Sujet Précédent Sujet Suivant

Erreur charg C:\WINDOWS\system32.jalezada.dll

Résolu/Fermé
cachousizo - 19 mars 2009 à 00:35
crapoulou Messages postés 28158 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 16 avril 2024 - 30 mars 2009 à 09:28
Bonjour,
Depuis 4, 5 jours, j'ai ce message au démarrage du PC: erreur de chargement de C:\WINDOWS\system32.jalezada.dll et le module spécifié est introuvable. De plus j'ai des fenêtres publicitaires qui s'ouvrent toutes les 30 secondes!! j'ai l'impression qu'un cheval de troie est en train de proliférer dans mon PC mais j'en suis pas sur (j'en ai déjà supprimé quelques uns). que dois je faire? merci de votre aide
g AVG comme antivirus

48 réponses

Précédent
Réponse 21 / 48
cachousizo
23 mars 2009 à 22:59
voici pour C:\WINDOWS\system32\igrlrq.dll

Fichier igrlrq.dll reçu le 2009.03.23 22:56:58 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 14/39 (35.9%)

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.03.23 Trojan.Win32.Vundo!IK
AhnLab-V3 5.0.0.2 2009.03.23 -
AntiVir 7.9.0.120 2009.03.23 TR/Crypt.XPACK.Gen
Authentium 5.1.2.4 2009.03.23 -
Avast 4.8.1335.0 2009.03.23 Win32:Trojan-gen {Other}
AVG 8.5.0.283 2009.03.23 -
BitDefender 7.2 2009.03.23 Gen:Trojan.Heur.Vundo.7018E7D7D7
CAT-QuickHeal 10.00 2009.03.23 -
ClamAV 0.94.1 2009.03.23 -
Comodo 1082 2009.03.23 -
DrWeb 4.44.0.09170 2009.03.23 -
eSafe 7.0.17.0 2009.03.23 Suspicious File
eTrust-Vet 31.6.6413 2009.03.23 -
F-Prot 4.4.4.56 2009.03.23 -
F-Secure 8.0.14470.0 2009.03.23 -
Fortinet 3.117.0.0 2009.03.23 -
GData 19 2009.03.23 Gen:Trojan.Heur.Vundo.7018E7D7D7
Ikarus T3.1.1.48.0 2009.03.23 Trojan.Win32.Vundo
K7AntiVirus 7.10.679 2009.03.23 -
Kaspersky 7.0.0.125 2009.03.23 -
McAfee 5562 2009.03.23 -
McAfee+Artemis 5562 2009.03.23 -
McAfee-GW-Edition 6.7.6 2009.03.23 Trojan.Crypt.XPACK.Gen
Microsoft 1.4502 2009.03.23 -
NOD32 3955 2009.03.23 -
Norman 6.00.06 2009.03.23 -
nProtect 2009.1.8.0 2009.03.23 -
Panda 10.0.0.10 2009.03.23 Suspicious file
PCTools 4.4.2.0 2009.03.23 -
Prevx1 V2 2009.03.23 High Risk Fraudulent Security Program
Rising 21.22.02.00 2009.03.23 Trojan.Win32.VUNDO.csy
Sophos 4.39.0 2009.03.23 Troj/Virtum-Gen
Sunbelt 3.2.1858.2 2009.03.23 VIPRE.Suspicious
Symantec 1.4.4.12 2009.03.23 -
TheHacker 6.3.3.4.288 2009.03.23 -
TrendMicro 8.700.0.1004 2009.03.23 TROJ_VUNDO.HGO
VBA32 3.12.10.1 2009.03.23 -
ViRobot 2009.3.23.1660 2009.03.23 -
VirusBuster 4.6.5.0 2009.03.23 -
Information additionnelle
File size: 122880 bytes
MD5...: 4a88972dcc35d52f77d441df15b1eef7
SHA1..: 2c5ba1d2293987f69d6066f5692f13eabea6b9c7
SHA256: 3794f863a1dc97d12ca13c5087e5f57f052c52084f6b8af4a4e7a4ec712ad5a1
SHA512: 38f6b2fddca09b7b9b9ac78b819ac1feccf9977badcd0eae57c02aa3434dc0cd
309ff595882ceb0af4f5533e9a95619993e46ebb357e78361b763b5404fe666f
ssdeep: 3072:wdBtaCz/W28yO0QdlpAoGNxecxbpSWg+RC3/:KtaCLW28yOZANxe2gx+0/
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (38.5%)
Win32 Dynamic Link Library (generic) (34.2%)
Clipper DOS Executable (9.1%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x16d0
timedatestamp.....: 0x4074fda4 (Thu Apr 08 07:22:12 2004)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text_ 0x1000 0x3000 0x2600 6.53 998f103c8ca95033c998f0ce3d9f4915
0x4000 0x1000 0x600 0.25 1241164c6402ea41c76a0b35e3f9de5f
0x5000 0x7000 0x6800 7.99 ccbe8752a9c5f9f7581b131a9e9dc43a
0xc000 0x7000 0x6800 7.99 e3a9769483ea630798332e0c05fe7584
0x13000 0x7000 0x6800 7.99 fde9a685702b0f62ddeeba8f20288680
0x1a000 0x21000 0x6c00 7.99 c63cb76510923064fabd8268418f664d

