[malware] Smitfraud-C.Toolbar888 et autres...
Résolu/Fermé
pitzy
Messages postés
13
Date d'inscription
vendredi 29 juin 2007
Statut
Membre
Dernière intervention
4 mars 2010
-
29 juin 2007 à 21:48
pitzy Messages postés 13 Date d'inscription vendredi 29 juin 2007 Statut Membre Dernière intervention 4 mars 2010 - 2 juil. 2007 à 16:40
pitzy Messages postés 13 Date d'inscription vendredi 29 juin 2007 Statut Membre Dernière intervention 4 mars 2010 - 2 juil. 2007 à 16:40
A voir également:
- [malware] Smitfraud-C.Toolbar888 et autres...
- Malware anti malware - Télécharger - Antivirus & Antimalwares
- Roguekiller anti-malware - Télécharger - Antivirus & Antimalwares
- Supprimer malware - Guide
- Tor.jack malware - Forum Virus
- Adw malware - Télécharger - Antivirus & Antimalwares
20 réponses
Utilisateur anonyme
29 juin 2007 à 22:01
29 juin 2007 à 22:01
Bonjour
Cela ne respire pas la santè !
¤ Fais ce nettoyage: à faire réguliérement
*Télécharge et installe CCleaner (n'installe pas la barre d'outil Yahoo)
---> http://www.infos-du-net.com/telecharger/CCleaner,0301-1039.html
- Dans la colonne de gauche clic sur "erreurs" coches toutes les cases, puis clic en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs" et tu auras un message pour sauvegarder ta base de registre tu clic "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs.
Les sauvegardes que tu aura faites, tu pourras les supprimer si ton ordinateur n'a plus de problémes.
- Relance Ccleaner, vas dans l'onglet "nettoyeur" présent sur la gauche, decoches la derniere case (Avancé si elle est cochée) puis clic sur "lancer le nettoyage"
Si tu as besoin d'aide avec Ccleaner, regarde ce tutoriel :
http://redir.fr/gmll
¤ Fais ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2 (en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp
https://www.bitdefender.com/toolbox/
Cela ne respire pas la santè !
¤ Fais ce nettoyage: à faire réguliérement
*Télécharge et installe CCleaner (n'installe pas la barre d'outil Yahoo)
---> http://www.infos-du-net.com/telecharger/CCleaner,0301-1039.html
- Dans la colonne de gauche clic sur "erreurs" coches toutes les cases, puis clic en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs" et tu auras un message pour sauvegarder ta base de registre tu clic "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs.
Les sauvegardes que tu aura faites, tu pourras les supprimer si ton ordinateur n'a plus de problémes.
- Relance Ccleaner, vas dans l'onglet "nettoyeur" présent sur la gauche, decoches la derniere case (Avancé si elle est cochée) puis clic sur "lancer le nettoyage"
Si tu as besoin d'aide avec Ccleaner, regarde ce tutoriel :
http://redir.fr/gmll
¤ Fais ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2 (en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp
https://www.bitdefender.com/toolbox/
pitzy
Messages postés
13
Date d'inscription
vendredi 29 juin 2007
Statut
Membre
Dernière intervention
4 mars 2010
30 juin 2007 à 12:03
30 juin 2007 à 12:03
Voila le scan comme demander :
BitDefender Online Scanner
Scan report generated at: Sat, Jun 30, 2007 - 11:59:55
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time
01:30:04
Files
243318
Folders
8313
Boot Sectors
2
Archives
1815
Packed Files
9920
Results
Identified Viruses
9
Infected Files
62
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
61
Engines Info
Virus Definitions
636020
Engine build
AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)
Scan plugins
14
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\backup\RECYCLER\S-1-5-21-1004336348-602609370-725345543-1003\Dc569.exe
Infected with: DeepScan:Generic.Zlob.7.41F1B32B
C:\backup\RECYCLER\S-1-5-21-1004336348-602609370-725345543-1003\Dc569.exe
Disinfection failed
C:\backup\RECYCLER\S-1-5-21-1004336348-602609370-725345543-1003\Dc569.exe
Deleted
C:\backup\RECYCLER\S-1-5-21-1004336348-602609370-725345543-1003\Dc615.exe
Infected with: DeepScan:Generic.Zlob.7.41F1B32B
C:\backup\RECYCLER\S-1-5-21-1004336348-602609370-725345543-1003\Dc615.exe
Disinfection failed
C:\backup\RECYCLER\S-1-5-21-1004336348-602609370-725345543-1003\Dc615.exe
Deleted
C:\backup\System Volume Information\_restore{C320C7E8-3F1E-498E-8B2E-96B728E9C7A7}\RP184\A0069843.DLL
Detected with: Adware.Mywebsearch.G
C:\backup\System Volume Information\_restore{C320C7E8-3F1E-498E-8B2E-96B728E9C7A7}\RP184\A0069843.DLL
Disinfection failed
C:\backup\System Volume Information\_restore{C320C7E8-3F1E-498E-8B2E-96B728E9C7A7}\RP184\A0069843.DLL
Deleted
C:\Documents and Settings\All Users\Application Data\Fast four inter multi\mealhope.exe
Infected with: Trojan.FatObfus.Gen
C:\Documents and Settings\All Users\Application Data\Fast four inter multi\mealhope.exe
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Fast four inter multi\mealhope.exe
Deleted
C:\Documents and Settings\All Users.WINDOWS\Application Data\FilmHoleKeepCoal\Else New.exe
Infected with: Trojan.FatObfus.Gen
C:\Documents and Settings\All Users.WINDOWS\Application Data\FilmHoleKeepCoal\Else New.exe
Disinfection failed
C:\Documents and Settings\All Users.WINDOWS\Application Data\FilmHoleKeepCoal\Else New.exe
Deleted
C:\Documents and Settings\All Users.WINDOWS\Application Data\FilmHoleKeepCoal\gpl mail.exe
Infected with: Trojan.FatObfus.Gen
C:\Documents and Settings\All Users.WINDOWS\Application Data\FilmHoleKeepCoal\gpl mail.exe
Disinfection failed
C:\Documents and Settings\All Users.WINDOWS\Application Data\FilmHoleKeepCoal\gpl mail.exe
Delete failed
C:\Documents and Settings\Pitzy\Application Data\Blue comp media\Bin ball tons tick.exe
Infected with: Trojan.FatObfus.Gen
C:\Documents and Settings\Pitzy\Application Data\Blue comp media\Bin ball tons tick.exe
Disinfection failed
C:\Documents and Settings\Pitzy\Application Data\Blue comp media\Bin ball tons tick.exe
Deleted
C:\Documents and Settings\Pitzy\Application Data\Blue comp media\bleh part default.exe
Infected with: Trojan.FatObfus.Gen
C:\Documents and Settings\Pitzy\Application Data\Blue comp media\bleh part default.exe
Disinfection failed
C:\Documents and Settings\Pitzy\Application Data\Blue comp media\bleh part default.exe
Deleted
C:\Documents and Settings\Pitzy.ACERAL1715\Application Data\Blue comp media\Bib Okay.exe
Infected with: Trojan.FatObfus.Gen
C:\Documents and Settings\Pitzy.ACERAL1715\Application Data\Blue comp media\Bib Okay.exe
Disinfection failed
C:\Documents and Settings\Pitzy.ACERAL1715\Application Data\Blue comp media\Bib Okay.exe
Deleted
C:\Documents and Settings\Pitzy.ACERAL1715\Application Data\Blue comp media\Bin ball tons tick.exe
Infected with: Trojan.FatObfus.Gen
C:\Documents and Settings\Pitzy.ACERAL1715\Application Data\Blue comp media\Bin ball tons tick.exe
Disinfection failed
C:\Documents and Settings\Pitzy.ACERAL1715\Application Data\Blue comp media\Bin ball tons tick.exe
Deleted
C:\Documents and Settings\Pitzy.ACERAL1715\Application Data\Blue comp media\bipjwhgq.exe
Infected with: Trojan.FatObfus.Gen
C:\Documents and Settings\Pitzy.ACERAL1715\Application Data\Blue comp media\bipjwhgq.exe
Disinfection failed
C:\Documents and Settings\Pitzy.ACERAL1715\Application Data\Blue comp media\bipjwhgq.exe
Deleted
C:\Documents and Settings\Pitzy.ACERAL1715\Application Data\Blue comp media\bleh part default.exe
Infected with: Trojan.FatObfus.Gen
C:\Documents and Settings\Pitzy.ACERAL1715\Application Data\Blue comp media\bleh part default.exe
Disinfection failed
C:\Documents and Settings\Pitzy.ACERAL1715\Application Data\Blue comp media\bleh part default.exe
Deleted
C:\Documents and Settings\Pitzy.ACERAL1715\Application Data\Blue comp media\gxzqruuv.exe
Infected with: Trojan.FatObfus.Gen
C:\Documents and Settings\Pitzy.ACERAL1715\Application Data\Blue comp media\gxzqruuv.exe
Disinfection failed
C:\Documents and Settings\Pitzy.ACERAL1715\Application Data\Blue comp media\gxzqruuv.exe
Deleted
C:\Documents and Settings\Pitzy.ACERAL1715\Application Data\Blue comp media\lwygynvb.exe
Infected with: Trojan.FatObfus.Gen
C:\Documents and Settings\Pitzy.ACERAL1715\Application Data\Blue comp media\lwygynvb.exe
Disinfection failed
C:\Documents and Settings\Pitzy.ACERAL1715\Application Data\Blue comp media\lwygynvb.exe
Deleted
C:\Program Files\Outerinfo\OiUninstaller.exe=>(NSIS o)=>zlib_nsis0001
Infected with: Trojan.Purityad.O
C:\Program Files\Outerinfo\OiUninstaller.exe=>(NSIS o)=>zlib_nsis0001
Disinfection failed
C:\Program Files\Outerinfo\OiUninstaller.exe=>(NSIS o)=>zlib_nsis0001
Deleted
C:\Program Files\Outerinfo\OiUninstaller.exe=>(NSIS o)
Update failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142683.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142683.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142683.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142684.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142684.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142684.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142685.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142685.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142685.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142686.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142686.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142686.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142687.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142687.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142687.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142688.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142688.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142688.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142689.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142689.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142689.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142690.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142690.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142690.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142691.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142691.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142691.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142692.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142692.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142692.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142693.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142693.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142693.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142694.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142694.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142694.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142695.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142695.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142695.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142696.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142696.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142696.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142697.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142697.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142697.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142698.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142698.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142698.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142699.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142699.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142699.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142700.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142700.