Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Trojan Win32:TratBHO [résolu]

archels

Par archels
dans Analyses et éradication malwares

 Partager

Messages recommandés

pear Devil Member !

pear

Posté(e)
Posté(e) (modifié)

Occupé par quels processus svp?

 

par sécurité:

 

Vider la corbeille.

 

* Faire un scan en ligne Kaspersky

http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html

* Cliquer sur Accept

* Une barre jaune va demander d'accepter l'installation de Kavwebscan_Unicode.cab, installer l'Active X.

* cliquer une nouvelle fois sur "Accept"

* Les bases de mises à jour vont s'installer, patienter un moment

* Cliquer sur Next.

* Cliquer sur My Computer, le scan se met en route;

attendre la fin du scan sans fermer la fenêtre sinon il s'arrêtera.

 

 

A la fin du scan, si des objets infectés sont découverts, cliquer sur Save report as... Choisirr bureau et nomme le rapport "rapport Kaspersky" et dans le champ d'enregistrement, choisir "fichiers texte" enregistrer le rapport.

Copier/coller l'entièreté du fichier texte ouvert, par clic droit dessus, sélectionner tout/copier.

Coller ce rapport dans la réponse sur le forum.

Aide en cas de problème :Cybersécurité

http://cybersecurite.xooit.com/t100-Scan-e...spersky.htm#768

NOTE: Le scan est à faire avec Internet Explorer.

Modifié par pear
archels Member

archels

Posté(e)
  • Auteur
Posté(e)

Voici le rapport Kaspersky qui trouvent 9 virus et 91 objets infectés :

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Saturday, February 16, 2008 5:45:07 PM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 16/02/2008

Kaspersky Anti-Virus database records: 568900

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - Folders:

C:\

 

Scan Statistics:

Total number of scanned objects: 138977

Number of viruses found: 9

Number of infected objects: 91

Number of suspicious objects: 0

Duration of the scan process: 01:49:29

 

Infected Object Name / Virus Name / Last Action

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.124.Crwl Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.124.gthr Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010001.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010002.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010003.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010004.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010005.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010006.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010007.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010008.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010009.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles01000A.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles01000B.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles01000C.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles01000D.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles01000E.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles01000F.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010010.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010011.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010012.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010013.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010014.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010015.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010016.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010017.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010018.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010019.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles01001A.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles01001B.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles01001C.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010021.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010022.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010024.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles01002C.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles01004B.ci Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles01004B.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles01004B.wsb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy115.gthr Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf1.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_a48.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-03132007-095636.log Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\temp\Fichiers Internet temporaires\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\temp\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Propriétaire\Application Data\$_hpcst$.hpc Object is locked skipped

C:\Documents and Settings\Propriétaire\Application Data\Microsoft\ActiveSync\Profiles\SPVc500\repl.dat Object is locked skipped

C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Outlook\Microsoft Outlook Internet Settings.srs Object is locked skipped

C:\Documents and Settings\Propriétaire\Bureau\Forum Zebulon\MSNFix\MSNFix\13022008_ 9215992.zip/backup/NTSpool.exe Infected: Trojan.Win32.Inject.uy skipped

C:\Documents and Settings\Propriétaire\Bureau\Forum Zebulon\MSNFix\MSNFix\13022008_ 9215992.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Propriétaire\Bureau\Forum Zebulon\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Propriétaire\Bureau\Forum Zebulon\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Propriétaire\Bureau\Forum Zebulon\SmitfraudFix.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Propriétaire\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Last.fm\Client\LastFmHelper.log Object is locked skipped

C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Outlook\outlook.pst Object is locked skipped

C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Outlook\~outlook.pst.tmp Object is locked skipped

C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Propriétaire\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Propriétaire\Local Settings\Historique\History.IE5\MSHist012008021620080217\index.dat Object is locked skipped

C:\Documents and Settings\Propriétaire\Local Settings\Temp\Free Download Manager\tic20.tmp Object is locked skipped

C:\Documents and Settings\Propriétaire\Local Settings\Temp\Free Download Manager\tic22.tmp Object is locked skipped

C:\Documents and Settings\Propriétaire\Local Settings\Temp\WCESLog.log Object is locked skipped