( 6 imports )
> COMCTL32.dll: InitCommonControlsEx
> KERNEL32.dll: ExitProcess, GetModuleHandleW, GetSystemInfo
> USER32.dll: DispatchMessageW, TranslateMessage, LoadIconA, GetSystemMetrics
> GDI32.dll: Arc, SelectClipPath
> comdlg32.dll: PrintDlgExA
> ADVAPI32.dll: RegQueryValueExW

( 0 exports )
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=59EA0A0C0084C1C6E0A601BC980751001E0C6E12' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=59EA0A0C0084C1C6E0A601BC980751001E0C6E12<
0
Réponse 22 / 48
cachousizo
23 mars 2009 à 23:05
par contre j'ai un probleme avec C:\WINDOWS\system32\htxisg.dll Mon antivirus s'est ouvert au moment ou j'ai lancé l'analyse et m'a dit qu'il avait détecté un virus : cheval de troie Generic13.HXL
Du coup lorsque j'ai lancé l'analyse ils m'ont afficher ça: 0 bytes size received / Se ha recibido un archivo vacio
0
Réponse 23 / 48
crapoulou Messages postés 28158 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 16 avril 2024 7 990
23 mars 2009 à 23:06
Ce n'est pas grave.
Continue.
Je te prépare une belle procédure :D
0
Réponse 24 / 48
cachousizo
23 mars 2009 à 23:18
voici pour C:\WINDOWS\system32\DRIVERS\AVHybrid.sys
je n'ai pas trouvé C:\WINDOWS\system32\drivers\agfnttpz.sys mais je vais continuer a chercher


Fichier AVHybrid.sys reçu le 2009.03.23 23:14:02 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 1/39 (2.57%)