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142700.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142701.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142701.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142701.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142702.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142702.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142702.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142703.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142703.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142703.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142704.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142704.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142704.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142705.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142705.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142705.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142706.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142706.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142706.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142707.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142707.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142707.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142708.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142708.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142708.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142709.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142709.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142709.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142713.exe
Infected with: Trojan.FatObfus.Gen
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142713.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142713.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142714.exe
Infected with: Trojan.Popwin.BK
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142714.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142714.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142715.exe=>(NSIS o)=>lzma_solid_nsis0002
Infected with: Rootkit.Agent.EV
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142715.exe=>(NSIS o)=>lzma_solid_nsis0002
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142715.exe=>(NSIS o)=>lzma_solid_nsis0002
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142715.exe=>(NSIS o)
Update failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142717.exe=>(NSIS o)=>lzma_solid_nsis0006
Infected with: Trojan.Dloader.AFR
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142717.exe=>(NSIS o)=>lzma_solid_nsis0006
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142717.exe=>(NSIS o)=>lzma_solid_nsis0006
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142717.exe=>(NSIS o)
Update failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142718.exe=>(NSIS o)=>lzma_solid_nsis0002
Infected with: Trojan.Popwin.BK
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142718.exe=>(NSIS o)=>lzma_solid_nsis0002
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142718.exe=>(NSIS o)=>lzma_solid_nsis0002
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142718.exe=>(NSIS o)
Update failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142721.exe
Infected with: Trojan.Popwin.BK
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142721.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142721.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143041.exe
Infected with: DeepScan:Generic.Zlob.7.41F1B32B
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143041.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143041.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143042.exe
Infected with: DeepScan:Generic.Zlob.7.41F1B32B
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143042.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143042.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143043.DLL
Detected with: Adware.Mywebsearch.G
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143043.DLL
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143043.DLL
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143044.exe
Infected with: Trojan.FatObfus.Gen
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143044.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143044.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143045.exe
Infected with: Trojan.FatObfus.Gen
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143045.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143045.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143046.exe
Infected with: Trojan.FatObfus.Gen
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143046.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143046.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143047.exe
Infected with: Trojan.FatObfus.Gen
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143047.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143047.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143048.exe
Infected with: Trojan.FatObfus.Gen
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143048.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143048.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143049.exe
Infected with: Trojan.FatObfus.Gen
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143049.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143049.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143050.exe
Infected with: Trojan.FatObfus.Gen
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143050.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143050.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143051.exe
Infected with: Trojan.FatObfus.Gen
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143051.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143051.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143052.exe
Infected with: Trojan.FatObfus.Gen
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143052.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143052.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143053.exe
Infected with: Trojan.FatObfus.Gen
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143053.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143053.exe
Deleted
C:\WINDOWS\system32\xpytjmgm.exe
Infected with: Trojan.Clicker.Agent.NP
C:\WINDOWS\system32\xpytjmgm.exe
Disinfection failed
C:\WINDOWS\system32\xpytjmgm.exe
Deleted
BitDefender Online Scanner
Scan report generated at: Sat, Jun 30, 2007 - 11:59:55
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time
01:30:04
Files
243318
Folders
8313
Boot Sectors
2
Archives
1815
Packed Files
9920
Results
Identified Viruses
9
Infected Files
62
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
61
Engines Info
Virus Definitions
636020
Engine build
AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)
Scan plugins
14
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\backup\RECYCLER\S-1-5-21-1004336348-602609370-725345543-1003\Dc569.exe
Infected with: DeepScan:Generic.Zlob.7.41F1B32B
C:\backup\RECYCLER\S-1-5-21-1004336348-602609370-725345543-1003\Dc569.exe
Disinfection failed
C:\backup\RECYCLER\S-1-5-21-1004336348-602609370-725345543-1003\Dc569.exe
Deleted
C:\backup\RECYCLER\S-1-5-21-1004336348-602609370-725345543-1003\Dc615.exe
Infected with: DeepScan:Generic.Zlob.7.41F1B32B
C:\backup\RECYCLER\S-1-5-21-1004336348-602609370-725345543-1003\Dc615.exe
Disinfection failed
C:\backup\RECYCLER\S-1-5-21-1004336348-602609370-725345543-1003\Dc615.exe
Deleted
C:\backup\System Volume Information\_restore{C320C7E8-3F1E-498E-8B2E-96B728E9C7A7}\RP184\A0069843.DLL
Detected with: Adware.Mywebsearch.G
C:\backup\System Volume Information\_restore{C320C7E8-3F1E-498E-8B2E-96B728E9C7A7}\RP184\A0069843.DLL
Disinfection failed
C:\backup\System Volume Information\_restore{C320C7E8-3F1E-498E-8B2E-96B728E9C7A7}\RP184\A0069843.DLL
Deleted
C:\Documents and Settings\All Users\Application Data\Fast four inter multi\mealhope.exe
Infected with: Trojan.FatObfus.Gen
C:\Documents and Settings\All Users\Application Data\Fast four inter multi\mealhope.exe
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Fast four inter multi\mealhope.exe
Deleted
C:\Documents and Settings\All Users.WINDOWS\Application Data\FilmHoleKeepCoal\Else New.exe
Infected with: Trojan.FatObfus.Gen
C:\Documents and Settings\All Users.WINDOWS\Application Data\FilmHoleKeepCoal\Else New.exe
Disinfection failed
C:\Documents and Settings\All Users.WINDOWS\Application Data\FilmHoleKeepCoal\Else New.exe
Deleted
C:\Documents and Settings\All Users.WINDOWS\Application Data\FilmHoleKeepCoal\gpl mail.exe
Infected with: Trojan.FatObfus.Gen
C:\Documents and Settings\All Users.WINDOWS\Application Data\FilmHoleKeepCoal\gpl mail.exe
Disinfection failed
C:\Documents and Settings\All Users.WINDOWS\Application Data\FilmHoleKeepCoal\gpl mail.exe
Delete failed
C:\Documents and Settings\Pitzy\Application Data\Blue comp media\Bin ball tons tick.exe
Infected with: Trojan.FatObfus.Gen
C:\Documents and Settings\Pitzy\Application Data\Blue comp media\Bin ball tons tick.exe
Disinfection failed
C:\Documents and Settings\Pitzy\Application Data\Blue comp media\Bin ball tons tick.exe
Deleted
C:\Documents and Settings\Pitzy\Application Data\Blue comp media\bleh part default.exe
Infected with: Trojan.FatObfus.Gen
C:\Documents and Settings\Pitzy\Application Data\Blue comp media\bleh part default.exe
Disinfection failed
C:\Documents and Settings\Pitzy\Application Data\Blue comp media\bleh part default.exe
Deleted
C:\Documents and Settings\Pitzy.ACERAL1715\Application Data\Blue comp media\Bib Okay.exe
Infected with: Trojan.FatObfus.Gen
C:\Documents and Settings\Pitzy.ACERAL1715\Application Data\Blue comp media\Bib Okay.exe
Disinfection failed
C:\Documents and Settings\Pitzy.ACERAL1715\Application Data\Blue comp media\Bib Okay.exe
Deleted
C:\Documents and Settings\Pitzy.ACERAL1715\Application Data\Blue comp media\Bin ball tons tick.exe
Infected with: Trojan.FatObfus.Gen
C:\Documents and Settings\Pitzy.ACERAL1715\Application Data\Blue comp media\Bin ball tons tick.exe
Disinfection failed
C:\Documents and Settings\Pitzy.ACERAL1715\Application Data\Blue comp media\Bin ball tons tick.exe
Deleted
C:\Documents and Settings\Pitzy.ACERAL1715\Application Data\Blue comp media\bipjwhgq.exe
Infected with: Trojan.FatObfus.Gen
C:\Documents and Settings\Pitzy.ACERAL1715\Application Data\Blue comp media\bipjwhgq.exe
Disinfection failed
C:\Documents and Settings\Pitzy.ACERAL1715\Application Data\Blue comp media\bipjwhgq.exe
Deleted
C:\Documents and Settings\Pitzy.ACERAL1715\Application Data\Blue comp media\bleh part default.exe
Infected with: Trojan.FatObfus.Gen
C:\Documents and Settings\Pitzy.ACERAL1715\Application Data\Blue comp media\bleh part default.exe
Disinfection failed
C:\Documents and Settings\Pitzy.ACERAL1715\Application Data\Blue comp media\bleh part default.exe
Deleted
C:\Documents and Settings\Pitzy.ACERAL1715\Application Data\Blue comp media\gxzqruuv.exe
Infected with: Trojan.FatObfus.Gen
C:\Documents and Settings\Pitzy.ACERAL1715\Application Data\Blue comp media\gxzqruuv.exe
Disinfection failed
C:\Documents and Settings\Pitzy.ACERAL1715\Application Data\Blue comp media\gxzqruuv.exe
Deleted
C:\Documents and Settings\Pitzy.ACERAL1715\Application Data\Blue comp media\lwygynvb.exe
Infected with: Trojan.FatObfus.Gen
C:\Documents and Settings\Pitzy.ACERAL1715\Application Data\Blue comp media\lwygynvb.exe
Disinfection failed
