Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Pb de spyware

R1000

Par R1000
dans Analyses et éradication malwares

 Partager

Messages recommandés

R1000 Junior Member

R1000

Posté(e)
Posté(e) (modifié)

bonsoir depuis un petit moment j'ai un pb sur mon pc sous win XP

j'ai un fond d'ecran blanc avec un message d'erreur windows warning message

WIN32/ADWARE.VIRTUMONDE

WIN32/PRIVACYREMOVER.M64

est ce que quelqu'un peut m'aider merci

Modifié par R1000

R1000 Junior Member

R1000

Posté(e)
  • Auteur
Posté(e)

lorsque je lance hijackthis j'ai:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:54: VIRUS ALERT!, on 13/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe

C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\CyberLink\PowerCinema\PCMService.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\radOne\Application Data\Adobe\Player.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\iPod\bin\iPodService.exe

c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\DOCUME~1\radOne\LOCALS~1\Temp\57329.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

F2 - REG:system.ini: UserInit=userinit.exe,

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O3 - Toolbar: olnmraew - {306B1FE0-FE45-4A42-B2DE-C8229CA12CCC} - C:\WINDOWS\olnmraew.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [\YUR251.exe] C:\Windows\system32\YUR251.exe

O4 - HKLM\..\Run: [\YUR252.exe] C:\Windows\system32\YUR252.exe

O4 - HKLM\..\Run: [\YUR253.exe] C:\Windows\system32\YUR253.exe

O4 - HKLM\..\Run: [\YUR254.exe] C:\Windows\system32\YUR254.exe

O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\MicroAV\MicroAV.exe

O4 - HKLM\..\Run: [\YUR1.exe] C:\Windows\system32\YUR1.exe

O4 - HKLM\..\Run: [\YUR2.exe] C:\Windows\system32\YUR2.exe

O4 - HKLM\..\Run: [\YUR3.exe] C:\Windows\system32\YUR3.exe

O4 - HKLM\..\Run: [\YUR4.exe] C:\Windows\system32\YUR4.exe

O4 - HKLM\..\Run: [lphcak1j0ev9r] C:\WINDOWS\system32\lphcak1j0ev9r.exe

O4 - HKLM\..\Run: [348f019b] rundll32.exe "C:\WINDOWS\system32\mknuiieo.dll",b

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [] C:\Documents and Settings\radOne\Application Data\Adobe\Player.exe

O4 - HKCU\..\Run: [\YUR251.exe] C:\Windows\system32\YUR251.exe

O4 - HKCU\..\Run: [\YUR252.exe] C:\Windows\system32\YUR252.exe

O4 - HKCU\..\Run: [\YUR253.exe] C:\Windows\system32\YUR253.exe

O4 - HKCU\..\Run: [\YUR254.exe] C:\Windows\system32\YUR254.exe

O4 - HKCU\..\Run: [ANTIVIRUS] C:\Program Files\MicroAV\MicroAV.exe

O4 - HKCU\..\Run: [\YUR1.exe] C:\Windows\system32\YUR1.exe

O4 - HKCU\..\Run: [\YUR2.exe] C:\Windows\system32\YUR2.exe

O4 - HKCU\..\Run: [\YUR3.exe] C:\Windows\system32\YUR3.exe

O4 - HKCU\..\Run: [\YUR4.exe] C:\Windows\system32\YUR4.exe

O4 - HKLM\..\Policies\Explorer\Run: [Zuws0NyALA] C:\Documents and Settings\All Users\Application Data\javmnepq\fqzaxers.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5D7BE8D9-2976-4CBB-98D8-E31973801BAF}: NameServer = 82.216.111.122,82.216.111.123,82.216.111.124,82.216.111.125,82.216.111.121

O17 - HKLM\System\CS1\Services\Tcpip\..\{5D7BE8D9-2976-4CBB-98D8-E31973801BAF}: NameServer = 82.216.111.122,82.216.111.123,82.216.111.124,82.216.111.125,82.216.111.121

O17 - HKLM\System\CS2\Services\Tcpip\..\{5D7BE8D9-2976-4CBB-98D8-E31973801BAF}: NameServer = 82.216.111.122,82.216.111.123,82.216.111.124,82.216.111.125,82.216.111.121

O17 - HKLM\System\CS3\Services\Tcpip\..\{5D7BE8D9-2976-4CBB-98D8-E31973801BAF}: NameServer = 82.216.111.122,82.216.111.123,82.216.111.124,82.216.111.125,82.216.111.121

O20 - AppInit_DLLs: eotkjp.dll

O21 - SSODL: lfstbwvd - {0770F313-39B0-4D52-948F-47D9CA963677} - C:\WINDOWS\lfstbwvd.dll

O21 - SSODL: qmafxprs - {9C3E8A2E-ED21-4401-98DC-5FA5B9E7FC95} - C:\WINDOWS\qmafxprs.dll

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

 

--

End of file - 13487 bytes

Apollo Devil Member !