a-squared 4.0.0.101 2009.03.23 -
AhnLab-V3 5.0.0.2 2009.03.23 -
AntiVir 7.9.0.120 2009.03.23 -
Authentium 5.1.2.4 2009.03.23 -
Avast 4.8.1335.0 2009.03.23 -
AVG 8.5.0.283 2009.03.23 -
BitDefender 7.2 2009.03.23 -
CAT-QuickHeal 10.00 2009.03.23 -
ClamAV 0.94.1 2009.03.23 -
Comodo 1082 2009.03.23 -
DrWeb 4.44.0.09170 2009.03.23 -
eSafe 7.0.17.0 2009.03.23 -
eTrust-Vet 31.6.6413 2009.03.23 -
F-Prot 4.4.4.56 2009.03.23 -
F-Secure 8.0.14470.0 2009.03.23 -
Fortinet 3.117.0.0 2009.03.23 -
GData 19 2009.03.23 -
Ikarus T3.1.1.48.0 2009.03.23 -
K7AntiVirus 7.10.679 2009.03.23 -
Kaspersky 7.0.0.125 2009.03.23 -
McAfee 5562 2009.03.23 -
McAfee+Artemis 5562 2009.03.23 -
McAfee-GW-Edition 6.7.6 2009.03.23 -
Microsoft 1.4502 2009.03.23 -
NOD32 3955 2009.03.23 -
Norman 6.00.06 2009.03.23 -
nProtect 2009.1.8.0 2009.03.23 -
Panda 10.0.0.10 2009.03.23 -
PCTools 4.4.2.0 2009.03.23 -
Prevx1 V2 2009.03.23 -
Rising 21.22.02.00 2009.03.23 -
Sophos 4.39.0 2009.03.23 -
Sunbelt 3.2.1858.2 2009.03.23 -
Symantec 1.4.4.12 2009.03.23 -
TheHacker 6.3.3.4.288 2009.03.23 -
TrendMicro 8.700.0.1004 2009.03.23 -
VBA32 3.12.10.1 2009.03.23 suspected of Win32.BrokenEmbeddedSignature (paranoid heuristics)
ViRobot 2009.3.23.1660 2009.03.23 -
VirusBuster 4.6.5.0 2009.03.23 -
Information additionnelle
File size: 1024576 bytes
MD5...: 7c69c130ad054948b84b1a26ecb2900b
SHA1..: 3be1bac8dacccb170a8e7871a40965ab35fda071
SHA256: 60227300f07a06c250a1872d1ed670dc776959608bcf0d45c987a8b53e42994d
SHA512: 73fbd859a5b71776137cbac2bfac7716963a336d344e4a3617b8f0cee3cafe71
a58075f208e7afe93c12b55c6f2b6effccc994c8d7e11daf08ba664d11b0e05f
ssdeep: 12288:cSx1fImnAznoHomGh/umjC38PPxUdH4PM33YClQ:NzAz5tjq8HxDu3/i
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (58.4%)
Clipper DOS Executable (13.8%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.7%)
VXD Driver (0.2%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xf1c00
timedatestamp.....: 0x42a83304 (Thu Jun 09 12:16:04 2005)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x480 0x67651 0x67680 6.59 6bf611b8c8f02c7f5878fe1e40ef1033
.rdata 0x67b00 0x31b68 0x31b80 3.34 523aca59d22e3d0461060b6b73a2571f
.data 0x99680 0x58514 0x58580 5.69 8e2579839f9a30fb0974552fe25b7290
INIT 0xf1c00 0xa32 0xa80 5.37 6e756bf8e680cfea7601e450c349560e
.rsrc 0xf2680 0x470 0x480 3.33 48693fa2fc4384991ecb6d3209fcbd66
.reloc 0xf2b00 0x6ac4 0x6b00 6.13 02321807a9f2a58a68d7e90f0e2a5b5f