C:\Documents and Settings\Pitzy.ACERAL1715\Application Data\Blue comp media\lwygynvb.exe
Deleted
C:\Program Files\Outerinfo\OiUninstaller.exe=>(NSIS o)=>zlib_nsis0001
Infected with: Trojan.Purityad.O
C:\Program Files\Outerinfo\OiUninstaller.exe=>(NSIS o)=>zlib_nsis0001
Disinfection failed
C:\Program Files\Outerinfo\OiUninstaller.exe=>(NSIS o)=>zlib_nsis0001
Deleted
C:\Program Files\Outerinfo\OiUninstaller.exe=>(NSIS o)
Update failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142683.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142683.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142683.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142684.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142684.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142684.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142685.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142685.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142685.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142686.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142686.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142686.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142687.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142687.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142687.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142688.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142688.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142688.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142689.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142689.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142689.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142690.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142690.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142690.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142691.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142691.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142691.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142692.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142692.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142692.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142693.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142693.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142693.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142694.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142694.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142694.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142695.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142695.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142695.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142696.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142696.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142696.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142697.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142697.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142697.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142698.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142698.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142698.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142699.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142699.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142699.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142700.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142700.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142700.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142701.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142701.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142701.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142702.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142702.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142702.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142703.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142703.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142703.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142704.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142704.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142704.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142705.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142705.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142705.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142706.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142706.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142706.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142707.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142707.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142707.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142708.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142708.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142708.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142709.exe
Infected with: Trojan.Fotomoto.A
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142709.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142709.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142713.exe
Infected with: Trojan.FatObfus.Gen
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142713.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142713.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142714.exe
Infected with: Trojan.Popwin.BK
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142714.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142714.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142715.exe=>(NSIS o)=>lzma_solid_nsis0002
Infected with: Rootkit.Agent.EV
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142715.exe=>(NSIS o)=>lzma_solid_nsis0002
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142715.exe=>(NSIS o)=>lzma_solid_nsis0002
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142715.exe=>(NSIS o)
Update failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142717.exe=>(NSIS o)=>lzma_solid_nsis0006
Infected with: Trojan.Dloader.AFR
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142717.exe=>(NSIS o)=>lzma_solid_nsis0006
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142717.exe=>(NSIS o)=>lzma_solid_nsis0006
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142717.exe=>(NSIS o)
Update failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142718.exe=>(NSIS o)=>lzma_solid_nsis0002
Infected with: Trojan.Popwin.BK
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142718.exe=>(NSIS o)=>lzma_solid_nsis0002
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142718.exe=>(NSIS o)=>lzma_solid_nsis0002
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142718.exe=>(NSIS o)
Update failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142721.exe
Infected with: Trojan.Popwin.BK
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142721.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0142721.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143041.exe
Infected with: DeepScan:Generic.Zlob.7.41F1B32B
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143041.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143041.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143042.exe
Infected with: DeepScan:Generic.Zlob.7.41F1B32B
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143042.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143042.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143043.DLL
Detected with: Adware.Mywebsearch.G
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143043.DLL
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143043.DLL
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143044.exe
Infected with: Trojan.FatObfus.Gen
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143044.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143044.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143045.exe
Infected with: Trojan.FatObfus.Gen
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143045.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143045.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143046.exe
Infected with: Trojan.FatObfus.Gen
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143046.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143046.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143047.exe
Infected with: Trojan.FatObfus.Gen
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143047.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143047.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143048.exe
Infected with: Trojan.FatObfus.Gen
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143048.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143048.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143049.exe
Infected with: Trojan.FatObfus.Gen
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143049.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143049.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143050.exe
Infected with: Trojan.FatObfus.Gen
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143050.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143050.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143051.exe
Infected with: Trojan.FatObfus.Gen
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143051.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143051.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143052.exe
Infected with: Trojan.FatObfus.Gen
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143052.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143052.exe
Deleted
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143053.exe
Infected with: Trojan.FatObfus.Gen
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143053.exe
Disinfection failed
C:\System Volume Information\_restore{C48A1312-F039-4DF1-A058-6C6AE4BDB870}\RP110\A0143053.exe
Deleted
C:\WINDOWS\system32\xpytjmgm.exe
Infected with: Trojan.Clicker.Agent.NP
C:\WINDOWS\system32\xpytjmgm.exe
Disinfection failed
C:\WINDOWS\system32\xpytjmgm.exe
Deleted
Utilisateur anonyme
30 juin 2007 à 16:28
30 juin 2007 à 16:28
Fais ceci maintenant :
¤ Télécharge HijackThis :
---> http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis_v2.exe
Installe le dans son propre dossier :
- clic droit sur le bureau, tu choisis "nouveau dossier" puis installe-le à l'intérieur.
Fais un clic droit sur Hijackthis, choisis "renommer" puis marque ceci : abcde.exe
Double-clic sur HijackThis. Clic sur "I Accept" puis clic sur "do a system scan and save logfile"
Puis copie et colle ici le rapport qu'il va te générer.
Démo pour HijackThis si besoin :
http://pageperso.aol.fr/balltrap34/demohijack.htm
ET
Télécharge lopxp :
http://www.alt-shift-return.org/Info/Fichiers/lopxpMH2.zip
dézippe-le sur ton bureau puis double-clic sur le fichier "lopxpMH.bat"
quand il a terminé, un rapport s'ouvre : fais un copier-coller du rapport puis mets le ici
¤ Télécharge HijackThis :
---> http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis_v2.exe
Installe le dans son propre dossier :
- clic droit sur le bureau, tu choisis "nouveau dossier" puis installe-le à l'intérieur.
Fais un clic droit sur Hijackthis, choisis "renommer" puis marque ceci : abcde.exe
Double-clic sur HijackThis. Clic sur "I Accept" puis clic sur "do a system scan and save logfile"
Puis copie et colle ici le rapport qu'il va te générer.
