Virus
Onex
-
Geonex Messages postés 12 Statut Membre -
Geonex Messages postés 12 Statut Membre -
Bonjour,
Qui pourrait m'aider?
Mon PC ralenti et un fenêtre s'ouvre à chaque démarrage:
Rundll
Erreur de chargement C: Window\systeme32\yopujofo.dll
le mode spécifier est introuvable
Et sur internet il y a des fenêtre publicitaire qui s'ouvre
Antivirus McAfee virus scan entreprise 8.5
Voci un scan avec HijackThis
Logfile of T rend Micro HijackThis v2.0.2
Scan saved at 13:41:53, on 29/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\documents and settings\hp_propriétaire\local settings\application data\bdebb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.bluewin.ch/de/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {404be757-764d-415d-ac91-debcd4f937b1} - C:\WINDOWS\system32\ramuzovi.dll (file missing)
O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O3 - Toolbar: peltodgx - {BD48101F-198F-431B-9DDB-F5CCD0AB4027} - C:\WINDOWS\peltodgx.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [batuporove] Rundll32.exe "C:\WINDOWS\system32\yupujufo.dll",s
O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
O4 - HKCU\..\Run: [bdebb] "c:\documents and settings\hp_propriétaire\local settings\application data\bdebb.exe" bdebb
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [batuporove] Rundll32.exe "C:\WINDOWS\system32\yupujufo.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Ajouter le contenu des liens sélectionnés à un fichier PDF existant - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
O8 - Extra context menu item: Ajouter le contenu du lien à un fichier PDF existant - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Créer des fichiers PDF à partir des liens sélectionnés - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
O8 - Extra context menu item: Créer fichier PDF - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Créer un fichier PDF depuis le contenu du lien - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.serviceshub.microsoft.com/supportforbusiness/create
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: mzptqm.dll,C:\WINDOWS\system32\gurabimi.dll
O21 - SSODL: onfwbsak - {0A26980A-B967-403B-9D6B-28818D9AEA27} - (no file)
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Fichiers communs\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 10968 bytes
Qui pourrait m'aider?
Mon PC ralenti et un fenêtre s'ouvre à chaque démarrage:
Rundll
Erreur de chargement C: Window\systeme32\yopujofo.dll
le mode spécifier est introuvable
Et sur internet il y a des fenêtre publicitaire qui s'ouvre
Antivirus McAfee virus scan entreprise 8.5
Voci un scan avec HijackThis
Logfile of T rend Micro HijackThis v2.0.2
Scan saved at 13:41:53, on 29/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\documents and settings\hp_propriétaire\local settings\application data\bdebb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.bluewin.ch/de/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {404be757-764d-415d-ac91-debcd4f937b1} - C:\WINDOWS\system32\ramuzovi.dll (file missing)
O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O3 - Toolbar: peltodgx - {BD48101F-198F-431B-9DDB-F5CCD0AB4027} - C:\WINDOWS\peltodgx.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [batuporove] Rundll32.exe "C:\WINDOWS\system32\yupujufo.dll",s
O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
O4 - HKCU\..\Run: [bdebb] "c:\documents and settings\hp_propriétaire\local settings\application data\bdebb.exe" bdebb
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [batuporove] Rundll32.exe "C:\WINDOWS\system32\yupujufo.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Ajouter le contenu des liens sélectionnés à un fichier PDF existant - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
O8 - Extra context menu item: Ajouter le contenu du lien à un fichier PDF existant - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Créer des fichiers PDF à partir des liens sélectionnés - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
O8 - Extra context menu item: Créer fichier PDF - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Créer un fichier PDF depuis le contenu du lien - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.serviceshub.microsoft.com/supportforbusiness/create
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: mzptqm.dll,C:\WINDOWS\system32\gurabimi.dll
O21 - SSODL: onfwbsak - {0A26980A-B967-403B-9D6B-28818D9AEA27} - (no file)
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Fichiers communs\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 10968 bytes
A voir également:
- Virus
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
4 réponses
bonjour
1) Télécharge et installe Malwarebyte's Anti-Malware:
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée. >>> clique sur OK
Lance Malwarebyte's Anti-Malware en double-cliquant sur l'icône sur ton Bureau.