C:\Documents and Settings\Propriétaire\Local Settings\Temp\WCESMgr.log Object is locked skipped

C:\Documents and Settings\Propriétaire\Local Settings\Temp\~DFA2C.tmp Object is locked skipped

C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Propriétaire\ntuser.dat Object is locked skipped

C:\Documents and Settings\Propriétaire\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt Object is locked skipped

C:\Program Files\RealVNC\VNC4\vncclipboard.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.427 skipped

C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped

C:\Program Files\vdownloader\VDownloader.exe Infected: not-a-virus:Downloader.Win32.VDown.a skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\cbxvtqq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\cbxvwtq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\ddcawxy.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\efcdecc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\fccbyxx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\iiffcdd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\ljjgdby.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\opnnlml.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\opnnnml.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\rqrpmji.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\tuvtqrp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\wvutttq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\xxyvssr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\yayxvvs.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\QooBox\Quarantine\catchme2008-02-04_190437.35.RB0/ddcyx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\QooBox\Quarantine\catchme2008-02-04_190437.35.RB0/dgiclwsv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\QooBox\Quarantine\catchme2008-02-04_190437.35.RB0/gebyxwx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.giq skipped

C:\QooBox\Quarantine\catchme2008-02-04_190437.35.RB0 ZIP: infected - 3 skipped

C:\QooBox\Quarantine\catchme2008-02-04_190437.35.zip/ddcyx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\QooBox\Quarantine\catchme2008-02-04_190437.35.zip/gebyxwx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.giq skipped

C:\QooBox\Quarantine\catchme2008-02-04_190437.35.zip ZIP: infected - 2 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{D1D1CA16-8EC1-453B-80E5-A9D409CE5912}\RP1449\A0203226.exe Infected: Trojan.Win32.Pakes.bzo skipped

C:\System Volume Information\_restore{D1D1CA16-8EC1-453B-80E5-A9D409CE5912}\RP1450\A0204432.exe Infected: Trojan.Win32.Agent.ecd skipped

C:\System Volume Information\_restore{D1D1CA16-8EC1-453B-80E5-A9D409CE5912}\RP1453\A0205948.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\System Volume Information\_restore{D1D1CA16-8EC1-453B-80E5-A9D409CE5912}\RP1453\A0205949.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\System Volume Information\_restore{D1D1CA16-8EC1-453B-80E5-A9D409CE5912}\RP1453\A0205950.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\System Volume Information\_restore{D1D1CA16-8EC1-453B-80E5-A9D409CE5912}\RP1453\A0205951.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\System Volume Information\_restore{D1D1CA16-8EC1-453B-80E5-A9D409CE5912}\RP1453\A0205952.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\System Volume Information\_restore{D1D1CA16-8EC1-453B-80E5-A9D409CE5912}\RP1453\A0205953.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\System Volume Information\_restore{D1D1CA16-8EC1-453B-80E5-A9D409CE5912}\RP1453\A0205954.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\System Volume Information\_restore{D1D1CA16-8EC1-453B-80E5-A9D409CE5912}\RP1453\A0205955.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\System Volume Information\_restore{D1D1CA16-8EC1-453B-80E5-A9D409CE5912}\RP1453\A0205956.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\System Volume Information\_restore{D1D1CA16-8EC1-453B-80E5-A9D409CE5912}\RP1453\A0205957.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\System Volume Information\_restore{D1D1CA16-8EC1-453B-80E5-A9D409CE5912}\RP1453\A0205959.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\System Volume Information\_restore{D1D1CA16-8EC1-453B-80E5-A9D409CE5912}\RP1453\A0205960.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\System Volume Information\_restore{D1D1CA16-8EC1-453B-80E5-A9D409CE5912}\RP1453\A0205961.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\System Volume Information\_restore{D1D1CA16-8EC1-453B-80E5-A9D409CE5912}\RP1453\A0205962.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\System Volume Information\_restore{D1D1CA16-8EC1-453B-80E5-A9D409CE5912}\RP1453\A0205966.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\System Volume Information\_restore{D1D1CA16-8EC1-453B-80E5-A9D409CE5912}\RP1453\A0205968.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.giq skipped