Démo pour HijackThis si besoin :
http://pageperso.aol.fr/balltrap34/demohijack.htm
ET
Télécharge lopxp :
http://www.alt-shift-return.org/Info/Fichiers/lopxpMH2.zip
dézippe-le sur ton bureau puis double-clic sur le fichier "lopxpMH.bat"
quand il a terminé, un rapport s'ouvre : fais un copier-coller du rapport puis mets le ici
pitzy
Messages postés
13
Date d'inscription
vendredi 29 juin 2007
Statut
Membre
Dernière intervention
4 mars 2010
30 juin 2007 à 22:27
30 juin 2007 à 22:27
Ok, j'ai les rapports, les voici:
----HijackThis----
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22:21:55, on 30/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Documents and Settings\Pitzy.ACERAL1715\Bureau\Nouveau dossier\abcde.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\lwkhhrbj.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {85F9753E-84F9-2B9B-34B0-F06FA33739A8} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O2 - BHO: (no name) - {B6B82645-BA1C-4876-8152-CB49F5AEB8AB} - C:\WINDOWS\system32\ddabx.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [keep coal dash bait] C:\Documents and Settings\All Users.WINDOWS\Application Data\FilmHoleKeepCoal\gpl mail.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\mjusieug.dll",forkonce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [TwoBrowse] C:\DOCUME~1\PITZY~1.ACE\APPLIC~1\BLUECO~1\Bib Okay.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1614895754-1580436667-682003330-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Anne')
O4 - HKUS\S-1-5-21-1614895754-1580436667-682003330-1005\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c (User 'Anne')
O4 - HKUS\S-1-5-21-1614895754-1580436667-682003330-1005\..\Run: [Rsui] "C:\DOCUME~1\Anne\MESDOC~1\RACLE~1\winword.exe" -vt yazb (User 'Anne')
O4 - HKUS\S-1-5-21-1614895754-1580436667-682003330-1005\..\Run: [Bryzvd] "C:\Documents and Settings\Anne\Application Data\M?crosoft\t?skmgr.exe" (User 'Anne')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.ijji.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{13AB14EB-0403-4C52-B40B-5822FA9FD234}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFCC92BE-B0FE-4425-A3CD-6C5C41296436}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{13AB14EB-0403-4C52-B40B-5822FA9FD234}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.92 85.255.112.13
O17 - HKLM\System\CS2\Services\Tcpip\..\{13AB14EB-0403-4C52-B40B-5822FA9FD234}: NameServer = 85.255.113.92,85.255.112.13
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.170 85.255.112.213
O17 - HKLM\System\CS3\Services\Tcpip\..\{13AB14EB-0403-4C52-B40B-5822FA9FD234}: NameServer = 85.255.116.170,85.255.112.213
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS4\Services\Tcpip\..\{13AB14EB-0403-4C52-B40B-5822FA9FD234}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: ddabx - C:\WINDOWS\system32\ddabx.dll
O20 - Winlogon Notify: wvuusrs - wvuusrs.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\jmqmjyvk.exe (file missing)
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
----HijackThis----
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22:21:55, on 30/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Documents and Settings\Pitzy.ACERAL1715\Bureau\Nouveau dossier\abcde.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\lwkhhrbj.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {85F9753E-84F9-2B9B-34B0-F06FA33739A8} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O2 - BHO: (no name) - {B6B82645-BA1C-4876-8152-CB49F5AEB8AB} - C:\WINDOWS\system32\ddabx.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [keep coal dash bait] C:\Documents and Settings\All Users.WINDOWS\Application Data\FilmHoleKeepCoal\gpl mail.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\mjusieug.dll",forkonce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [TwoBrowse] C:\DOCUME~1\PITZY~1.ACE\APPLIC~1\BLUECO~1\Bib Okay.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1614895754-1580436667-682003330-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Anne')
O4 - HKUS\S-1-5-21-1614895754-1580436667-682003330-1005\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c (User 'Anne')
O4 - HKUS\S-1-5-21-1614895754-1580436667-682003330-1005\..\Run: [Rsui] "C:\DOCUME~1\Anne\MESDOC~1\RACLE~1\winword.exe" -vt yazb (User 'Anne')
O4 - HKUS\S-1-5-21-1614895754-1580436667-682003330-1005\..\Run: [Bryzvd] "C:\Documents and Settings\Anne\Application Data\M?crosoft\t?skmgr.exe" (User 'Anne')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.ijji.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{13AB14EB-0403-4C52-B40B-5822FA9FD234}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFCC92BE-B0FE-4425-A3CD-6C5C41296436}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{13AB14EB-0403-4C52-B40B-5822FA9FD234}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.92 85.255.112.13
O17 - HKLM\System\CS2\Services\Tcpip\..\{13AB14EB-0403-4C52-B40B-5822FA9FD234}: NameServer = 85.255.113.92,85.255.112.13
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.170 85.255.112.213
O17 - HKLM\System\CS3\Services\Tcpip\..\{13AB14EB-0403-4C52-B40B-5822FA9FD234}: NameServer = 85.255.116.170,85.255.112.213
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS4\Services\Tcpip\..\{13AB14EB-0403-4C52-B40B-5822FA9FD234}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: ddabx - C:\WINDOWS\system32\ddabx.dll
O20 - Winlogon Notify: wvuusrs - wvuusrs.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\jmqmjyvk.exe (file missing)
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
30 juin 2007 à 22:31
30 juin 2007 à 22:31
C'est pas triste !
¤ Télécharge FixWareout sur le bureau
---> https://www.bleepingcomputer.com/download/linux/
Double clic dessus.
Clic sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clic sur Finish.
Le fix va commencer, suis les messages à l'écran.
Il te sera demandé de redémarrer ton ordinateur, fais-le.
Ton système mettra un peu plus de temps au démarrage, c'est normal.
Copie et colle ici le contenu du fichier report.txt qui s'affichera à l'écran aussi présent dans C:\fixwareout\report.txt
Ensuite :
- Clic sur démarrer, exécuter, tape : cmd
Une fenêtre va s'ouvrir, tape exactement ceci, puis valide par la touche entrée de ton clavier:
ipconfig /flushdns
ET
Télécharge VundoFix
---> http://www.atribune.org/ccount/click.php?id=4
Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..
double clic dessus choisis "start for vundo"
attends quelques minutes, quand le scan est terminé clic sur "remove vundo"
un message te demandera si tu veux supprimes les fichiers sur "yes"
Quand il a terminé, clic sur "yes" ton ordinateur devrait redemarrer si non, fais le par toi même
Une fois qu'il a redémarré colle le rapport C:\vundofix.txt
¤ Télécharge FixWareout sur le bureau
---> https://www.bleepingcomputer.com/download/linux/
Double clic dessus.
Clic sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clic sur Finish.
Le fix va commencer, suis les messages à l'écran.
Il te sera demandé de redémarrer ton ordinateur, fais-le.
Ton système mettra un peu plus de temps au démarrage, c'est normal.
Copie et colle ici le contenu du fichier report.txt qui s'affichera à l'écran aussi présent dans C:\fixwareout\report.txt
Ensuite :
- Clic sur démarrer, exécuter, tape : cmd
Une fenêtre va s'ouvrir, tape exactement ceci, puis valide par la touche entrée de ton clavier:
ipconfig /flushdns
ET
Télécharge VundoFix
---> http://www.atribune.org/ccount/click.php?id=4
Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..
double clic dessus choisis "start for vundo"
attends quelques minutes, quand le scan est terminé clic sur "remove vundo"
un message te demandera si tu veux supprimes les fichiers sur "yes"
Quand il a terminé, clic sur "yes" ton ordinateur devrait redemarrer si non, fais le par toi même
Une fois qu'il a redémarré colle le rapport C:\vundofix.txt
pitzy
Messages postés
13
Date d'inscription
vendredi 29 juin 2007
Statut
Membre
Dernière intervention
4 mars 2010
1 juil. 2007 à 11:29
1 juil. 2007 à 11:29
Voici le 1er :
Fixwareout Last edited 6/27/2007
Post this report in the forums please
...
»»»»»Prerun check
Cache de résolution DNS vidé.
System was rebooted successfully.
»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"="lsass.exe"
....
....
»»»»» Misc files.
C:\Program Files\VideoAccess Deleted
....
»»»»» Checking for older varients.
....
C:\Program Files\DirectVideo < Found
Additional tools are recomended.