Apollo

Posté(e)
Posté(e) (modifié)

Bonsoir,

 

Bienvenue sur les forums de Zébulon.

 

Voici quelques renseignements utiles avant de commencer:

 

  • *
Comment participer à un forum
*Retrouver ses messages et activer la notification par email

 

On va voir ensemble ce qui se passe sur ton PC ; comme tous les intervenants ici, nous aidons bénévolement en fonction de nos activités personnelles. On va essayer d'aller au plus vite, mais il faudra peut-être parfois être patient pour attendre une réponse, pas d'affolement :P

 

 

Tu as la totale... A quoi sert ton Norton à part garnir ton pc? A rien.

Incroyable de voir ça avec une suite de sécurité.

 

Tu as: Lop, Smitfraud, des troyens en pagaille, et Vundo.

 

On va commencer par ceci:

 

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.

***Si le lien ne fonctionne pas, essaie celui-ci : http://download.bleepingcomputer.com/andymanchesta/SDFix.exe ***

 

Double clique sur SDFix.exe et choisis Install. L'outil sera extrait à la racine du lecteur système (généralement le C:\).

Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

  • Redémarre ton ordinateur
  • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
  • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
  • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
  • Choisis ton compte.

Déroule la liste des instructions ci-dessous :

  • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
  • Appuie sur Y pour commencer le processus de nettoyage.
  • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  • Appuie sur une touche pour redémarrer le PC.
  • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

N.B.:

- Le fichier SDFIX_README.htm (dans le dossier SDFix) contient la liste des malwares pris en compte par l'outil.

- Andy fait plusieurs mises à jour, souvent plus d'une par jour... N'hésitez donc pas à demander de télécharger une nouvelle version lorsque le nettoyage dure et que l'outil ne semble pas tout voir.

Si SDfix ne se lançait pas:

 

- Démarrer/Exécuter

- Copie/colle ceci:

%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe

 

-Clique sur ok, et valide.

-Redémarre et essaie de nouveau de lancer SDfix.

 

Le fix va continuer à travailler après le redémarrage du pc.

Refais alors un nouveau log Hijackthis et poste les deux rapports stp.

 

Ne passe aucun autre outil de ta propre initiative; attends mon avis.

 

@++

Modifié par Apollo
R1000 Junior Member

R1000

Posté(e)
  • Auteur
Posté(e)

bonjour Apollo merci pour ta reponse

j'ai effectue ce que tu m'a demande maintenant je n'ai plus le message et voici les rapport:

 

sdfix:

 

 

SDFix: Version 1.235

Run by radOne on 14/10/2008 at 15:48

 

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

Restoring Default HomePage Value

Restoring Default Desktop Components Value

Restoring Default Desktop Wallpaper

Restoring Default ScreenSaver value

Restoring Windows Product ID To Remove Fake Virus Alert

Restoring Time Format To Remove Fake Virus Alert

 

Rebooting

 

 

Checking Files :

 

Trojan Files Found:

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Contains Links to Malware Sites! - Deleted

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Contains Links to Malware Sites! - Deleted