Au premier lancement, une fenêtre t'annonce que la version est Free >>> clique sur OK
Laisse les Mises à jour se télécharger
*** Referme le programme ***
2) Redémarre en "Mode sans échec"
Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionner "Mode sans échec" et appuie sur [Entrée]
Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.
Regarde ici si besoin : https://www.malekal.com/demarrer-windows-mode-sans-echec/
Ouvre le fichier texte sauvegardé sur le Bureau afin de suivre les instructions comme il faut.
3) Scan avec Malwarebyte's Anti-Malware
Lance Malwarebyte's Anti-Malware
Onglet "Recherche" >>> coche Executer un exame complet >>> Rechercher sélectionne tes disques durs puis clique sur Lancer l’examen
A la fin du scan >>> clique sur Afficher les résultats puis sur Enregistrer le rapport
Suppression des éléments détectés >>>>
supprime ce qu'il a trouvé vide également les éléments de la quarantaine
S'il t'es demandé de redémarrer >>> clique sur "Yes"
--> Un rapport de scan s'ouvre, enregistre sur ton Bureau et poste ce rapport en réponse.
quand tu demande une analyse, demande en mode sans échec.
Pourquoi en mode sans échec:
*Car déjà l'analyse cherche plus de fichiers en mode sans échec que en mode normal.
*Et aussi en mode normal les virus ( trojans, cheval de troie, vers, spywares , malwares et autres ... sont actif) donc ne se supprimes pas donc ils faut le faire en mode sans échec .1) Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.
1) Télécharge et installe Malwarebyte's Anti-Malware:
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée. >>> clique sur OK
Lance Malwarebyte's Anti-Malware en double-cliquant sur l'icône sur ton Bureau.
Au premier lancement, une fenêtre t'annonce que la version est Free >>> clique sur OK
Laisse les Mises à jour se télécharger
*** Referme le programme ***
2) Redémarre en "Mode sans échec"
Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionner "Mode sans échec" et appuie sur [Entrée]
Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.
Regarde ici si besoin : https://www.malekal.com/demarrer-windows-mode-sans-echec/
Ouvre le fichier texte sauvegardé sur le Bureau afin de suivre les instructions comme il faut.
3) Scan avec Malwarebyte's Anti-Malware
Lance Malwarebyte's Anti-Malware
Onglet "Recherche" >>> coche Executer un exame complet >>> Rechercher sélectionne tes disques durs puis clique sur Lancer l’examen
A la fin du scan >>> clique sur Afficher les résultats puis sur Enregistrer le rapport
Suppression des éléments détectés >>>>
supprime ce qu'il a trouvé vide également les éléments de la quarantaine
S'il t'es demandé de redémarrer >>> clique sur "Yes"
--> Un rapport de scan s'ouvre, enregistre sur ton Bureau et poste ce rapport en réponse.
quand tu demande une analyse, demande en mode sans échec.
Pourquoi en mode sans échec:
*Car déjà l'analyse cherche plus de fichiers en mode sans échec que en mode normal.
*Et aussi en mode normal les virus ( trojans, cheval de troie, vers, spywares , malwares et autres ... sont actif) donc ne se supprimes pas donc ils faut le faire en mode sans échec .1) Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.
bonjour
il en reste
Scanne le PC avec un BitDefender en ligne (uniquement sous Internet Explorer) :
https://www.bitdefender.com/toolbox/
Utilisation :
* Clique sur "J'accepte" puis accepter également l'ActiveX bloqué par la barre anti-popup du SP2 qui clignotera en haut et l'installer.
* Ensuite, clique sur "Cliquez ici pour scanner".
* Patiente jusqu'à la fin du scan qui peut durer assez longtemps...
Copie/colle le rapport entier sur le forum.
il en reste
Scanne le PC avec un BitDefender en ligne (uniquement sous Internet Explorer) :
https://www.bitdefender.com/toolbox/
Utilisation :
* Clique sur "J'accepte" puis accepter également l'ActiveX bloqué par la barre anti-popup du SP2 qui clignotera en haut et l'installer.