( 4 imports )
> NTOSKRNL.EXE: IoFreeIrp, IoAllocateIrp, RtlFreeAnsiString, RtlAnsiStringToUnicodeString, RtlUnicodeStringToAnsiString, ExFreePool, RtlGUIDFromString, RtlInitUnicodeString, IoGetDeviceInterfaces, ZwClose, ZwSetValueKey, RtlInitAnsiString, IoOpenDeviceInterfaceRegistryKey, RtlFreeUnicodeString, ZwCreateKey, IoDisconnectInterrupt, IofCompleteRequest, RtlStringFromGUID, IoConnectInterrupt, KeInitializeDpc, ExAllocatePoolWithTag, IoAllocateMdl, MmProbeAndLockPages, MmUnlockPages, _stricmp, _vsnprintf, KeInitializeEvent, KeClearEvent, KeWaitForSingleObject, KeSetEvent, PsTerminateSystemThread, KeWaitForMultipleObjects, PsCreateSystemThread, IofCallDriver, KeSynchronizeExecution, MmBuildMdlForNonPagedPool, KeDelayExecutionThread, IoFreeMdl, ZwReadFile, ZwCreateFile, KeCancelTimer, KeSetTimer, KeSetTimerEx, KeInitializeTimer, _purecall, MmMapIoSpace, KeInitializeSpinLock, strchr, strncpy, IoOpenDeviceRegistryKey, ZwQueryValueKey, RtlQueryRegistryValues, MmUnmapIoSpace, RtlUnwind, KeBugCheckEx, KeInsertQueueDpc, InterlockedIncrement, InterlockedDecrement, RtlCompareMemory, IoGetCurrentProcess, KeTickCount
> HAL.DLL: KfReleaseSpinLock, KfAcquireSpinLock, KeStallExecutionProcessor, KeQueryPerformanceCounter, KeGetCurrentIrql
> ks.sys: KsGetPinFromIrp, KsAcquireControl, KsReleaseControl, KsStreamPointerAdvance, KsFilterGetFirstChildPin, KsPinGetLeadingEdgeStreamPointer, KsGetObjectFromFileObject, KsFilterFactoryUpdateCacheData, KsCreateFilterFactory, KsStreamPointerDelete, KsStreamPointerClone, KsPinGetReferenceClockInterface, KsDefaultAddEventHandler, KsFilterGetChildPinCount, KsGenerateEvents, KsGetDevice, KsGetFilterFromIrp, _KsEdit, KsPinGetAndGate, KsPinAttemptProcessing, KsInitializeDriver, KsGetDeviceForDeviceObject, KsPinGetParentFilter
> BdaSup.SYS: BdaCommitChanges, BdaGetChangeState, BdaCheckChanges, BdaStartChanges, BdaInitFilter, BdaCreateFilterFactoryEx, BdaFilterFactoryUpdateCacheData

( 0 exports )
packers (Kaspersky): PE_Patch
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 48
cachousizo
23 mars 2009 à 23:30
j'ai analysé un autre fichier qui m'a fait la meme chose qu'avec C:\WINDOWS\system32\htxisg.dll
c'etait C:\WINDOWS\system32\soyopuvo.dll
par contre cette fois c'était Cheval de troie Vundo.FV
0
Réponse 26 / 48
crapoulou Messages postés 28158 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 16 avril 2024 7 990
23 mars 2009 à 23:37
ok.

Affiche les extensions des fichiers (si ce n’est pas déjà le cas) :
- Mes documents
- Outils
- Options des dossiers
- Onglet « Affichage »
- Décoche Masquer les extensions des fichiers dont le type est connu

**********
Ensuite
**********

Crée un nouveau fichier texte sur ton bureau
Clic droit > Nouveau > Document texte (nom de ton choix : monfichier.txt par exemple).

Copie - Colle ceci à l'intérieur (en commençant bien à la première ligne du fichier texte). 

@ECHO OFF
cd\
sc config agfnttpz start= disabled
sc delete agfnttpz


Ferme le fichier texte.
Ensuite, renomme le en monfichier.bat
Double clique dessus pour le lancer.
Une fenêtre noire va s'ouvrir et se fermer rapidement, c'est normal.

**********
Ensuite
**********

Branche tes lecteurs USB (surtout le E:\)


/!\ Procédure réservée à cachousizo. Ne tentez pas de la reproduire si vous avez un problème similaire sous peine de planter votre machine /!\
Télécharge OTMoveIt3 (de Old_Timer) sur ton Bureau.
= = = = >>> En cliquant ici <<< = = = =
Une fois installé sur le bureau, double-clique sur OTMoveIt.exe pour le lancer.
Assure toi que la case Unregister Dll’s and Ocx’s soit bien cochée
Copie la liste qui se trouve en gras ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt :
Paste Instructions for Items to be moved.