C:\WINDOWS\system32\lphcak1j0ev9r.exe - Deleted

C:\WINDOWS\system32\awtsQKcd.dll - Deleted

C:\WINDOWS\system32\phcak1j0ev9r.bmp - Deleted

C:\WINDOWS\system32\blphcak1j0ev9r.scr - Deleted

C:\WINDOWS\EDGK.EXE - Deleted

C:\Documents and Settings\radOne\Application Data\Adobe\crc.dat - Deleted

C:\Documents and Settings\radOne\Application Data\Adobe\Player.exe - Deleted

C:\Documents and Settings\radOne\Application Data\Adobe\Player.exe.bak - Deleted

C:\Documents and Settings\radOne\Local Settings\Temp\aaxF7.tmp.exe - Deleted

C:\Documents and Settings\radOne\Bureau\Malware Defender.url - Deleted

C:\Documents and Settings\radOne\Favoris\Malware Defender.url - Deleted

C:\Documents and Settings\radOne\Bureau\Protect Your Privacy.url - Deleted

C:\Documents and Settings\radOne\Favoris\Protect Your Privacy.url - Deleted

C:\Documents and Settings\radOne\Bureau\System Error Fixer.url - Deleted

C:\Documents and Settings\radOne\Favoris\System Error Fixer.url - Deleted

C:\Program Files\MicroAV\MicroAV.cpl - Deleted

C:\Program Files\MicroAV\MicroAV.exe - Deleted

C:\Program Files\MicroAV\MicroAV.ooo - Deleted

C:\Program Files\MicroAV\MicroAV0.dat - Deleted

C:\Program Files\MicroAV\MicroAV1.dat - Deleted

C:\Program Files\PCHealthCenter\0.exe - Deleted

C:\Program Files\PCHealthCenter\0.gif - Deleted

C:\Program Files\PCHealthCenter\1.exe - Deleted

C:\Program Files\PCHealthCenter\1.gif - Deleted

C:\Program Files\PCHealthCenter\1.ico - Deleted

C:\Program Files\PCHealthCenter\2.exe - Deleted

C:\Program Files\PCHealthCenter\2.gif - Deleted

C:\Program Files\PCHealthCenter\2.ico - Deleted

C:\Program Files\PCHealthCenter\3.exe - Deleted

C:\Program Files\PCHealthCenter\3.gif - Deleted

C:\Program Files\PCHealthCenter\4.exe - Deleted

C:\Program Files\PCHealthCenter\5.exe - Deleted

C:\Program Files\PCHealthCenter\7.exe - Deleted

C:\Program Files\PCHealthCenter\sc.html - Deleted

C:\DOCUME~1\radOne\LOCALS~1\Temp\.tt1.tmp - Deleted

C:\DOCUME~1\radOne\LOCALS~1\Temp\.tt11.tmp - Deleted

C:\DOCUME~1\radOne\LOCALS~1\Temp\.tt18.tmp - Deleted

C:\DOCUME~1\radOne\LOCALS~1\Temp\.tt1A.tmp - Deleted

C:\DOCUME~1\radOne\LOCALS~1\Temp\.tt1D.tmp - Deleted

C:\DOCUME~1\radOne\LOCALS~1\Temp\.tt2.tmp - Deleted

C:\DOCUME~1\radOne\LOCALS~1\Temp\.tt2B.tmp - Deleted

C:\DOCUME~1\radOne\LOCALS~1\Temp\.tt37.tmp - Deleted

C:\DOCUME~1\radOne\LOCALS~1\Temp\.tt7.tmp - Deleted

C:\DOCUME~1\radOne\LOCALS~1\Temp\.tt89C.tmp - Deleted

C:\DOCUME~1\radOne\LOCALS~1\Temp\.ttA.tmp - Deleted

C:\DOCUME~1\radOne\LOCALS~1\Temp\.ttAD9.tmp - Deleted

C:\DOCUME~1\radOne\LOCALS~1\Temp\.ttB.tmp - Deleted

C:\DOCUME~1\radOne\LOCALS~1\Temp\.ttD.tmp - Deleted

C:\DOCUME~1\radOne\LOCALS~1\Temp\.tt1.tmp.vbs - Deleted

C:\DOCUME~1\radOne\LOCALS~1\Temp\.tt2.tmp.vbs - Deleted

C:\DOCUME~1\radOne\LOCALS~1\Temp\.tt7.tmp.vbs - Deleted

C:\DOCUME~1\radOne\LOCALS~1\Temp\.tt89C.tmp.vbs - Deleted

C:\DOCUME~1\radOne\LOCALS~1\Temp\pwrmgr.exe.bat - Deleted

C:\DOCUME~1\radOne\LOCALS~1\Temp\smchk.exe.bat - Deleted

C:\DOCUME~1\radOne\LOCALS~1\Temp\windfr.exe.bat - Deleted

C:\DOCUME~1\radOne\LOCALS~1\Temp\sft_ver1.1454.0.exe - Deleted

C:\DOCUME~1\radOne\LOCALS~1\Temp\sft_ver1.1454.52.exe - Deleted

C:\WINDOWS\system32\1.ico - Deleted

C:\WINDOWS\system32\2.ico - Deleted

C:\WINDOWS\vortsgbqbom.dll - Deleted

C:\Documents and Settings\radOne\Application Data\sp2\qaccess.dll - Deleted

C:\Documents and Settings\radOne\Application Data\TmpRecentIcons\Micro Antivirus 2009.lnk - Deleted

C:\DOCUME~1\radOne\LOCALS~1\Temp\57329.exe - Deleted

C:\DOCUME~1\radOne\LOCALS~1\Temp\pwrmgr.exe - Deleted

C:\DOCUME~1\radOne\LOCALS~1\Temp\removalfile.bat - Deleted

C:\x - Deleted

C:\WINDOWS\lfstbwvd.dll - Deleted

C:\WINDOWS\olnmraew.dll - Deleted

C:\WINDOWS\qkeftmxn.exe - Deleted

C:\WINDOWS\qmafxprs.dll - Deleted

C:\WINDOWS\system32\MicroAV.cpl - Deleted

C:\WINDOWS\system32\drivers\tdssserv.sys - Deleted

C:\WINDOWS\system32\tdssadw.dll - Deleted

C:\WINDOWS\system32\TDSSerrors.log - Deleted

C:\WINDOWS\system32\tdssinit.dll - Deleted

C:\WINDOWS\system32\tdssl.dll - Deleted

C:\WINDOWS\system32\tdssmain.dll - Deleted

C:\WINDOWS\system32\tdssservers.dat - Deleted

 