* Ensuite, clique sur "Cliquez ici pour scanner".
* Patiente jusqu'à la fin du scan qui peut durer assez longtemps...
Copie/colle le rapport entier sur le forum.
Bonjour,
voici le scan
BitDefender Log File
Product : BitDefender Total Security 2009
Version : BitDefender UIScanner v.12
Scanning task : Full System Scan
Log date : 11:13:16 01/10/2008
Log path : C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\full_scan\1222852396_3_00.xml
Scan Paths:Path 0000: C:\WINDOWS\system32\SearchFilterHost.exe
Path 0001: C:\WINDOWS\system32\SearchProtocolHost.exe
Path 0002: C:\Program Files\BitDefender\BitDefender 2009\uiscan.exe
Path 0003: C:\Program Files\BitDefender\BitDefender 2009\uiscan.exe
Path 0004: C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Path 0005: C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
Path 0006: C:\WINDOWS\System32\alg.exe
Path 0007: C:\WINDOWS\System32\svchost.exe
Path 0008: C:\WINDOWS\system32\SearchIndexer.exe
Path 0009: C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
Path 0010: C:\WINDOWS\system32\svchost.exe
Path 0011: C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
Path 0012: C:\WINDOWS\system32\HPZipm12.exe
Path 0013: C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
Path 0014: C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
Path 0015: C:\Program Files\McAfee\Common Framework\FrameworkService.exe
Path 0016: C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
Path 0017: c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
Path 0018: C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Path 0019: C:\WINDOWS\system32\svchost.exe
Path 0020: C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
Path 0021: C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
Path 0022: C:\Program Files\Fichiers communs\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
Path 0023: C:\WINDOWS\system32\ctfmon.exe
Path 0024: C:\documents and settings\hp_propriétaire\local settings\application data\bdebb.exe
Path 0025: C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
Path 0026: C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
Path 0027: C:\WINDOWS\Explorer.EXE
Path 0028: C:\WINDOWS\system32\Ati2evxx.exe
Path 0029: C:\WINDOWS\system32\spoolsv.exe
Path 0030: C:\WINDOWS\system32\svchost.exe
Path 0031: C:\WINDOWS\system32\svchost.exe
Path 0032: C:\WINDOWS\system32\svchost.exe
Path 0033: C:\WINDOWS\System32\svchost.exe
Path 0034: C:\WINDOWS\system32\svchost.exe
Path 0035: C:\WINDOWS\system32\svchost.exe
Path 0036: C:\WINDOWS\system32\Ati2evxx.exe
Path 0037: C:\WINDOWS\system32\lsass.exe
Path 0038: C:\WINDOWS\system32\services.exe
Path 0039: C:\WINDOWS\system32\winlogon.exe
Path 0040: C:\WINDOWS\system32\csrss.exe
Path 0041: \SystemRoot\System32\smss.exe
Path 0042: C:\
Path 0043: D:\
Scan Options:Scan for viruses : Yes
Scan for adware : Yes
Scan for spyware : Yes
Scan for applications : Yes
Scan for dialers : Yes
Scan for rootkits : Yes
Target Selection Options:Scan registry keys : Yes
Scan cookies : Yes
Scan boot sectors : Yes
Scan memory processes : Yes
Scan archives : No
Scan runtime packers : Yes
Scan emails : No
Scan all files : Yes
Heuristic Scan : Yes
Scanned extensions :
Excluded extensions :
Target Processing:Default action for infected objects : Disinfect
Default action for suspicious objects : None
Default action for hidden objects : None
Default action for encrypted infected objects : None
Default action for encrypted suspicious objects : None
Default action for password-protected objects : None
Scan engines summaryNumber of virus signatures : 1824693
Archive plugins : 43
Email plugins : 6
Scan plugins : 12
System plugins : 5
Unpack plugins : 7
Overall scan summaryScanned items : 603
Infected items : 0
Suspicious items : 0
Resolved items : 0
Unresolved items : 0
Password-protected items : 0
Individual viruses found : 0
Scanned directories : 0
Scanned boot sectors : 6
Scanned archives : 4
Input-output errors : 1
Scan time : 00:02:42
Files per second : 0
Scanned processes summaryScanned : 42
Infected : 0
Scanned registry keys summaryScanned : 415
Infected : 0
Scanned cookies summaryScanned : 415
Infected : 0
voici le scan
BitDefender Log File
Product : BitDefender Total Security 2009
Version : BitDefender UIScanner v.12
Scanning task : Full System Scan
Log date : 11:13:16 01/10/2008
Log path : C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\full_scan\1222852396_3_00.xml
Scan Paths:Path 0000: C:\WINDOWS\system32\SearchFilterHost.exe
Path 0001: C:\WINDOWS\system32\SearchProtocolHost.exe
Path 0002: C:\Program Files\BitDefender\BitDefender 2009\uiscan.exe