C:\System Volume Information\_restore{D1D1CA16-8EC1-453B-80E5-A9D409CE5912}\RP1457\A0210484.exe Infected: Trojan.Win32.Pakes.bzo skipped

C:\System Volume Information\_restore{D1D1CA16-8EC1-453B-80E5-A9D409CE5912}\RP1458\A0210730.exe Infected: Trojan.Win32.Inject.uy skipped

C:\System Volume Information\_restore{D1D1CA16-8EC1-453B-80E5-A9D409CE5912}\RP1460\change.log Object is locked skipped

C:\upload_moi_NEWBOY.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/cbxvtqq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\upload_moi_NEWBOY.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/cbxvwtq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\upload_moi_NEWBOY.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/ddcawxy.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\upload_moi_NEWBOY.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/efcdecc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\upload_moi_NEWBOY.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/fccbyxx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\upload_moi_NEWBOY.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/iiffcdd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\upload_moi_NEWBOY.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/ljjgdby.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\upload_moi_NEWBOY.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/opnnlml.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\upload_moi_NEWBOY.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/opnnnml.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\upload_moi_NEWBOY.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/rqrpmji.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\upload_moi_NEWBOY.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/tuvtqrp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\upload_moi_NEWBOY.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/wvutttq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\upload_moi_NEWBOY.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/xxyvssr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\upload_moi_NEWBOY.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/yayxvvs.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\upload_moi_NEWBOY.tar.gz/upload_moi.tar/qoobox/Quarantine/catchme2008-02-04_190437.35.RB0/ddcyx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\upload_moi_NEWBOY.tar.gz/upload_moi.tar/qoobox/Quarantine/catchme2008-02-04_190437.35.RB0/dgiclwsv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\upload_moi_NEWBOY.tar.gz/upload_moi.tar/qoobox/Quarantine/catchme2008-02-04_190437.35.RB0/gebyxwx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.giq skipped

C:\upload_moi_NEWBOY.tar.gz/upload_moi.tar/qoobox/Quarantine/catchme2008-02-04_190437.35.RB0 Infected: not-a-virus:AdWare.Win32.Virtumonde.giq skipped

C:\upload_moi_NEWBOY.tar.gz/upload_moi.tar/qoobox/Quarantine/catchme2008-02-04_190437.35.zip/ddcyx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\upload_moi_NEWBOY.tar.gz/upload_moi.tar/qoobox/Quarantine/catchme2008-02-04_190437.35.zip/gebyxwx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.giq skipped

C:\upload_moi_NEWBOY.tar.gz/upload_moi.tar/qoobox/Quarantine/catchme2008-02-04_190437.35.zip Infected: not-a-virus:AdWare.Win32.Virtumonde.giq skipped

C:\upload_moi_NEWBOY.tar.gz/upload_moi.tar/WINDOWS/System32/NTSpool.exe Infected: Trojan.Win32.Inject.uy skipped

C:\upload_moi_NEWBOY.tar.gz/upload_moi.tar Infected: Trojan.Win32.Inject.uy skipped

C:\upload_moi_NEWBOY.tar.gz GZIP: infected - 23 skipped

C:\upload_moi_NEWBOY.tar.RB0/upload_moi.tar/WINDOWS/System32/yayxvvs.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\upload_moi_NEWBOY.tar.RB0/upload_moi.tar/WINDOWS/System32/opnnlml.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\upload_moi_NEWBOY.tar.RB0/upload_moi.tar/WINDOWS/System32/ddcawxy.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\upload_moi_NEWBOY.tar.RB0/upload_moi.tar/WINDOWS/System32/efcdecc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\upload_moi_NEWBOY.tar.RB0/upload_moi.tar/WINDOWS/System32/cbxvwtq.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\upload_moi_NEWBOY.tar.RB0/upload_moi.tar/WINDOWS/System32/wvutttq.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\upload_moi_NEWBOY.tar.RB0/upload_moi.tar/WINDOWS/System32/xxyvssr.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\upload_moi_NEWBOY.tar.RB0/upload_moi.tar/WINDOWS/System32/rqrpmji.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\upload_moi_NEWBOY.tar.RB0/upload_moi.tar/WINDOWS/System32/iiffcdd.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\upload_moi_NEWBOY.tar.RB0/upload_moi.tar/WINDOWS/System32/tuvtqrp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\upload_moi_NEWBOY.tar.RB0/upload_moi.tar/WINDOWS/System32/ljjgdby.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\upload_moi_NEWBOY.tar.RB0/upload_moi.tar/WINDOWS/System32/opnnnml.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\upload_moi_NEWBOY.tar.RB0/upload_moi.tar/WINDOWS/System32/cbxvtqq.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\upload_moi_NEWBOY.tar.RB0/upload_moi.tar/WINDOWS/System32/fccbyxx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\upload_moi_NEWBOY.tar.RB0/upload_moi.tar/WINDOWS/System32/ddcyx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\upload_moi_NEWBOY.tar.RB0/upload_moi.tar/WINDOWS/System32/gebyxwx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.giq skipped