 

 

Folder C:\Documents and Settings\radOne\Application Data\sp2 - Removed

Folder C:\Program Files\MicroAV - Removed

Folder C:\Program Files\PCHealthCenter - Removed

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-14 16:05:33

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program Files\DAEMON Tools\"

"h0"=dword:00000000

"khjeh"=hex:35,bd,e8,4b,b9,fd,dd,e8,eb,c1,2e,fb,0f,a1,e4,88,37,b5,35,17,70,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,02,ec,fe,44,ab,31,1b,ea,c6,eb,36,94,22,dd,93,14,b4,..

"khjeh"=hex:23,93,c4,07,fc,cc,a7,38,8f,57,75,14,87,dd,a4,01,a2,11,9a,ce,49,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:ed,da,fa,c1,7d,55,7d,f3,4f,4c,f7,dc,9a,3e,75,13,ec,c4,25,28,75,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]

"khjeh"=hex:09,83,9e,b4,7e,9b,c9,8c,77,f7,2f,7d,5e,45,2e,3f,08,79,78,cb,7f,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s0"=dword:33388f0a

"s1"=dword:f58ffcd4

"s2"=dword:990592df

"h0"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program Files\DAEMON Tools\"

"h0"=dword:00000000

"khjeh"=hex:35,bd,e8,4b,b9,fd,dd,e8,eb,c1,2e,fb,0f,a1,e4,88,37,b5,35,17,70,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,02,ec,fe,44,ab,31,1b,ea,c6,eb,36,94,22,dd,93,14,b4,..

"khjeh"=hex:23,93,c4,07,fc,cc,a7,38,8f,57,75,14,87,dd,a4,01,a2,11,9a,ce,49,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:ed,da,fa,c1,7d,55,7d,f3,4f,4c,f7,dc,9a,3e,75,13,ec,c4,25,28,75,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]

"khjeh"=hex:09,83,9e,b4,7e,9b,c9,8c,77,f7,2f,7d,5e,45,2e,3f,08,79,78,cb,7f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program Files\DAEMON Tools\"

"h0"=dword:00000000

"khjeh"=hex:35,bd,e8,4b,b9,fd,dd,e8,eb,c1,2e,fb,0f,a1,e4,88,37,b5,35,17,70,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,02,ec,fe,44,ab,31,1b,ea,c6,eb,36,94,22,dd,93,14,b4,..

"khjeh"=hex:23,93,c4,07,fc,cc,a7,38,8f,57,75,14,87,dd,a4,01,a2,11,9a,ce,49,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:ed,da,fa,c1,7d,55,7d,f3,4f,4c,f7,dc,9a,3e,75,13,ec,c4,25,28,75,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]

"khjeh"=hex:09,83,9e,b4,7e,9b,c9,8c,77,f7,2f,7d,5e,45,2e,3f,08,79,78,cb,7f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program Files\DAEMON Tools\"

"h0"=dword:00000000

"khjeh"=hex:35,bd,e8,4b,b9,fd,dd,e8,eb,c1,2e,fb,0f,a1,e4,88,37,b5,35,17,70,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,02,ec,fe,44,ab,31,1b,ea,c6,eb,36,94,22,dd,93,14,b4,..

"khjeh"=hex:23,93,c4,07,fc,cc,a7,38,8f,57,75,14,87,dd,a4,01,a2,11,9a,ce,49,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:ed,da,fa,c1,7d,55,7d,f3,4f,4c,f7,dc,9a,3e,75,13,ec,c4,25,28,75,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]

"khjeh"=hex:09,83,9e,b4,7e,9b,c9,8c,77,f7,2f,7d,5e,45,2e,3f,08,79,78,cb,7f,..

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"="C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe:*:Enabled:CyberLink PowerCinema"

"C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"="C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"

"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Disabled:AOL France"

"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

Remaining Files :

 

 

File Backups: - C:\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Mon 22 May 2006 218 A.SHR --- "C:\BOOT.BAK"

Tue 23 May 2006 22 A.SH. --- "C:\WINDOWS\SMINST\HPCD.sys"

Wed 3 May 2006 163,328 A.SHR --- "C:\WINDOWS\system32\flvDX.dll"

Wed 21 Feb 2007 31,744 A.SHR --- "C:\WINDOWS\system32\msfDX.dll"

Wed 7 Jun 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Sun 26 Jun 2005 616,448 A.SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"