:Processes
explorer.exe

:Files
C:\WINDOWS\system32\jalezada.dll
C:\WINDOWS\system32\wuvotifa.dll
C:\WINDOWS\system32\dyehky.dll
C:\DOCUME~1\natha\LOCALS~1\Temp\KYE\Setup.exe
C:\curr_ver.tmp
C:\WINDOWS\system32\yudukoke.dll
C:\WINDOWS\system32\noyusoda.dll
C:\WINDOWS\system32\rogujizi.dll
C:\WINDOWS\system32\soyopuvo.dll
C:\WINDOWS\system32\vljwty.dll
C:\WINDOWS\system32\ilvorc.dll
C:\WINDOWS\system32\igrlrq.dll
C:\WINDOWS\system32\htxisg.dll
C:\WINDOWS\system32\drivers\ans0flbr.sys
E:\RavMon.exe

:reg[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System]
"C:\WINDOWS\system32\OeApi.vbs"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=""

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d8f3ae8-b26c-11dc-a3bc-0013ce9c7f3b}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6af3e306-8720-11dc-a39f-0013ce9c7f3b}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c442eee-ceff-11dc-a3d9-0013ce9c7f3b}]

:commands
[purity]
[emptytemp]
[reboot]

Clique sur MoveIt! pour lancer la suppression.
Après avoir fait Moveit!, une fenêtre s'affiche :
"The system requires a reboot to finish removing files. Do you want to reboot now ?"
Réponds Yes.
Le résultat apparaîtra dans le cadre "Results".
Clique sur Exit pour fermer.
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
0
Réponse 27 / 48
cachousizo
23 mars 2009 à 23:42
meme chose avec ronigofu.dll et rogujizi.dll, tous deux Vundo.FV
0
Réponse 28 / 48
cachousizo
23 mars 2009 à 23:42
j'ai tout mis en quarantaine
0
Réponse 29 / 48
crapoulou Messages postés 28158 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 16 avril 2024 7 990
23 mars 2009 à 23:45
Ok, vide la quarantaine.
Mon script va supprimer le reste des traces de Vundo.
0
Réponse 30 / 48
cachousizo
23 mars 2009 à 23:46
Safodaru.dll aussi: Vundo.FV Mon PC est encore infecté?
0
Réponse 31 / 48
cachousizo
24 mars 2009 à 00:06
voici le rapport

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\WINDOWS\system32\jalezada.dll not found.
File/Folder C:\WINDOWS\system32\wuvotifa.dll not found.
File/Folder C:\WINDOWS\system32\dyehky.dll not found.
File/Folder C:\DOCUME~1\natha\LOCALS~1\Temp\KYE\Setup.exe not found.
C:\curr_ver.tmp moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\yudukoke.dll
C:\WINDOWS\system32\yudukoke.dll NOT unregistered.
C:\WINDOWS\system32\yudukoke.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\noyusoda.dll
C:\WINDOWS\system32\noyusoda.dll NOT unregistered.
C:\WINDOWS\system32\noyusoda.dll moved successfully.
File/Folder C:\WINDOWS\system32\rogujizi.dll not found.
File/Folder C:\WINDOWS\system32\soyopuvo.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\vljwty.dll
C:\WINDOWS\system32\vljwty.dll NOT unregistered.
C:\WINDOWS\system32\vljwty.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ilvorc.dll
C:\WINDOWS\system32\ilvorc.dll NOT unregistered.
C:\WINDOWS\system32\ilvorc.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\igrlrq.dll
C:\WINDOWS\system32\igrlrq.dll NOT unregistered.
C:\WINDOWS\system32\igrlrq.dll moved successfully.
File/Folder C:\WINDOWS\system32\htxisg.dll not found.
File/Folder C:\WINDOWS\system32\drivers\ans0flbr.sys not found.
File/Folder E:\RavMon.exe not found.
Error: Unable to interpret <:reg[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System]> in the current context!
Error: Unable to interpret <"C:\WINDOWS\system32\OeApi.vbs"=-> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]> in the current context!
Error: Unable to interpret <"AppInit_DLLS"=""> in the current context!
Error: Unable to interpret <[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d8f3ae8-b26c-11dc-a3bc-0013ce9c7f3b}]> in the current context!
Error: Unable to interpret <[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6af3e306-8720-11dc-a39f-0013ce9c7f3b}]> in the current context!
Error: Unable to interpret <[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c442eee-ceff-11dc-a3d9-0013ce9c7f3b}]> in the current context!
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\natha\LOCALS~1\Temp\etilqs_lDQtPemtEoB3p2A5zPWd scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\natha\LOCALS~1\Temp\JET837E.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\natha\LOCALS~1\Temp\~DFE869.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT07710.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT07714.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\natha\Local Settings\Application Data\Mozilla\Firefox\Profiles\vbzovc1b.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\natha\Local Settings\Application Data\Mozilla\Firefox\Profiles\vbzovc1b.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\natha\Local Settings\Application Data\Mozilla\Firefox\Profiles\vbzovc1b.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\natha\Local Settings\Application Data\Mozilla\Firefox\Profiles\vbzovc1b.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\natha\Local Settings\Application Data\Mozilla\Firefox\Profiles\vbzovc1b.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\natha\Local Settings\Application Data\Mozilla\Firefox\Profiles\vbzovc1b.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03232009_235802