»»»»» Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"keep coal dash bait"="C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\FilmHoleKeepCoal\\gpl mail.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"icq.com"="rundll32.exe \"C:\\WINDOWS\\system32\\mjusieug.dll\",forkonce"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"IncrediMail"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe /c"
"TwoBrowse"="C:\\DOCUME~1\\PITZY~1.ACE\\APPLIC~1\\BLUECO~1\\Bib Okay.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»
Fixwareout Last edited 6/27/2007
Post this report in the forums please
...
»»»»»Prerun check
Cache de résolution DNS vidé.
System was rebooted successfully.
»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"="lsass.exe"
....
....
»»»»» Misc files.
C:\Program Files\VideoAccess Deleted
....
»»»»» Checking for older varients.
....
C:\Program Files\DirectVideo < Found
Additional tools are recomended.
»»»»» Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"keep coal dash bait"="C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\FilmHoleKeepCoal\\gpl mail.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"icq.com"="rundll32.exe \"C:\\WINDOWS\\system32\\mjusieug.dll\",forkonce"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"IncrediMail"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe /c"
"TwoBrowse"="C:\\DOCUME~1\\PITZY~1.ACE\\APPLIC~1\\BLUECO~1\\Bib Okay.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»
pitzy
Messages postés
13
Date d'inscription
vendredi 29 juin 2007
Statut
Membre
Dernière intervention
4 mars 2010
1 juil. 2007 à 11:52
1 juil. 2007 à 11:52
VundoFix V6.5.4
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.11
Scan started at 11:37:05 1/07/2007
Listing files found while scanning....
C:\windows\system32\apjaypkd.ini
C:\windows\system32\argcanjm.ini
C:\WINDOWS\system32\ddabx.dll
C:\windows\system32\dkpyajpa.dll
C:\windows\system32\evsfflxo.ini
C:\windows\system32\frkqssku.ini
C:\windows\system32\gueisujm.ini
C:\windows\system32\kfipgqmo.ini
C:\WINDOWS\system32\lwkhhrbj.dll
C:\windows\system32\mjnacgra.dll
C:\WINDOWS\system32\mjusieug.dll
C:\windows\system32\nkkoamou.ini
C:\windows\system32\omqgpifk.dll
C:\windows\system32\oxlffsve.dll
C:\windows\system32\ukssqkrf.dll
C:\windows\system32\uomaokkn.dll
C:\windows\system32\xbadd.bak1
C:\windows\system32\xbadd.bak2
C:\windows\system32\xbadd.ini
C:\WINDOWS\system32\xbadd.ini2
C:\WINDOWS\system32\xbadd.tmp
C:\WINDOWS\system32\xgpfyvce.dll
Beginning removal...
Attempting to delete C:\windows\system32\apjaypkd.ini
C:\windows\system32\apjaypkd.ini Has been deleted!
Attempting to delete C:\windows\system32\argcanjm.ini
C:\windows\system32\argcanjm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddabx.dll
C:\WINDOWS\system32\ddabx.dll Could not be deleted.
Attempting to delete C:\windows\system32\dkpyajpa.dll
C:\windows\system32\dkpyajpa.dll Has been deleted!
Attempting to delete C:\windows\system32\evsfflxo.ini
C:\windows\system32\evsfflxo.ini Has been deleted!
Attempting to delete C:\windows\system32\frkqssku.ini
C:\windows\system32\frkqssku.ini Has been deleted!
Attempting to delete C:\windows\system32\gueisujm.ini
C:\windows\system32\gueisujm.ini Has been deleted!
Attempting to delete C:\windows\system32\kfipgqmo.ini
C:\windows\system32\kfipgqmo.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\lwkhhrbj.dll
C:\WINDOWS\system32\lwkhhrbj.dll Has been deleted!
Attempting to delete C:\windows\system32\mjnacgra.dll
C:\windows\system32\mjnacgra.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mjusieug.dll
C:\WINDOWS\system32\mjusieug.dll Has been deleted!
Attempting to delete C:\windows\system32\nkkoamou.ini
C:\windows\system32\nkkoamou.ini Has been deleted!
Attempting to delete C:\windows\system32\omqgpifk.dll
C:\windows\system32\omqgpifk.dll Has been deleted!
Attempting to delete C:\windows\system32\oxlffsve.dll
C:\windows\system32\oxlffsve.dll Has been deleted!
Attempting to delete C:\windows\system32\ukssqkrf.dll
C:\windows\system32\ukssqkrf.dll Has been deleted!
Attempting to delete C:\windows\system32\uomaokkn.dll
C:\windows\system32\uomaokkn.dll Has been deleted!
Attempting to delete C:\windows\system32\xbadd.bak1
C:\windows\system32\xbadd.bak1 Has been deleted!
Attempting to delete C:\windows\system32\xbadd.bak2
C:\windows\system32\xbadd.bak2 Has been deleted!
Attempting to delete C:\windows\system32\xbadd.ini
C:\windows\system32\xbadd.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\xbadd.ini2
C:\WINDOWS\system32\xbadd.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\xbadd.tmp
C:\WINDOWS\system32\xbadd.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\xgpfyvce.dll
C:\WINDOWS\system32\xgpfyvce.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ddabx.dll
C:\WINDOWS\system32\ddabx.dll Has been deleted!
Attempting to delete C:\windows\system32\xbadd.ini
C:\windows\system32\xbadd.ini Has been deleted!
Performing Repairs to the registry.
Done!
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.11
Scan started at 11:37:05 1/07/2007
Listing files found while scanning....
C:\windows\system32\apjaypkd.ini
C:\windows\system32\argcanjm.ini
C:\WINDOWS\system32\ddabx.dll
C:\windows\system32\dkpyajpa.dll
C:\windows\system32\evsfflxo.ini
C:\windows\system32\frkqssku.ini
C:\windows\system32\gueisujm.ini
C:\windows\system32\kfipgqmo.ini
C:\WINDOWS\system32\lwkhhrbj.dll
C:\windows\system32\mjnacgra.dll
C:\WINDOWS\system32\mjusieug.dll
C:\windows\system32\nkkoamou.ini
C:\windows\system32\omqgpifk.dll
C:\windows\system32\oxlffsve.dll
C:\windows\system32\ukssqkrf.dll
C:\windows\system32\uomaokkn.dll
C:\windows\system32\xbadd.bak1
C:\windows\system32\xbadd.bak2
C:\windows\system32\xbadd.ini
C:\WINDOWS\system32\xbadd.ini2
C:\WINDOWS\system32\xbadd.tmp
C:\WINDOWS\system32\xgpfyvce.dll
Beginning removal...
Attempting to delete C:\windows\system32\apjaypkd.ini
C:\windows\system32\apjaypkd.ini Has been deleted!
Attempting to delete C:\windows\system32\argcanjm.ini
C:\windows\system32\argcanjm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddabx.dll
C:\WINDOWS\system32\ddabx.dll Could not be deleted.
Attempting to delete C:\windows\system32\dkpyajpa.dll
C:\windows\system32\dkpyajpa.dll Has been deleted!
Attempting to delete C:\windows\system32\evsfflxo.ini
C:\windows\system32\evsfflxo.ini Has been deleted!
Attempting to delete C:\windows\system32\frkqssku.ini
C:\windows\system32\frkqssku.ini Has been deleted!
Attempting to delete C:\windows\system32\gueisujm.ini
C:\windows\system32\gueisujm.ini Has been deleted!
Attempting to delete C:\windows\system32\kfipgqmo.ini
C:\windows\system32\kfipgqmo.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\lwkhhrbj.dll
C:\WINDOWS\system32\lwkhhrbj.dll Has been deleted!
Attempting to delete C:\windows\system32\mjnacgra.dll
C:\windows\system32\mjnacgra.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mjusieug.dll
C:\WINDOWS\system32\mjusieug.dll Has been deleted!
Attempting to delete C:\windows\system32\nkkoamou.ini
C:\windows\system32\nkkoamou.ini Has been deleted!
Attempting to delete C:\windows\system32\omqgpifk.dll
C:\windows\system32\omqgpifk.dll Has been deleted!
Attempting to delete C:\windows\system32\oxlffsve.dll
C:\windows\system32\oxlffsve.dll Has been deleted!
Attempting to delete C:\windows\system32\ukssqkrf.dll
C:\windows\system32\ukssqkrf.dll Has been deleted!
Attempting to delete C:\windows\system32\uomaokkn.dll
C:\windows\system32\uomaokkn.dll Has been deleted!
Attempting to delete C:\windows\system32\xbadd.bak1
C:\windows\system32\xbadd.bak1 Has been deleted!