Tue 21 Jun 2005 45,568 A.SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"

Wed 9 May 2007 72,704 A.SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"

Fri 27 Oct 2006 15,872 A.SHR --- "C:\Program Files\eRightSoft\SUPER\_Setup.dll"

Wed 26 Sep 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Tue 4 Jun 2002 84,992 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"

Tue 4 Jun 2002 44,032 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"

Tue 10 Dec 2002 73,766 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"

Tue 10 Dec 2002 65,575 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"

Sun 9 Jun 2002 36,864 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"

Tue 4 Jun 2002 20,480 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"

Tue 10 Dec 2002 102,437 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"

Tue 10 Dec 2002 176,165 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"

Tue 10 Dec 2002 208,935 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"

Tue 10 Dec 2002 217,127 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"

Sun 9 Jun 2002 40,448 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"

Sun 4 Nov 2001 225,280 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"

Tue 10 Apr 2001 225,280 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"

Fri 20 Feb 2004 232,960 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"

Sun 9 Jun 2002 525,824 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"

Tue 10 Dec 2002 245,805 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"

Tue 10 Dec 2002 45,093 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"

Tue 10 Dec 2002 98,341 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"

Tue 10 Dec 2002 94,247 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"

Tue 10 Dec 2002 90,151 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"

Tue 10 Dec 2002 102,439 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"

Sun 9 Jun 2002 49,152 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"

Wed 7 Jun 2006 4,348 A..H. --- "C:\Documents and Settings\radOne\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"

Sat 24 Jun 2006 20 A..H. --- "C:\Documents and Settings\radOne\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"

Sat 24 Jun 2006 400 A.SH. --- "C:\Documents and Settings\radOne\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"

 

Finished!

 

 

 

 

 

et le rappot de hijackthis:

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:15:46, on 14/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe

C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\CyberLink\PowerCinema\PCMService.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\iPod\bin\iPodService.exe

c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

F2 - REG:system.ini: UserInit=userinit.exe,

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [348f019b] rundll32.exe "C:\WINDOWS\system32\mknuiieo.dll",b

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5D7BE8D9-2976-4CBB-98D8-E31973801BAF}: NameServer = 82.216.111.122,82.216.111.123,82.216.111.124,82.216.111.125,82.216.111.121

O17 - HKLM\System\CS1\Services\Tcpip\..\{5D7BE8D9-2976-4CBB-98D8-E31973801BAF}: NameServer = 82.216.111.122,82.216.111.123,82.216.111.124,82.216.111.125,82.216.111.121

O17 - HKLM\System\CS2\Services\Tcpip\..\{5D7BE8D9-2976-4CBB-98D8-E31973801BAF}: NameServer = 82.216.111.122,82.216.111.123,82.216.111.124,82.216.111.125,82.216.111.121

O17 - HKLM\System\CS3\Services\Tcpip\..\{5D7BE8D9-2976-4CBB-98D8-E31973801BAF}: NameServer = 82.216.111.122,82.216.111.123,82.216.111.124,82.216.111.125,82.216.111.121

O17 - HKLM\System\CS4\Services\Tcpip\..\{5D7BE8D9-2976-4CBB-98D8-E31973801BAF}: NameServer = 82.216.111.122,82.216.111.123,82.216.111.124,82.216.111.125,82.216.111.121

O20 - AppInit_DLLs: eotkjp.dll

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

 

--

End of file - 11622 bytes

 

 

merci

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Bonjour,

 

Tu as des habitudes de surf très risquées mais ça, tu le sais aussi bien que moi.

 

Relance Hijackthis par "Do a system scan only" et coche la case devant cette ligne:

 

O4 - HKLM\..\Run: [348f019b] rundll32.exe "C:\WINDOWS\system32\mknuiieo.dll",b

 

 

Ferme les applications et le navigateur puis clique sur Fix Checked.

 

Télécharge Malwarebytes' Anti-Malware (MBAM)

 

  • Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  • Sélectionne "Exécuter un examen complet"
  • Clique sur "Rechercher"
  • L'analyse démarre, le scan est relativement long, c'est normal.
  • A la fin de l'analyse, un message s'affiche :
    L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
    Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

Si MBAM demande à être redémarré, reboote le pc.

 

Poste un nouveau log Hijackthis après le redémarrage de la machine stp.

 

@++

R1000 Junior Member

R1000

Posté(e)
  • Auteur
Posté(e)

bonjour apollo merci encore

voici le resultat:

 

Malwarebytes' Anti-Malware 1.28

Version de la base de données: 1268

Windows 5.1.2600 Service Pack 2

 

14/10/2008 19:13:45

mbam-log-2008-10-14 (19-13-45).txt

 

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)

Eléments examinés: 176919

Temps écoulé: 1 hour(s), 13 minute(s), 51 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 3

Clé(s) du Registre infectée(s): 8

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 2

Dossier(s) infecté(s): 6

Fichier(s) infecté(s): 53

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

C:\WINDOWS\system32\mknuiieo.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\qoMfgHBu.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\eotkjp.dll (Trojan.Vundo) -> Delete on reboot.

