXPGina.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\pendrv.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\pkc11drv.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\PrivarisFP.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\scard.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\scureapp.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\scurecpl.cpl (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\scuredll.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\scureicn.ico (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\secur32.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\setup.lst (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\sftxtgp.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\SSPLogon.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\storeng.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\tdtouchg5lib.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\tpmdrv.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\uninst.ico (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\uninst.iss (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\userdata.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\APPS\Softex\OmniPass\Validity.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Help\OPhelp.chm (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Access Denied.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Access Granted.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Beep Access Denied.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Beep Access Granted.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Beep Critical Stop.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Beep Enroll Instructions.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Beep Enrollment Complete.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Beep Enrollment Failed.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Beep Enter Password.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Beep Identity Switched.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Beep Incorrect User.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Beep Place Finger.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Beep User Logged Off.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Beep User Logged On.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Beep User Removed.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Critical Stop.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Enroll Instructions.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Enrollment Complete.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Enrollment Failed.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Enter Password.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Identity Switched.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Incorrect User.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\Place Finger.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\User Logged Off.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\User Logged On.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\APPS\Softex\OmniPass\Sounds\User Removed.wav (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
jfkpresident
Messages postés
13408
Date d'inscription
lundi 3 septembre 2007
Statut
Contributeur sécurité
Dernière intervention
5 janvier 2015
1 175
9 sept. 2008 à 12:29
9 sept. 2008 à 12:29
lolotte33 : en attendant funnygirl ,recolle un nouveau log hijackthis .
Utilisateur anonyme
9 sept. 2008 à 22:05
9 sept. 2008 à 22:05
salut vous 2 !!
merci JFK et Lolotte ben poste nous comme demandé un nouveau rapport hijack
bises
merci JFK et Lolotte ben poste nous comme demandé un nouveau rapport hijack
bises