Path 0003: C:\Program Files\BitDefender\BitDefender 2009\uiscan.exe
Path 0004: C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Path 0005: C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
Path 0006: C:\WINDOWS\System32\alg.exe
Path 0007: C:\WINDOWS\System32\svchost.exe
Path 0008: C:\WINDOWS\system32\SearchIndexer.exe
Path 0009: C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
Path 0010: C:\WINDOWS\system32\svchost.exe
Path 0011: C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
Path 0012: C:\WINDOWS\system32\HPZipm12.exe
Path 0013: C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
Path 0014: C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
Path 0015: C:\Program Files\McAfee\Common Framework\FrameworkService.exe
Path 0016: C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
Path 0017: c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
Path 0018: C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Path 0019: C:\WINDOWS\system32\svchost.exe
Path 0020: C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
Path 0021: C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
Path 0022: C:\Program Files\Fichiers communs\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
Path 0023: C:\WINDOWS\system32\ctfmon.exe
Path 0024: C:\documents and settings\hp_propriétaire\local settings\application data\bdebb.exe
Path 0025: C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
Path 0026: C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
Path 0027: C:\WINDOWS\Explorer.EXE
Path 0028: C:\WINDOWS\system32\Ati2evxx.exe
Path 0029: C:\WINDOWS\system32\spoolsv.exe
Path 0030: C:\WINDOWS\system32\svchost.exe
Path 0031: C:\WINDOWS\system32\svchost.exe
Path 0032: C:\WINDOWS\system32\svchost.exe
Path 0033: C:\WINDOWS\System32\svchost.exe
Path 0034: C:\WINDOWS\system32\svchost.exe
Path 0035: C:\WINDOWS\system32\svchost.exe
Path 0036: C:\WINDOWS\system32\Ati2evxx.exe
Path 0037: C:\WINDOWS\system32\lsass.exe
Path 0038: C:\WINDOWS\system32\services.exe
Path 0039: C:\WINDOWS\system32\winlogon.exe
Path 0040: C:\WINDOWS\system32\csrss.exe
Path 0041: \SystemRoot\System32\smss.exe
Path 0042: C:\
Path 0043: D:\
Scan Options:Scan for viruses : Yes
Scan for adware : Yes
Scan for spyware : Yes
Scan for applications : Yes
Scan for dialers : Yes
Scan for rootkits : Yes
Target Selection Options:Scan registry keys : Yes
Scan cookies : Yes
Scan boot sectors : Yes
Scan memory processes : Yes
Scan archives : No
Scan runtime packers : Yes
Scan emails : No
Scan all files : Yes
Heuristic Scan : Yes
Scanned extensions :
Excluded extensions :
Target Processing:Default action for infected objects : Disinfect
Default action for suspicious objects : None
Default action for hidden objects : None
Default action for encrypted infected objects : None
Default action for encrypted suspicious objects : None
Default action for password-protected objects : None
Scan engines summaryNumber of virus signatures : 1824693
Archive plugins : 43
Email plugins : 6
Scan plugins : 12
System plugins : 5
Unpack plugins : 7
Overall scan summaryScanned items : 603
Infected items : 0
Suspicious items : 0
Resolved items : 0
Unresolved items : 0
Password-protected items : 0
Individual viruses found : 0
Scanned directories : 0
Scanned boot sectors : 6
Scanned archives : 4
Input-output errors : 1
Scan time : 00:02:42
Files per second : 0
Scanned processes summaryScanned : 42
Infected : 0
Scanned registry keys summaryScanned : 415
Infected : 0
Scanned cookies summaryScanned : 415
Infected : 0
Bonjour, ci-joint un nouveau avec BitDefender celui de mercredi et suit un scan HijackThisremplace
Merci
BitDefender Log File
Product : BitDefender Total Security 2009
Version : BitDefender UIScanner v.12
Scanning task : Deep System Scan
Log date : 10:19:03 02/10/2008
Log path : C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1222935543_1_02.xml
Scan Paths:Path 0000: C:\Program Files\BitDefender\BitDefender 2009\uiscan.exe
Path 0001: C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\av32bit_7995\bdc.exe
Path 0002: C:\Program Files\Mozilla Firefox\firefox.exe
Path 0003: C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
Path 0004: C:\WINDOWS\System32\svchost.exe
Path 0005: C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
Path 0006: C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
Path 0007: C:\WINDOWS\system32\ctfmon.exe
Path 0008: C:\WINDOWS\Explorer.EXE
Path 0009: C:\WINDOWS\system32\Ati2evxx.exe
Path 0010: C:\WINDOWS\system32\SearchIndexer.exe
Path 0011: C:\WINDOWS\system32\svchost.exe
Path 0012: C:\WINDOWS\system32\HPZipm12.exe