 

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2ce1b522-9671-4b11-8c52-0b765bb6d1e0} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{2ce1b522-9671-4b11-8c52-0b765bb6d1e0} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3994f383-114c-4601-8c00-b14aa77f7823} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3994f383-114c-4601-8c00-b14aa77f7823} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\qomfghbu -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\qomfghbu -> Delete on reboot.

 

Dossier(s) infecté(s):

C:\Documents and Settings\Brahim\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\Brahim\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\Brahim\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\Brahim\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\Brahim\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\Brahim\Application Data\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\WINDOWS\system32\qoMfgHBu.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\uBHgfMoq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\uBHgfMoq.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\eotkjp.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\mknuiieo.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\oeiiunkm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\Program Files\Everest Poker\casino.exe (Adware.Adorable casino) -> Quarantined and deleted successfully.

C:\Program Files\Everest Poker\gvcrt.dll (Adware.Adorable casino) -> Quarantined and deleted successfully.

C:\Program Files\Everest Poker\gvmain.exe (Adware.Adorable casino) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP691\A0075414.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP691\A0075416.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP691\A0075420.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP691\A0075423.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP691\A0075425.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP691\A0075426.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP691\A0075428.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP691\A0075437.dll (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP691\A0075453.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP691\A0075454.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP691\A0075456.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP691\A0075458.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP691\A0075459.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP691\A0075462.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP691\A0075464.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP691\A0075467.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP691\A0075477.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP691\A0075481.dll (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP691\A0075421.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ljJARkJA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ljJArsqq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pmnnOgHB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pmnopmkl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\cbXQHxvw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\cfgsoh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\geBqqnmM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\geBtQgfE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\opnmKaAP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ubdkwgkp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tmcnuchw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\aradvlkw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\xllutm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\xxywVnNH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\javmnepq\fqzaxers.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Brahim\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\Brahim\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\Brahim\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\Brahim\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\Brahim\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\Brahim\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\Brahim\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.

C:\Documents and Settings\Brahim\Bureau\Protect Your Privacy.url (Rogue.Link) -> Quarantined and deleted successfully.

C:\Documents and Settings\Brahim\Bureau\Malware Defender.url (Rogue.Link) -> Quarantined and deleted successfully.

C:\Documents and Settings\Brahim\Bureau\System Error Fixer.url (Rogue.Link) -> Quarantined and deleted successfully.

 

 

 

et pour hikackthis apres reboot:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:16:44, on 14/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe

C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\CyberLink\PowerCinema\PCMService.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5D7BE8D9-2976-4CBB-98D8-E31973801BAF}: NameServer = 82.216.111.122,82.216.111.123,82.216.111.124,82.216.111.125,82.216.111.121

O17 - HKLM\System\CS1\Services\Tcpip\..\{5D7BE8D9-2976-4CBB-98D8-E31973801BAF}: NameServer = 82.216.111.122,82.216.111.123,82.216.111.124,82.216.111.125,82.216.111.121

O17 - HKLM\System\CS2\Services\Tcpip\..\{5D7BE8D9-2976-4CBB-98D8-E31973801BAF}: NameServer = 82.216.111.122,82.216.111.123,82.216.111.124,82.216.111.125,82.216.111.121

O17 - HKLM\System\CS3\Services\Tcpip\..\{5D7BE8D9-2976-4CBB-98D8-E31973801BAF}: NameServer = 82.216.111.122,82.216.111.123,82.216.111.124,82.216.111.125,82.216.111.121

O17 - HKLM\System\CS4\Services\Tcpip\..\{5D7BE8D9-2976-4CBB-98D8-E31973801BAF}: NameServer = 82.216.111.122,82.216.111.123,82.216.111.124,82.216.111.125,82.216.111.121

O20 - AppInit_DLLs: eotkjp.dll

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

 

--

End of file - 12192 bytes

 

merci

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Re :P

 

Relance Hijackthis avec "Do a system scan only" puis coche la case devant cette ligne:

 

O20 - AppInit_DLLs: eotkjp.dll

 

Ferme les applications et le navigateur et clique sur Fix Checked.

 

Ta console Java est à jour; t'es-tu déjà servi(e) de Javara?

Si c'est non: n'utilise que le bouton que je montre:

img-2327100u0pq.jpg

 

 

Télécharge JavaRa.zip de Paul McLain et Fred de Vries.