Attempting to delete C:\windows\system32\xbadd.bak2
C:\windows\system32\xbadd.bak2 Has been deleted!
Attempting to delete C:\windows\system32\xbadd.ini
C:\windows\system32\xbadd.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\xbadd.ini2
C:\WINDOWS\system32\xbadd.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\xbadd.tmp
C:\WINDOWS\system32\xbadd.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\xgpfyvce.dll
C:\WINDOWS\system32\xgpfyvce.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ddabx.dll
C:\WINDOWS\system32\ddabx.dll Has been deleted!
Attempting to delete C:\windows\system32\xbadd.ini
C:\windows\system32\xbadd.ini Has been deleted!
Performing Repairs to the registry.
Done!
Utilisateur anonyme
1 juil. 2007 à 20:00
1 juil. 2007 à 20:00
Vide le contenu de ce dossier ici en gras
C:\WINDOWS\Tasks
¤ Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec (redemarrage + tapotte sans arret sur F8 des que l'ordi s'allume)
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum.
C:\WINDOWS\Tasks
¤ Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec (redemarrage + tapotte sans arret sur F8 des que l'ordi s'allume)
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum.
pitzy
Messages postés
13
Date d'inscription
vendredi 29 juin 2007
Statut
Membre
Dernière intervention
4 mars 2010
1 juil. 2007 à 20:34
1 juil. 2007 à 20:34
Déja un grand merci pour le temps que tu me consacre =)
voila le rapport :
SDFix: Version 1.88
Run by Pitzy on dim. 01/07/2007 at 20:19
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\PITZY~1.ACE\Bureau\SDFix
Safe Mode:
Checking Services:
Name:
core
ImagePath:
system32\drivers\core.sys
core - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service
Rebooting...
Normal Mode:
Checking Files:
Below files will be copied to Backups folder then removed:
C:\WINDOWS\system32\drivers\core.cache.dsk - Deleted
C:\WINDOWS\system32\drivers\core.sys - Deleted
C:\WINDOWS\wr.txt - Deleted
Removing Temp Files...
ADS Check:
Checking C:\WINDOWS
C:\WINDOWS
No streams found.
Checking C:\WINDOWS\system32
C:\WINDOWS\system32
No streams found.
Checking C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.
Checking C:\WINDOWS\system32\ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\eMule\\eMule.exe"="C:\\Program Files\\eMule\\eMule.exe:*:Enabled:eMule"
"C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"="C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe:*:Enabled:DarkCrusade"
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\WINDOWS\\system32\\jmqmjyvk.exe"="C:\\WINDOWS\\system32\\jmq"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
Backups Folder: - C:\DOCUME~1\PITZY~1.ACE\Bureau\SDFix\backups\backups.zip
Listing Files with Hidden Attributes:
C:\Documents and Settings\Pitzy.ACERAL1715\Local Settings\Application Data\Microsoft\Messenger\crazypitzy@hotmail.com\Sharing Folders\seeb607219246@aol.com\Thumbs.db
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\akarihayami1@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\arkh_90@hotmail.fr.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\aurelie_deville@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\benjamin_312@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\bobyfile@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\ceceb13@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\cedrix456@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\christellamury@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\cindouille_kean@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\coolbaby_anene@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\couche_culotte04@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\damienpoulain@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\deco6110@msn.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\Desktop.ini
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\didoo85@hotmail.fr.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\duponaure@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\empreurdesoceanvia7generauxdesmers@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\et_vi_c_mwa@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\forza-milan989@hotmail.fr.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\hanodain@gmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\henrianne12@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\jean_p1@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\jonathan_asta@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\j_dks1991@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\k3nn7_@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\keke3005@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\kingdom_mayas@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\lecter697@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\lenaic.blouin@hotmail.fr.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\letsrocknrolll@hotmail.fr.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\lolo33332@hotmail.fr.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\manure25@hotmail.fr.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\mathlavievosdetrevecu@hotmail.fr.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\matmax92@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\maximefrancois98@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\maxime_australia@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\mec_chaud99@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\mehdi_60700@hotmail.fr.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\misspopulaire37@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\my-life_de_rock@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\nicdu31@hotmail.fr.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\oktay99turc@msn.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\os-pirate@hotmail.fr.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\ptitejessy4@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\ptitronion@hotmail.fr.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\rap8@hotmail.fr.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\rock-the-planet@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\schmit_643@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\simon_1230@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\tanguycherpion@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\tibegain@hotmail.fr.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\vipere83@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\vodka_redbull_1325@hotmail.com.lnk
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Windows Media Player\mplayer2.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv01.tmp
C:\WINDOWS\system32\config\default.tmp.LOG
C:\WINDOWS\system32\config\software.tmp.LOG
C:\WINDOWS\system32\config\system.tmp.LOG
Listing User Accounts:
Administrateur Anne ASPNET
HelpAssistant Invit‚ patrick
Pitzy SUPPORT_388945a0
La commande s'est termin‚e correctement.
Finished
voila le rapport :
SDFix: Version 1.88
Run by Pitzy on dim. 01/07/2007 at 20:19
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\PITZY~1.ACE\Bureau\SDFix
Safe Mode:
Checking Services:
Name:
core
ImagePath:
system32\drivers\core.sys
core - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service
Rebooting...
Normal Mode:
Checking Files:
Below files will be copied to Backups folder then removed:
C:\WINDOWS\system32\drivers\core.cache.dsk - Deleted
C:\WINDOWS\system32\drivers\core.sys - Deleted
C:\WINDOWS\wr.txt - Deleted
Removing Temp Files...
ADS Check:
Checking C:\WINDOWS
C:\WINDOWS
No streams found.
Checking C:\WINDOWS\system32
C:\WINDOWS\system32
No streams found.
Checking C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.
Checking C:\WINDOWS\system32\ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\eMule\\eMule.exe"="C:\\Program Files\\eMule\\eMule.exe:*:Enabled:eMule"
"C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"="C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe:*:Enabled:DarkCrusade"
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\WINDOWS\\system32\\jmqmjyvk.exe"="C:\\WINDOWS\\system32\\jmq"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
Backups Folder: - C:\DOCUME~1\PITZY~1.ACE\Bureau\SDFix\backups\backups.zip
Listing Files with Hidden Attributes:
C:\Documents and Settings\Pitzy.ACERAL1715\Local Settings\Application Data\Microsoft\Messenger\crazypitzy@hotmail.com\Sharing Folders\seeb607219246@aol.com\Thumbs.db
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\akarihayami1@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\arkh_90@hotmail.fr.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\aurelie_deville@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\benjamin_312@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\bobyfile@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\ceceb13@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\cedrix456@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\christellamury@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\cindouille_kean@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\coolbaby_anene@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\couche_culotte04@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\damienpoulain@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\deco6110@msn.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\Desktop.ini
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\didoo85@hotmail.fr.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\duponaure@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\empreurdesoceanvia7generauxdesmers@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\et_vi_c_mwa@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\forza-milan989@hotmail.fr.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\hanodain@gmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\henrianne12@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\jean_p1@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\jonathan_asta@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\j_dks1991@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\k3nn7_@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\keke3005@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\kingdom_mayas@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\lecter697@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\lenaic.blouin@hotmail.fr.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\letsrocknrolll@hotmail.fr.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\lolo33332@hotmail.fr.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\manure25@hotmail.fr.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\mathlavievosdetrevecu@hotmail.fr.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\matmax92@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\maximefrancois98@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\maxime_australia@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\mec_chaud99@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\mehdi_60700@hotmail.fr.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\misspopulaire37@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\my-life_de_rock@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\nicdu31@hotmail.fr.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\oktay99turc@msn.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\os-pirate@hotmail.fr.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\ptitejessy4@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\ptitronion@hotmail.fr.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\rap8@hotmail.fr.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\rock-the-planet@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\schmit_643@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\simon_1230@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\tanguycherpion@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\tibegain@hotmail.fr.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\vipere83@hotmail.com.lnk
C:\Documents and Settings\Pitzy.ACERAL1715\SendTo\WLM - crazypitzy@hotmail.com\vodka_redbull_1325@hotmail.com.lnk
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Windows Media Player\mplayer2.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv01.tmp
C:\WINDOWS\system32\config\default.tmp.LOG
C:\WINDOWS\system32\config\software.tmp.LOG
C:\WINDOWS\system32\config\system.tmp.LOG
Listing User Accounts:
Administrateur Anne ASPNET
HelpAssistant Invit‚ patrick
Pitzy SUPPORT_388945a0
La commande s'est termin‚e correctement.