C:\upload_moi_NEWBOY.tar.RB0/upload_moi.tar Infected: not-a-virus:AdWare.Win32.Virtumonde.giq skipped

C:\upload_moi_NEWBOY.tar.RB0 GZIP: infected - 17 skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped

C:\WINDOWS\Internet Logs\NEWBOY.ldb Object is locked skipped

C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{36CD8B86-CFA4-4276-9F28-DFEE95B176C0}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\Windows_OneCare_Evt.evt Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_33c.dat Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_828.dat Object is locked skipped

C:\WINDOWS\Temp\ZLT00ef2.TMP Object is locked skipped

C:\WINDOWS\Temp\ZLT00ef5.TMP Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

 

Scan process completed.

pear Devil Member !

pear

Posté(e)
Posté(e) (modifié)

Bonjour,

 

Pas d'affolement, les infections sont dans des quarantaines ou les outils utilisés, sauf ceci

 

C:\Program Files\RealVNC\VNC4\vncclipboard.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.427 skipped

C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped

C:\Program Files\vdownloader\VDownloader.exe Infected: not-a-virus:Downloader.Win32.VDown.a skipped

Je vous conseille de de désinstaller ces 2 programmes nuisibles en l'état.

par la suite vous réinstallerez RealVNC s'il vous est nécessaire.

 

Pour désinstaller les outils:

 

Télécharger ToolsCleaner! de A.Rothstein pour enlever les programmes utilisés pendant la procédure.

http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe

* Enregistrer ToolsCleaner2.exe sur le Bureau.

* Double-cliquer dessus, puis cliquer sur Recherche --> Le programme va chercher les utilitaires installés

------> Il se peut que la fenêtre devienne blanche pendant le scan, c'est normal !

*Quand la recherche sera terminée, cliquer sur "suppression".

 

Désinstaller la restauration système:

 

Cliquer sur Démarrer.

Cliquer avec le bouton droit sur l'icône Poste de travail, puis sur Propriétés.

Cliquer sur l'onglet «Restauration du système».

Sélectionner «Désactiver la Restauration du système sur tous les lecteurs»

Cliquer sur "Appliquer".

Cela supprimera tous les points de restauration existants.

Pour faire cela, cliquer sur Oui.

Cliquer sur OK.

Redémarrer.

Faire l'opération inverse, et réactiver la restauration:

un nouveau point sera automatiquement créé.

 

Vider les fichiers temporaires:

 

Télécharger ATF Cleaner par Atribune.

http://www.atribune.org/ccount/click.php?id=1

 

Redémarrer en mode sans échec :

 

* Double-clique ATF-Cleaner.exe afin de lancer le programme.

 

Sous l'onglet Firefox,(ou Main pour IE) choisir : Select All

Clique le bouton Empty Selected

NOTE : Pour conserver les mots de passe sauvegardés, cliquer No à l'invite.

 

Cliquer Exit, du menu principal, afin de fermer le programme.

 

Nettoyer les fichiers inutiles:

http://telechargement.zebulon.fr/easycleaner.html

Une fois lancé le logiciel, clic sur "Inutiles"puis sélectionner tout"et "supprimer"

Ne jamais utiliser la fonction Doublons: risques graves

 

Télécharger puis installer AVG Anti-Spyware (AVG AS)

http://www.ewido.net/en/download/

Une fois AVG AS lancé, cliquer sur "Mise à jour"

Fermer le programme.