Path 0013: C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
Path 0014: C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
Path 0015: C:\Program Files\McAfee\Common Framework\FrameworkService.exe
Path 0016: c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
Path 0017: C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Path 0018: C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
Path 0019: C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
Path 0020: C:\Program Files\Fichiers communs\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
Path 0021: C:\WINDOWS\system32\spoolsv.exe
Path 0022: C:\WINDOWS\system32\svchost.exe
Path 0023: C:\WINDOWS\System32\svchost.exe
Path 0024: C:\WINDOWS\system32\svchost.exe
Path 0025: C:\WINDOWS\system32\Ati2evxx.exe
Path 0026: C:\WINDOWS\system32\lsass.exe
Path 0027: C:\WINDOWS\system32\services.exe
Path 0028: C:\WINDOWS\system32\winlogon.exe
Path 0029: \SystemRoot\System32\smss.exe
Path 0030: C:\
Path 0031: D:\
Scan Options:Scan for viruses : Yes
Scan for adware : Yes
Scan for spyware : Yes
Scan for applications : Yes
Scan for dialers : Yes
Scan for rootkits : Yes
Target Selection Options:Scan registry keys : Yes
Scan cookies : Yes
Scan boot sectors : Yes
Scan memory processes : Yes
Scan archives : Yes
Scan runtime packers : Yes
Scan emails : No
Scan all files : Yes
Heuristic Scan : Yes
Scanned extensions :
Excluded extensions :
Target Processing:Default action for infected objects : Disinfect
Default action for suspicious objects : None
Default action for hidden objects : None
Default action for encrypted infected objects : None
Default action for encrypted suspicious objects : None
Default action for password-protected objects : None
Scan engines summaryNumber of virus signatures : 1828159
Archive plugins : 43
Email plugins : 6
Scan plugins : 12
System plugins : 5
Unpack plugins : 7
Overall scan summaryScanned items : 566194
Infected items : 42
Suspicious items : 1
Resolved items : 37
Unresolved items : 14
Password-protected items : 8
Individual viruses found : 6
Scanned directories : 16821
Scanned boot sectors : 6
Scanned archives : 14274
Input-output errors : 34
Scan time : 03:59:37
Files per second : 39
Scanned processes summaryScanned : 38
Infected : 0
Scanned registry keys summaryScanned : 413
Infected : 0
Scanned cookies summaryScanned : 413
Infected : 0
Remaining issues:Object Name Threat Name Final Status
C:\Documents and Settings\HP_Propriétaire\Mes documents\Mes fichiers reçus Mail\vista-swee12 (uncensored).zip=]setup.exe=](NSIS o)=]lzma_nsis0011=](NSIS o)=]lzma_solid_nsis0005 Adware.BHO.WQE Infected (no action was possible, file was in an archive)
C:\Documents and Settings\HP_Propriétaire\Mes documents\Mes fichiers reçus Mail\vista-swee12 (uncensored).zip=]setup.exe=](NSIS o)=]lzma_nsis0011=](NSIS o)=]lzma_solid_nsis0006 Adware.Fotomoto.Gen Infected (no action was possible, file was in an archive)
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP599\A0126170.exe Adware.NaviPromo.Gen.2 Disinfect Failed
C:\Documents and Settings\HP_Propriétaire\Mes documents\Mes fichiers reçus Mail\vista-swee12 (uncensored).zip=]setup.exe=](NSIS o)=]lzma_nsis0010=](NSIS o)=]lzma_solid_nsis0004 Adware.Rotator.Gen Infected (no action was possible, file was in an archive)
C:\Program Files\Services en ligne\Sunrise\freesurf.exe BehavesLike:Trojan.StartPage Suspect
C:\Documents and Settings\HP_Propriétaire\Mes documents\Mes fichiers reçus Mail\Preview-T-217699-Adult XXX Heather Hunter - films pornos lesbian fucking asshole rape preteen porn child fisting feti.mpg.zip=]archstored:Setup.exe Trojan.P2P.Fontra.A Delete Failed (file was in an archive)
Resolved issues:Object Name Threat Name Final Status
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP599\A0126169.dll Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP113.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP134.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP157.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP17.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP1A0.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP1D3.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP1F.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP26.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP37.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP45.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP46.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP49.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP4E.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP56.