Files moved on Reboot...
File C:\DOCUME~1\natha\LOCALS~1\Temp\etilqs_lDQtPemtEoB3p2A5zPWd not found!
File C:\DOCUME~1\natha\LOCALS~1\Temp\JET837E.tmp not found!
C:\DOCUME~1\natha\LOCALS~1\Temp\~DFE869.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\temp\logishrd\LVPrcInj01.dll
C:\WINDOWS\temp\logishrd\LVPrcInj01.dll NOT unregistered.
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File C:\WINDOWS\temp\ZLT07710.TMP not found!
File C:\WINDOWS\temp\ZLT07714.TMP not found!
C:\Documents and Settings\natha\Local Settings\Application Data\Mozilla\Firefox\Profiles\vbzovc1b.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\natha\Local Settings\Application Data\Mozilla\Firefox\Profiles\vbzovc1b.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\natha\Local Settings\Application Data\Mozilla\Firefox\Profiles\vbzovc1b.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\natha\Local Settings\Application Data\Mozilla\Firefox\Profiles\vbzovc1b.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\natha\Local Settings\Application Data\Mozilla\Firefox\Profiles\vbzovc1b.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\natha\Local Settings\Application Data\Mozilla\Firefox\Profiles\vbzovc1b.default\XUL.mfl moved successfully.
0
Réponse 32 / 48
crapoulou Messages postés 28158 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 16 avril 2024 7 990
24 mars 2009 à 00:30
Recommence avec ceci comme script stp : 

:Processes
explorer.exe

:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System]
"C:\WINDOWS\system32\OeApi.vbs"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=""

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d8f3ae8-b26c-11dc-a3bc-0013ce9c7f3b}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6af3e306-8720-11dc-a39f-0013ce9c7f3b}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c442eee-ceff-11dc-a3d9-0013ce9c7f3b}]

:commands
[emptytemp]
[reboot]
0
Réponse 33 / 48
cachousizo
24 mars 2009 à 02:38
resultat du rapport

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System\\C:\WINDOWS\system32\OeApi.vbs not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy\\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d8f3ae8-b26c-11dc-a3bc-0013ce9c7f3b}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6af3e306-8720-11dc-a39f-0013ce9c7f3b}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c442eee-ceff-11dc-a3d9-0013ce9c7f3b}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\natha\LOCALS~1\Temp\etilqs_b61PrULs0TVx4aYMs32I scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\natha\LOCALS~1\Temp\JET373E.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\natha\LOCALS~1\Temp\~DFFB01.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT0066d.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT0067d.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\natha\Local Settings\Application Data\Mozilla\Firefox\Profiles\vbzovc1b.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\natha\Local Settings\Application Data\Mozilla\Firefox\Profiles\vbzovc1b.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\natha\Local Settings\Application Data\Mozilla\Firefox\Profiles\vbzovc1b.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\natha\Local Settings\Application Data\Mozilla\Firefox\Profiles\vbzovc1b.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\natha\Local Settings\Application Data\Mozilla\Firefox\Profiles\vbzovc1b.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\natha\Local Settings\Application Data\Mozilla\Firefox\Profiles\vbzovc1b.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03242009_022906