 

Redémarrer en mode sans échec

 

Relancer AVG AS puis choisir l'onglet "Analyse"

Puis l'onglet "Paramètres

Sous la question "Comment réagir ?", cliquer sur "Actions recommandées"et choisir"Quarantaine"

Re-cliquer sur l'onglet "Analyse" puis réaliser une "Analyse complète du système"

 

/!\ Si un fichier est infecté détécté en fin d'analyse /!\

Cliquer sur "Appliquer toutes les actions "

 

Cliquer sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"

Enregistrer ce fichier texte sur le bureau.

 

Redémarrer normalement

Copier/Coller le rapport ici et un log Hijackthis

Modifié par pear
archels Member

archels

Posté(e)
  • Auteur
Posté(e)

On arrive bientôt au bout ?

J'ai restauré une sauvegarde faite avec Acronis True Image avant l'infection mais je retrouve les mêmes problèmes.

Par contre j'ai réussi à installer Antivir en réinstallant les pilotes Nvidia, pour info : http://www.01net.com/editorial/262480/go/messages-continuels-nview-dll/ ://http://www.01net.com/editorial/2624...els-nview-dll/

Autre surprise, j'ai du reparamétrer le bios car je ne pouvais plus booter sur le lecteur de cd.

De plus je me retrouve avec la présence d'un contrôleur Raid dans le gestionnaire de périphériques que je désinstalle mais qui revient après chaque redémarrage.

Voici le rapport Hijackthis :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:04:51, on 19/02/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\WINDOWS\System32\DVDRAMSV.exe

C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\BMWgroup\ETKLokal\transbase\tbmux32.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\WINDOWS\system32\taskswitch.exe

C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Program Files\VistaDriveIcon\DrvIcon.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\HCWemmon.exe

C:\PROGRA~1\WinTV\EPG Services\System\EPGClient.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\Free Download Manager\FUM\fumoei.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\WinTV\Ir.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Last.fm\LastFMHelper.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\system32\cgmopenbho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O4 - HKLM\..\Run: [soundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe

O4 - HKLM\..\Run: [backgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Fichiers communs\Acronis\Partition Suite\oss_reinstall.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [NuonSoft ShellEnhancer StartupHelper] C:\Program Files\NuonSoft\ShellEnhancer\StartupHelper.exe

O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\VistaDriveIcon\DrvIcon.exe

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [HCWemmon] HCWemmon.exe

O4 - HKLM\..\Run: [EPGServiceTool] C:\PROGRA~1\WinTV\EPG Services\System\EPGClient.exe

O4 - HKLM\..\Run: [WinCast] E:\cdsetup\setup.exe -lfra

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: Gestionnaire de tâches.lnk = C:\WINDOWS\system32\taskmgr.exe

O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe

O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Ouvrir avec GetRight - C:\Program Files\GetRight\GRbrowse.htm

O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Télecharger avec GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm

O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll

O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_FR_XP.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (Contrôleur de DownloadManager) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.6.0.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/hardwared...ion_2_0_4_9.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe

O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Transbase - Transaction Software, D 81737 Munich - C:\BMWgroup\ETKLokal\transbase\tbmux32.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 14993 bytes

pear Devil Member !

pear

Posté(e)
Posté(e)

Bonjour,

 

Je comprends votre impatience, c'est toujours trop long.

 

mais je ne vois plus riende dommageable dans votre rapport.

 

Il vous reste à alléger votre pc en suivant mes conseils antérieurs car vous avez bien trop de logiciels au démarrage.

 

Ne gardez qu'un seul logiciel par type de protection: 1 parefeu, 1 antivirus, 1 antispyware sinon conflits et lenteurs.

  • 2 semaines après...
pear Devil Member !

pear

Posté(e)
Posté(e)

Bonsoir,

 

Voila, maintenant je crois que c'est clean.

 

Vous m'en voyez ravi.

 

Pour que d'autres puissent tirer profit de vos déboires et de leur conclusion, vous devriez éditer votre message initial et y indiquer "Résolu"

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...