  • Décompresse le fichier sur ton bureau (clic droit > Extraire tout)
  • Double-clique sur le répertoire JavaRa obtenu
  • Puis double-clique sur le fichier JavaRa.exe (le exe peut ne pas s'afficher)
  • Sous Vista: clic droit/Excécuter en temps qu'administrateur Clique sur Search For Updates
  • Sélectionne Update Using jucheck.exe puis clique sur Search
  • Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes.
  • Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions
  • Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.
  • Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse. Note : le rapport se trouve aussi à la racine de la partition système, en général C:\ sous le nom JavaRa.log (c:\JavaRa.log)
  • Ferme l'application

 

NB: en cas de problème d'installation de la dernière version de la console, télécharger la version "hors ligne" sur le bureau: http://javadl.sun.com/webapps/download/AutoDL?BundleId=23111 et l'installer toutes applications fermées sauf protections pc.

Il ne doit jamais rester que la dernière version dans le "Ajouter/supprimer des programmes".

********************************

 

Imprime ces instructions si nécessaire car il va y avoir un redémarrage de l'ordinateur.

 

Télécharge le FixWareout (LonnyRJones) sur le Bureau.

 

Lance le fix (FixWareout.exe), clique sur Next puis Install.

Assure-toi que Run fixit soit bien activé puis clique sur Finish.

Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le.

Ton système mettra un peu plus de temps au démarrage, c'est normal.

 

Au final, poste le contenu du rapport C:\fixwareout\report.txt avec un nouveau rapport HijackThis. + javara.

@++

R1000 Junior Member

R1000

Posté(e)
  • Auteur
Posté(e)

re

voila les resultat:

 

 

pour fixwareout:

 

 

Username "radOne" - 14/10/2008 20:32:38 [Fixwareout edited 9/01/2007]

 

~~~~~ Prerun check

 

Cache de résolution DNS vidé.

 

 

System was rebooted successfully.

 

~~~~~ Postrun check

HKLM\SOFTWARE\~\Winlogon\ "System"=""

....

....

~~~~~ Misc files.

....

~~~~~ Checking for older varients.

....

 

~~~~~ Current runs (hklm hkcu "run" Keys Only)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE"

"PCMService"="\"C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe\""

"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"

"PCDrProfiler"=""

"ccApp"="\"c:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\""

"DXDllRegExe"="dxdllreg.exe"

"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe\""

"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"

"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"

"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "

"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"

"Symantec PIF AlertEng"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Fichiers communs\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\""

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

"nwiz"="nwiz.exe /install"

"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

"D-Link AirPlus G"="C:\\Program Files\\D-Link\\AirPlus G\\AirGCFG.exe"

"ANIWZCS2Service"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"

"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"

"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

"BitTorrent DNA"="\"C:\\Program Files\\DNA\\btdna.exe\""

....

Hosts file was reset, If you use a custom hosts file please replace it...

~~~~~ End report ~~~~~

 

 

 

pour hijackthis:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:36:18, on 14/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe

C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\CyberLink\PowerCinema\PCMService.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5D7BE8D9-2976-4CBB-98D8-E31973801BAF}: NameServer = 82.216.111.122,82.216.111.123,82.216.111.124,82.216.111.125,82.216.111.121

O17 - HKLM\System\CS1\Services\Tcpip\..\{5D7BE8D9-2976-4CBB-98D8-E31973801BAF}: NameServer = 82.216.111.122,82.216.111.123,82.216.111.124,82.216.111.125,82.216.111.121

O17 - HKLM\System\CS2\Services\Tcpip\..\{5D7BE8D9-2976-4CBB-98D8-E31973801BAF}: NameServer = 82.216.111.122,82.216.111.123,82.216.111.124,82.216.111.125,82.216.111.121

O17 - HKLM\System\CS3\Services\Tcpip\..\{5D7BE8D9-2976-4CBB-98D8-E31973801BAF}: NameServer = 82.216.111.122,82.216.111.123,82.216.111.124,82.216.111.125,82.216.111.121

O17 - HKLM\System\CS4\Services\Tcpip\..\{5D7BE8D9-2976-4CBB-98D8-E31973801BAF}: NameServer = 82.216.111.122,82.216.111.123,82.216.111.124,82.216.111.125,82.216.111.121

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

 

--

End of file - 12193 bytes

 

 

 

et pour javara:

 

JavaRa 1.11 Removal Log.

 

Report follows after line.