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP5D.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP6.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP64.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP65.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP66.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP68.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP6E.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP7A.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP8.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP8B.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP8C.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP8D.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP9.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP92.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP96.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP99.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMPA.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMPA3.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMPAA.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMPB2.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMPCD.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMPE2.exe Trojan.Generic.744009 Deleted
Objects that were not scanned:Object Name Reason Final Status
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig\FRA_\Data1.cab=]WebSearchENU.pdf Password-protected No action was possible
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig\FRA_\Data1.cab=]RdrMsgSplash.pdf Password-protected No action was possible
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig\FRA__\Data1.cab=]WebSearchENU.pdf Password-protected No action was possible
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig\FRA__\Data1.cab=]RdrMsgSplash.pdf Password-protected No action was possible
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig709\FRA\Data1.cab=]WebSearchENU.pdf Password-protected No action was possible
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig709\FRA\Data1.cab=]RdrMsgFRA.pdf Password-protected No action was possible
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig709\FRA\Data1.cab=]RdrMsgENU.pdf Password-protected No action was possible
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig709\FRA\Data1.cab=]RdrMsgSplash.pdf Password-protected No action was possible
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28:03, on 02/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.bluewin.ch/de/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {404be757-764d-415d-ac91-debcd4f937b1} - C:\WINDOWS\system32\ramuzovi.dll (file missing)
O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [batuporove] Rundll32.exe "C:\WINDOWS\system32\yupujufo.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [batuporove] Rundll32.exe "C:\WINDOWS\system32\yupujufo.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Ajouter le contenu des liens sélectionnés à un fichier PDF existant - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
O8 - Extra context menu item: Ajouter le contenu du lien à un fichier PDF existant - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Créer des fichiers PDF à partir des liens sélectionnés - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
O8 - Extra context menu item: Créer fichier PDF - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Créer un fichier PDF depuis le contenu du lien - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.serviceshub.microsoft.com/supportforbusiness/create
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: mzptqm.dll,C:\WINDOWS\system32\gurabimi.dll
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Fichiers communs\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
Merci
BitDefender Log File
Product : BitDefender Total Security 2009
Version : BitDefender UIScanner v.12
Scanning task : Deep System Scan
Log date : 10:19:03 02/10/2008
Log path : C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1222935543_1_02.xml
Scan Paths:Path 0000: C:\Program Files\BitDefender\BitDefender 2009\uiscan.exe
Path 0001: C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\av32bit_7995\bdc.exe
Path 0002: C:\Program Files\Mozilla Firefox\firefox.exe
Path 0003: C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
Path 0004: C:\WINDOWS\System32\svchost.exe
Path 0005: C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
Path 0006: C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
Path 0007: C:\WINDOWS\system32\ctfmon.exe
Path 0008: C:\WINDOWS\Explorer.EXE
Path 0009: C:\WINDOWS\system32\Ati2evxx.exe