Files moved on Reboot...
File C:\DOCUME~1\natha\LOCALS~1\Temp\etilqs_b61PrULs0TVx4aYMs32I not found!
File C:\DOCUME~1\natha\LOCALS~1\Temp\JET373E.tmp not found!
C:\DOCUME~1\natha\LOCALS~1\Temp\~DFFB01.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\temp\logishrd\LVPrcInj01.dll
C:\WINDOWS\temp\logishrd\LVPrcInj01.dll NOT unregistered.
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File C:\WINDOWS\temp\ZLT0066d.TMP not found!
File C:\WINDOWS\temp\ZLT0067d.TMP not found!
C:\Documents and Settings\natha\Local Settings\Application Data\Mozilla\Firefox\Profiles\vbzovc1b.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\natha\Local Settings\Application Data\Mozilla\Firefox\Profiles\vbzovc1b.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\natha\Local Settings\Application Data\Mozilla\Firefox\Profiles\vbzovc1b.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\natha\Local Settings\Application Data\Mozilla\Firefox\Profiles\vbzovc1b.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\natha\Local Settings\Application Data\Mozilla\Firefox\Profiles\vbzovc1b.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\natha\Local Settings\Application Data\Mozilla\Firefox\Profiles\vbzovc1b.default\XUL.mfl moved successfully.
0
Réponse 34 / 48
crapoulou Messages postés 28158 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 16 avril 2024 7 990
24 mars 2009 à 10:22
Très bien, envoie moi un nouveau rapport RSIT stp.
0
Réponse 35 / 48
cachousizo
29 mars 2009 à 05:36
Excuse moi pour le retard, j'étais en vacances et n'avais pas accès a mon PC. bref voici le rapport RSIT

Logfile of random's system information tool 1.05 (written by random/random)
Run by natha at 2009-03-29 05:34:08
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 16 GB (17%) free of 95 GB
Total RAM: 1022 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:34:26, on 29/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\natha\Mes documents\nettoyage du PC\RSIT.exe
C:\Documents and Settings\natha\Bureau\natha.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [winsesame_del] C:\Program Files\WinSesame\effaceur.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [guruzuyafa] Rundll32.exe "C:\WINDOWS\system32\jalezada.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 36 / 48
crapoulou Messages postés 28158 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 16 avril 2024 7 990
29 mars 2009 à 13:12
Pour vérification :
PS : Vérifie que ce que tu copie-colle est correctement mis dans la fenêtre ! (pas d'autres signes tels <, ...)

Double-clique sur OTMoveIt.exe pour le lancer.
Assure toi que la case Unregister Dll’s and Ocx’s soit bien cochée
Copie la liste qui se trouve en gras ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt :
Paste Instructions for Items to be moved.

:Processes
explorer.exe

:Files
C:\WINDOWS\system32\jalezada.dll

:reg
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System]
"C:\WINDOWS\system32\OeApi.vbs"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"C:\WINDOWS\system32\wuvotifa.dll"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=""
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d8f3ae8-b26c-11dc-a3bc-0013ce9c7f3b}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6af3e306-8720-11dc-a39f-0013ce9c7f3b}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c442eee-ceff-11dc-a3d9-0013ce9c7f3b}]

:Commands
[purity]
[emptytemp]
[Reboot]

Clique sur MoveIt! pour lancer la suppression.
Après avoir fait Moveit!, une fenêtre s'affiche :
"The system requires a reboot to finish removing files. Do you want to reboot now ?"
Réponds Yes.
Le résultat apparaîtra dans le cadre "Results".
Clique sur Exit pour fermer.
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
0
Réponse 37 / 48
cachousizo
29 mars 2009 à 19:00
voici le rapport