Finished
Utilisateur anonyme
1 juil. 2007 à 20:46
1 juil. 2007 à 20:46
Tu peux jeter Sdix et le dossier backups.zip qui est sur ton bureau.
¤ Vas dans ajouter/supprimer des programmes et désinstalle :
- Java version is 1.5.0.6
- Java version is 1.5.0.9
-Java version is 1.5.0.11
¤ Clic sur poste de travail, C:, program files, cherche et supprime :
- Adverts
- Blue comp media
- Multi_Media
¤ Pour afficher tous les dossiers et fichiers cachés :
Clic sur "démarrer", "panneau de configuration", "outils" ,"option des dossiers", "affichage"
Coche :
- afficher les fichiers et dossiers cachés
- Clic sur "appliquer" puis "ok"
----------------------------------------------------------
Clic sur C:\Documents and Settings\All Users\Application Data et supprime :
- Fast four inter multi
Clic sur C:\Documents and Settings\All Users.WINDOWS\Application Data et supprime :
- FilmHoleKeepCoal
Clic sur C:\Documents and Settings\Pitzy\Application Data et supprime :
- Blue comp media
Clic sur C:\Documents and Settings\Pitzy.ACERAL1715\Application Data et supprime
- Blue comp media
**Si un fichier/dossier persiste lors de la suppression fait ceci:
- Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..
Puis va supprimer les fichiers/dossiers, vide ta corbeille et redémarre ton PC normalement.
Remet un rapport hijackthis dès que tu as fais tout ça ;-)
¤ Vas dans ajouter/supprimer des programmes et désinstalle :
- Java version is 1.5.0.6
- Java version is 1.5.0.9
-Java version is 1.5.0.11
¤ Clic sur poste de travail, C:, program files, cherche et supprime :
- Adverts
- Blue comp media
- Multi_Media
¤ Pour afficher tous les dossiers et fichiers cachés :
Clic sur "démarrer", "panneau de configuration", "outils" ,"option des dossiers", "affichage"
Coche :
- afficher les fichiers et dossiers cachés
- Clic sur "appliquer" puis "ok"
----------------------------------------------------------
Clic sur C:\Documents and Settings\All Users\Application Data et supprime :
- Fast four inter multi
Clic sur C:\Documents and Settings\All Users.WINDOWS\Application Data et supprime :
- FilmHoleKeepCoal
Clic sur C:\Documents and Settings\Pitzy\Application Data et supprime :
- Blue comp media
Clic sur C:\Documents and Settings\Pitzy.ACERAL1715\Application Data et supprime
- Blue comp media
**Si un fichier/dossier persiste lors de la suppression fait ceci:
- Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..
Puis va supprimer les fichiers/dossiers, vide ta corbeille et redémarre ton PC normalement.
Remet un rapport hijackthis dès que tu as fais tout ça ;-)
pitzy
Messages postés
13
Date d'inscription
vendredi 29 juin 2007
Statut
Membre
Dernière intervention
4 mars 2010
1 juil. 2007 à 21:39
1 juil. 2007 à 21:39
Pour les java je n'ai trouvé que un sur les trois, que dois je faire ? desinstaller Quicktime?
Les dossiers et fichiers cachés sont visibles.
- Adverts ---> effacé
- Blue comp media ---> effacé
- Multi_Media ---> non trouvé malgré recherche
- Fast four inter multi ---> effacé
- FilmHoleKeepCoal ---> résiste, sera effacé en mode sans echec
- Blue comp media ---> effacé
- Blue comp media ---> effacé lui aussi
Je te dis quoi pour FilmHoleKeepCoal et j'ai le rapport Hijackthis pour ce soir sa devrais aller vite :)
Les dossiers et fichiers cachés sont visibles.
- Adverts ---> effacé
- Blue comp media ---> effacé
- Multi_Media ---> non trouvé malgré recherche
- Fast four inter multi ---> effacé
- FilmHoleKeepCoal ---> résiste, sera effacé en mode sans echec
- Blue comp media ---> effacé
- Blue comp media ---> effacé lui aussi
Je te dis quoi pour FilmHoleKeepCoal et j'ai le rapport Hijackthis pour ce soir sa devrais aller vite :)
pitzy
Messages postés
13
Date d'inscription
vendredi 29 juin 2007
Statut
Membre
Dernière intervention
4 mars 2010
1 juil. 2007 à 22:09
1 juil. 2007 à 22:09
- FilmHoleKeepCoal ---> effacé
Rapport :
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22:08:48, on 1/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\A-SQUA~1\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Pitzy.ACERAL1715\Bureau\Nouveau dossier\abcde.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {85F9753E-84F9-2B9B-34B0-F06FA33739A8} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {96D7D7F6-319E-4334-9760-E1A86D80C464} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [keep coal dash bait] C:\Documents and Settings\All Users.WINDOWS\Application Data\FilmHoleKeepCoal\gpl mail.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.ijji.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{13AB14EB-0403-4C52-B40B-5822FA9FD234}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFCC92BE-B0FE-4425-A3CD-6C5C41296436}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{13AB14EB-0403-4C52-B40B-5822FA9FD234}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.92 85.255.112.13
O17 - HKLM\System\CS2\Services\Tcpip\..\{13AB14EB-0403-4C52-B40B-5822FA9FD234}: NameServer = 85.255.113.92,85.255.112.13
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.170 85.255.112.213
O17 - HKLM\System\CS3\Services\Tcpip\..\{13AB14EB-0403-4C52-B40B-5822FA9FD234}: NameServer = 85.255.116.170,85.255.112.213
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS4\Services\Tcpip\..\{13AB14EB-0403-4C52-B40B-5822FA9FD234}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: wvuusrs - wvuusrs.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\PROGRA~1\A-SQUA~1\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\jmqmjyvk.exe (file missing)
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
Rapport :
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22:08:48, on 1/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\A-SQUA~1\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Pitzy.ACERAL1715\Bureau\Nouveau dossier\abcde.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {85F9753E-84F9-2B9B-34B0-F06FA33739A8} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {96D7D7F6-319E-4334-9760-E1A86D80C464} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [keep coal dash bait] C:\Documents and Settings\All Users.WINDOWS\Application Data\FilmHoleKeepCoal\gpl mail.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.ijji.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{13AB14EB-0403-4C52-B40B-5822FA9FD234}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFCC92BE-B0FE-4425-A3CD-6C5C41296436}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{13AB14EB-0403-4C52-B40B-5822FA9FD234}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.92 85.255.112.13
O17 - HKLM\System\CS2\Services\Tcpip\..\{13AB14EB-0403-4C52-B40B-5822FA9FD234}: NameServer = 85.255.113.92,85.255.112.13
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.170 85.255.112.213
O17 - HKLM\System\CS3\Services\Tcpip\..\{13AB14EB-0403-4C52-B40B-5822FA9FD234}: NameServer = 85.255.116.170,85.255.112.213
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS4\Services\Tcpip\..\{13AB14EB-0403-4C52-B40B-5822FA9FD234}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: wvuusrs - wvuusrs.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\PROGRA~1\A-SQUA~1\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\jmqmjyvk.exe (file missing)
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
Utilisateur anonyme
1 juil. 2007 à 22:34
1 juil. 2007 à 22:34
Bien, pense à faire ceci si tu ne l'as pas fait
Ensuite :
- Clic sur démarrer, exécuter, tape : cmd
Une fenêtre va s'ouvrir, tape exactement ceci, puis valide par la touche entrée de ton clavier:
ipconfig /flushdns
******************
¤ Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked"
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {85F9753E-84F9-2B9B-34B0-F06FA33739A8} - (no file)
O2 - BHO: (no name) - {96D7D7F6-319E-4334-9760-E1A86D80C464} - (no file)
O4 - HKLM\..\Run: [keep coal dash bait] C:\Documents and Settings\All Users.WINDOWS\Application Data\FilmHoleKeepCoal\gpl mail.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CS2\Services\Tcpip\..\{13AB14EB-0403-4C52-B40B-5822FA9FD234}: NameServer = 85.255.113.92,85.255.112.13
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.170 85.255.112.213
O17 - HKLM\System\CS3\Services\Tcpip\..\{13AB14EB-0403-4C52-B40B-5822FA9FD234}: NameServer = 85.255.116.170,85.255.112.213
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: wvuusrs - wvuusrs.dll (file missing)