Path 0010: C:\WINDOWS\system32\SearchIndexer.exe
Path 0011: C:\WINDOWS\system32\svchost.exe
Path 0012: C:\WINDOWS\system32\HPZipm12.exe
Path 0013: C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
Path 0014: C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
Path 0015: C:\Program Files\McAfee\Common Framework\FrameworkService.exe
Path 0016: c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
Path 0017: C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Path 0018: C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
Path 0019: C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
Path 0020: C:\Program Files\Fichiers communs\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
Path 0021: C:\WINDOWS\system32\spoolsv.exe
Path 0022: C:\WINDOWS\system32\svchost.exe
Path 0023: C:\WINDOWS\System32\svchost.exe
Path 0024: C:\WINDOWS\system32\svchost.exe
Path 0025: C:\WINDOWS\system32\Ati2evxx.exe
Path 0026: C:\WINDOWS\system32\lsass.exe
Path 0027: C:\WINDOWS\system32\services.exe
Path 0028: C:\WINDOWS\system32\winlogon.exe
Path 0029: \SystemRoot\System32\smss.exe
Path 0030: C:\
Path 0031: D:\
Scan Options:Scan for viruses : Yes
Scan for adware : Yes
Scan for spyware : Yes
Scan for applications : Yes
Scan for dialers : Yes
Scan for rootkits : Yes
Target Selection Options:Scan registry keys : Yes
Scan cookies : Yes
Scan boot sectors : Yes
Scan memory processes : Yes
Scan archives : Yes
Scan runtime packers : Yes
Scan emails : No
Scan all files : Yes
Heuristic Scan : Yes
Scanned extensions :
Excluded extensions :
Target Processing:Default action for infected objects : Disinfect
Default action for suspicious objects : None
Default action for hidden objects : None
Default action for encrypted infected objects : None
Default action for encrypted suspicious objects : None
Default action for password-protected objects : None
Scan engines summaryNumber of virus signatures : 1828159
Archive plugins : 43
Email plugins : 6
Scan plugins : 12
System plugins : 5
Unpack plugins : 7
Overall scan summaryScanned items : 566194
Infected items : 42
Suspicious items : 1
Resolved items : 37
Unresolved items : 14
Password-protected items : 8
Individual viruses found : 6
Scanned directories : 16821
Scanned boot sectors : 6
Scanned archives : 14274
Input-output errors : 34
Scan time : 03:59:37
Files per second : 39
Scanned processes summaryScanned : 38
Infected : 0
Scanned registry keys summaryScanned : 413
Infected : 0
Scanned cookies summaryScanned : 413
Infected : 0
Remaining issues:Object Name Threat Name Final Status
C:\Documents and Settings\HP_Propriétaire\Mes documents\Mes fichiers reçus Mail\vista-swee12 (uncensored).zip=]setup.exe=](NSIS o)=]lzma_nsis0011=](NSIS o)=]lzma_solid_nsis0005 Adware.BHO.WQE Infected (no action was possible, file was in an archive)
C:\Documents and Settings\HP_Propriétaire\Mes documents\Mes fichiers reçus Mail\vista-swee12 (uncensored).zip=]setup.exe=](NSIS o)=]lzma_nsis0011=](NSIS o)=]lzma_solid_nsis0006 Adware.Fotomoto.Gen Infected (no action was possible, file was in an archive)
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP599\A0126170.exe Adware.NaviPromo.Gen.2 Disinfect Failed
C:\Documents and Settings\HP_Propriétaire\Mes documents\Mes fichiers reçus Mail\vista-swee12 (uncensored).zip=]setup.exe=](NSIS o)=]lzma_nsis0010=](NSIS o)=]lzma_solid_nsis0004 Adware.Rotator.Gen Infected (no action was possible, file was in an archive)
C:\Program Files\Services en ligne\Sunrise\freesurf.exe BehavesLike:Trojan.StartPage Suspect
C:\Documents and Settings\HP_Propriétaire\Mes documents\Mes fichiers reçus Mail\Preview-T-217699-Adult XXX Heather Hunter - films pornos lesbian fucking asshole rape preteen porn child fisting feti.mpg.zip=]archstored:Setup.exe Trojan.P2P.Fontra.A Delete Failed (file was in an archive)
Resolved issues:Object Name Threat Name Final Status
C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP599\A0126169.dll Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP113.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP134.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP157.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP17.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP1A0.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP1D3.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP1F.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP26.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP37.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP45.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP46.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP49.