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\WINDOWS\system32\jalezada.dll not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System\\C:\WINDOWS\system32\OeApi.vbs not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\C:\WINDOWS\system32\wuvotifa.dll not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy\\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d8f3ae8-b26c-11dc-a3bc-0013ce9c7f3b}\\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6af3e306-8720-11dc-a39f-0013ce9c7f3b}\\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c442eee-ceff-11dc-a3d9-0013ce9c7f3b}\\ not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\natha\LOCALS~1\Temp\etilqs_gJWzn2YyFvt59hY2xyze scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\natha\LOCALS~1\Temp\JET9541.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\natha\LOCALS~1\Temp\~DFADAE.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT014f9.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT014fc.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\natha\Local Settings\Application Data\Mozilla\Firefox\Profiles\vbzovc1b.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\natha\Local Settings\Application Data\Mozilla\Firefox\Profiles\vbzovc1b.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\natha\Local Settings\Application Data\Mozilla\Firefox\Profiles\vbzovc1b.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\natha\Local Settings\Application Data\Mozilla\Firefox\Profiles\vbzovc1b.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\natha\Local Settings\Application Data\Mozilla\Firefox\Profiles\vbzovc1b.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03292009_185347

Files moved on Reboot...
File C:\DOCUME~1\natha\LOCALS~1\Temp\etilqs_gJWzn2YyFvt59hY2xyze not found!
File C:\DOCUME~1\natha\LOCALS~1\Temp\JET9541.tmp not found!
C:\DOCUME~1\natha\LOCALS~1\Temp\~DFADAE.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\temp\logishrd\LVPrcInj01.dll
C:\WINDOWS\temp\logishrd\LVPrcInj01.dll NOT unregistered.
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File C:\WINDOWS\temp\ZLT014f9.TMP not found!
File C:\WINDOWS\temp\ZLT014fc.TMP not found!
C:\Documents and Settings\natha\Local Settings\Application Data\Mozilla\Firefox\Profiles\vbzovc1b.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\natha\Local Settings\Application Data\Mozilla\Firefox\Profiles\vbzovc1b.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\natha\Local Settings\Application Data\Mozilla\Firefox\Profiles\vbzovc1b.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\natha\Local Settings\Application Data\Mozilla\Firefox\Profiles\vbzovc1b.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\natha\Local Settings\Application Data\Mozilla\Firefox\Profiles\vbzovc1b.default\urlclassifier3.sqlite moved successfully.
0
Réponse 38 / 48
crapoulou Messages postés 28158 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 16 avril 2024 7 990
29 mars 2009 à 19:06
Poste un nouveau rapport Hijackthis stp.
0
Réponse 39 / 48
cachousizo
29 mars 2009 à 19:56
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:55:59, on 29/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\natha\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [winsesame_del] C:\Program Files\WinSesame\effaceur.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [guruzuyafa] Rundll32.exe "C:\WINDOWS\system32\jalezada.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 40 / 48
crapoulou Messages postés 28158 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 16 avril 2024 7 990
29 mars 2009 à 20:31
Relance Hijackthis.
Clic sur "Do a system scan only".
Coche ces lignes :
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [guruzuyafa] Rundll32.exe "C:\WINDOWS\system32\jalezada.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
Clic ensuite sur fix checked.

*****************

Comment va le PC ? Des symptômes ?

0

Discussions similaires

Instagram "Désolé, une erreur s'est produite"
bananamilk -
cedric.masdeb -

60 réponses
Erreur vidéo inconnue sur le Freebox Player
mouhaaV2.0 -
Perejoe59 -

60 réponses
Free erreur 38 : impossible d'envoyer des SMS
warnawak -
marcellou -

58 réponses
Erreur de lecture sur iptv smarters
Bogs -
bazfile -

1 réponse
Problème de décodeur TV Bouygues Telecom
Massi119 -
Turone37 -

188 réponses