¤ Clic sur "démarrer", "exécuter", tape: services.msc
Cherche dans la liste la ligne ci-dessous, tu fais un clic droit dessus choisis "propriétés" et régle la sur "désactivé"
- DomainService
¤ Clic sur démarrer, rechercher, tous les fichiers et dossiers, cherche et supprime si présent :
- jmqmjyvk.exe
- wvuusrs.dll
¤ Fais ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2(en haut) va se mettre à clignoter, clique dessus et choisit "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp
---> https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
- Démarrer Online Scanner
- Accept
- Scanne complétement ton (tes) disques dur
On devrait toucher à la fin ;-)
Ensuite :
- Clic sur démarrer, exécuter, tape : cmd
Une fenêtre va s'ouvrir, tape exactement ceci, puis valide par la touche entrée de ton clavier:
ipconfig /flushdns
******************
¤ Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked"
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {85F9753E-84F9-2B9B-34B0-F06FA33739A8} - (no file)
O2 - BHO: (no name) - {96D7D7F6-319E-4334-9760-E1A86D80C464} - (no file)
O4 - HKLM\..\Run: [keep coal dash bait] C:\Documents and Settings\All Users.WINDOWS\Application Data\FilmHoleKeepCoal\gpl mail.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CS2\Services\Tcpip\..\{13AB14EB-0403-4C52-B40B-5822FA9FD234}: NameServer = 85.255.113.92,85.255.112.13
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.170 85.255.112.213
O17 - HKLM\System\CS3\Services\Tcpip\..\{13AB14EB-0403-4C52-B40B-5822FA9FD234}: NameServer = 85.255.116.170,85.255.112.213
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: wvuusrs - wvuusrs.dll (file missing)
¤ Clic sur "démarrer", "exécuter", tape: services.msc
Cherche dans la liste la ligne ci-dessous, tu fais un clic droit dessus choisis "propriétés" et régle la sur "désactivé"
- DomainService
¤ Clic sur démarrer, rechercher, tous les fichiers et dossiers, cherche et supprime si présent :
- jmqmjyvk.exe
- wvuusrs.dll
¤ Fais ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2(en haut) va se mettre à clignoter, clique dessus et choisit "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp
---> https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
- Démarrer Online Scanner
- Accept
- Scanne complétement ton (tes) disques dur
On devrait toucher à la fin ;-)
raleuboleu
Messages postés
5022
Date d'inscription
mercredi 13 décembre 2006
Statut
Membre
Dernière intervention
14 mars 2012
79
1 juil. 2007 à 22:36
1 juil. 2007 à 22:36
hello, enfin bon soir Boulepateu ^^
dis comment alester les administrateurs stp
m
dis comment alester les administrateurs stp
m
raleuboleu
Messages postés
5022
Date d'inscription
mercredi 13 décembre 2006
Statut
Membre
Dernière intervention
14 mars 2012
79
1 juil. 2007 à 22:38
1 juil. 2007 à 22:38
dsl!!
matte tous les mesages de "dindes" c'est pas bon ca!!! mais je suis euhhhhhhhhhhhhhhhhhh idiote ^^ mdr comment enfin ou se plaindre?
rep en mp stu veu ok!! bizoux
matte tous les mesages de "dindes" c'est pas bon ca!!! mais je suis euhhhhhhhhhhhhhhhhhh idiote ^^ mdr comment enfin ou se plaindre?
rep en mp stu veu ok!! bizoux
pitzy
Messages postés
13
Date d'inscription
vendredi 29 juin 2007
Statut
Membre
Dernière intervention
4 mars 2010
2 juil. 2007 à 03:01
2 juil. 2007 à 03:01
J'ai le rapport mais il es vraiment enorme,
j'ai parcouru et j'ai vu que tout avais été ignoré car les menaces sont bloquées.
je ne sais pas si sa peu eclairer voici le debut du rapport :
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, July 02, 2007 2:31:50 AM
Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 2/07/2007
Enregistrements dans la base antivirus Kaspersky : 356303
-------------------------------------------------------------------------------
Paramètres d'analyse:
Analyser avec la base antivirus suivante: étendue
Analyser les archives: vrai
Analyser les bases de messagerie: vrai
Cible de l'analyse - Poste de travail:
A:\
C:\
D:\
E:\
Statistiques de l'analyse:
Total d'objets analysés: 107962
Nombre de virus trouvés: 16
Nombre d'objets infectés: 35 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 01:50:43
-------------------------
Si il faut le reste je ferai de mon mieu pour le mettre.
j'ai parcouru et j'ai vu que tout avais été ignoré car les menaces sont bloquées.
je ne sais pas si sa peu eclairer voici le debut du rapport :
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, July 02, 2007 2:31:50 AM
Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 2/07/2007
Enregistrements dans la base antivirus Kaspersky : 356303
-------------------------------------------------------------------------------
Paramètres d'analyse:
Analyser avec la base antivirus suivante: étendue
Analyser les archives: vrai
Analyser les bases de messagerie: vrai
Cible de l'analyse - Poste de travail:
A:\
C:\
D:\
E:\
Statistiques de l'analyse:
Total d'objets analysés: 107962
Nombre de virus trouvés: 16
Nombre d'objets infectés: 35 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 01:50:43
-------------------------
Si il faut le reste je ferai de mon mieu pour le mettre.
Utilisateur anonyme
2 juil. 2007 à 03:29
2 juil. 2007 à 03:29
raleuboleu : Bonjour, ça a déjà été fait ;-)
pitzy : oui, envoi le rapport complet stp
pitzy : oui, envoi le rapport complet stp
pitzy
Messages postés
13
Date d'inscription
vendredi 29 juin 2007
Statut
Membre
Dernière intervention
4 mars 2010
2 juil. 2007 à 13:52
2 juil. 2007 à 13:52
http://anonyme.archive-host.com/kaspersky_3x5hf5yk9n.txt
je l'ai mit sur un site car trop long pour ici.
J'espere que vous pouvez voir le resultat.
je l'ai mit sur un site car trop long pour ici.
J'espere que vous pouvez voir le resultat.
Utilisateur anonyme
2 juil. 2007 à 16:21
2 juil. 2007 à 16:21
C'est simplement ta restauration du système, fais ceci :
Alors ceci : C:\System Volume Information\_restore (voir rapport Kaspersky)
indique que ta restauration du système etait infecté ou est infecté, pour être sûr, nous allons créer un point propre.
Clic sur "demarrer", cliques droit sur "poste de travail", "propriétés", onglet "restauration du système"
¤ coches la case "desactiver la restauration du systéme sur tous les lecteurs", puis clic ur "appliquer"
¤ décoches la case et clic sur "appliquer" puis "ok".
Maintenant, que l'ont à effacés les point infectés, nous allons créer un point propre :
Clic sur "demarrer", "tous les programmes", "accessoires", "outils système", "restauration du système", choisis "créer un point de restauration" nommes le " ccm" par exemple, clic sur "créer" puis "ok".
Voilà, maintenant le point de restauration est créé
Si un jour tu le décides, tu pourras revenir en arrière à la date que tu as créé ce point de restauration.
En exécutant la restauration du système tu pourras remettre ton ordinateur à la date ou l'on à créé ce point de restauration mais tu perdras les modifications que tu auras fait entre deux.
Alors ceci : C:\System Volume Information\_restore (voir rapport Kaspersky)
indique que ta restauration du système etait infecté ou est infecté, pour être sûr, nous allons créer un point propre.
Clic sur "demarrer", cliques droit sur "poste de travail", "propriétés", onglet "restauration du système"
¤ coches la case "desactiver la restauration du systéme sur tous les lecteurs", puis clic ur "appliquer"
¤ décoches la case et clic sur "appliquer" puis "ok".
Maintenant, que l'ont à effacés les point infectés, nous allons créer un point propre :
Clic sur "demarrer", "tous les programmes", "accessoires", "outils système", "restauration du système", choisis "créer un point de restauration" nommes le " ccm" par exemple, clic sur "créer" puis "ok".
Voilà, maintenant le point de restauration est créé
Si un jour tu le décides, tu pourras revenir en arrière à la date que tu as créé ce point de restauration.
En exécutant la restauration du système tu pourras remettre ton ordinateur à la date ou l'on à créé ce point de restauration mais tu perdras les modifications que tu auras fait entre deux.
pitzy
Messages postés
13
Date d'inscription
vendredi 29 juin 2007
Statut
Membre
Dernière intervention
4 mars 2010
2 juil. 2007 à 16:40
2 juil. 2007 à 16:40
Ok,
un grand merci pour ta precieuse et rapide aide.
Une tres bonne continuation a toi!!
un grand merci pour ta precieuse et rapide aide.
Une tres bonne continuation a toi!!