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP4E.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP56.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP5D.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP6.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP64.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP65.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP66.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP68.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP6E.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP7A.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP8.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP8B.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP8C.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP8D.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP9.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP92.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP96.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMP99.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMPA.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMPA3.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMPAA.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMPB2.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMPCD.exe Trojan.Generic.744009 Deleted
C:\WINDOWS\TEMP\TMPE2.exe Trojan.Generic.744009 Deleted
Objects that were not scanned:Object Name Reason Final Status
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig\FRA_\Data1.cab=]WebSearchENU.pdf Password-protected No action was possible
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig\FRA_\Data1.cab=]RdrMsgSplash.pdf Password-protected No action was possible
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig\FRA__\Data1.cab=]WebSearchENU.pdf Password-protected No action was possible
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig\FRA__\Data1.cab=]RdrMsgSplash.pdf Password-protected No action was possible
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig709\FRA\Data1.cab=]WebSearchENU.pdf Password-protected No action was possible
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig709\FRA\Data1.cab=]RdrMsgFRA.pdf Password-protected No action was possible
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig709\FRA\Data1.cab=]RdrMsgENU.pdf Password-protected No action was possible
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig709\FRA\Data1.cab=]RdrMsgSplash.pdf Password-protected No action was possible
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28:03, on 02/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.bluewin.ch/de/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {404be757-764d-415d-ac91-debcd4f937b1} - C:\WINDOWS\system32\ramuzovi.dll (file missing)
O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [batuporove] Rundll32.exe "C:\WINDOWS\system32\yupujufo.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [batuporove] Rundll32.exe "C:\WINDOWS\system32\yupujufo.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Ajouter le contenu des liens sélectionnés à un fichier PDF existant - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
O8 - Extra context menu item: Ajouter le contenu du lien à un fichier PDF existant - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Créer des fichiers PDF à partir des liens sélectionnés - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
O8 - Extra context menu item: Créer fichier PDF - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Créer un fichier PDF depuis le contenu du lien - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.serviceshub.microsoft.com/supportforbusiness/create
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: mzptqm.dll,C:\WINDOWS\system32\gurabimi.dll
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Fichiers communs\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
Merci pour votre collaboration
Mon E-mail est (rene2845@gmail.com) c'est pet-être plus facile
Ci-joint le scan
Au redémarrage il y a toujours la même fenêtre qui s'ouvre
(erreur de chargement C: Window\system32<yopujofo.dll )
et j'ai plus de fenêtres publicitaires
Mon E-mail est (rene2845@gmail.com)
A+
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1134
Windows 5.1.2600 Service Pack 3
01/10/2008 07:39:10
mbam-log-2008-10-01 (07-39-10).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 230778
Temps écoulé: 1 hour(s), 6 minute(s), 34 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\batuporove (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)