 

------------------------------------

 

The JavaRa removal process was started on Tue Oct 14 20:25:01 2008

 

Found and removed: C:\Program Files\Java\jre1.5.0_05

 

Found and removed: C:\Program Files\Java\jre1.5.0_06

 

Found and removed: C:\Program Files\Java\jre1.5.0_09

 

Found and removed: C:\Program Files\Java\jre1.5.0_10

 

Found and removed: C:\Program Files\Java\jre1.5.0_11

 

Found and removed: C:\Program Files\Java\jre1.6.0_01

 

Found and removed: C:\Program Files\Java\jre1.6.0_02

 

Found and removed: C:\Program Files\Java\jre1.6.0_03

 

Found and removed: C:\Program Files\Java\jre1.6.0_05

 

Found and removed: Software\JavaSoft\Java2D\1.5.0_05

 

Found and removed: Software\JavaSoft\Java2D\1.5.0_06

 

Found and removed: Software\JavaSoft\Java2D\1.5.0_09

 

Found and removed: Software\JavaSoft\Java2D\1.5.0_10

 

Found and removed: Software\JavaSoft\Java2D\1.5.0_11

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510005

 

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006

 

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510009

 

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511000

 

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511001

 

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510005

 

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006

 

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510009

 

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511000

 

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511001

 

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510005

 

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006

 

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510009

 

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511000

 

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511001

 

Found and removed: SOFTWARE\Classes\JavaPlugin.150_05

 

Found and removed: SOFTWARE\Classes\JavaPlugin.150_06

 

Found and removed: SOFTWARE\Classes\JavaPlugin.150_09

 

Found and removed: SOFTWARE\Classes\JavaPlugin.150_10

 

Found and removed: SOFTWARE\Classes\JavaPlugin.150_11

 

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

 

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_05

 

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06

 

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_09

 

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_10

 

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_11

 

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

 

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_05

 

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06

 

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_09

 

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_10

 

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_11

 

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510005

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510009

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511000

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511001

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510005

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510009

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511000

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511001

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150050}

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060}

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150090}

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150100}

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150110}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

 

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610001

 

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610002

 

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003

 

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

 

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610001

 

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610002

 

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003

 

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

 

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

 

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

 

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

 

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

 

Found and removed: SOFTWARE\Classes\JavaPlugin.160_01

 

Found and removed: SOFTWARE\Classes\JavaPlugin.160_02

 

Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

 

Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

 

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01

 

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02

 

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

 

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

 

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01

 

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02

 

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

 

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

 

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610001

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610002

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610001

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610002

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160010}

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020}

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_05

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_09

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_10

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_11

 

Found and removed: Software\Classes\JavaPlugin.160_01

 

Found and removed: Software\Classes\JavaPlugin.160_02

 

Found and removed: Software\Classes\JavaPlugin.160_03

 

Found and removed: Software\Classes\JavaPlugin.160_05

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_05\

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_09\

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_10\

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_11\

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\bin\

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\bin\

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_01

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_02

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

 

Found and removed: Software\JavaSoft\Java2D\1.6.0_01

 

Found and removed: Software\JavaSoft\Java2D\1.6.0_02

 

Found and removed: Software\JavaSoft\Java2D\1.6.0_03

 

Found and removed: Software\JavaSoft\Java2D\1.6.0_05

 

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_01

 

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_02

 

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03

 

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

 

JavaRa 1.11 Removal Log.

 

Report follows after line.

 

------------------------------------

 

The JavaRa removal process was started on Tue Oct 14 20:26:15 2008

 

------------------------------------

 

Finished reporting.

 

 

 

JavaRa 1.11 Removal Log.

 

Report follows after line.

 

------------------------------------

 

The JavaRa removal process was started on Tue Oct 14 20:28:13 2008

 

------------------------------------

 

Finished reporting.

 

 

 

merci

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Ok!

 

Les boulevards pour Vundo sont fermés.

 

Tu viens de gagner minimum 500 Mo d'espace disque. :P

 

efafa0cd58fcc0b559a37b26a37b.jpegPEER-TO-PEER efafa0cd58fcc0b559a37b26a37b.jpeg

 

Je note que tu disposes d'un logiciel de peer-to-peer.

 

Jette un oeil à ma petite synthèse sur les dangers sécuritaires du peer-to-peer en cliquant sur cette bannière:

 

img-103332veltm.jpg

 

J'espère que tu changeras d'avis à propos du téléchargement peer-to-peer: va faire un tour sur le forum de désinfection: le peer-to-peer est l'un des principaux vecteurs de virus via les cracks, keygens, fakes...

 

Article créé par oGu, conseiller en sécurité

*******************************************

Pour sécuriser au maximum ton PC, il faut:

 

Que tu connaisses les pièges d'Internet et la façon de les éviter.

Pour cela, consulte ce document au format PDF. Tout y est expliqué.

Jusqu'à présent Vista avait été épargné par les virus et troyens essentiellement développés pour XP. Mais il est vite devenu la cible des menaces en tout genre. Donc, autant savoir à l'avance comment se protéger.

 

:arrow: Enfin, ce serait cool que tu déclares ton infection sur Malware Complaints. Qu'est ce que Malware Complaints

Pour faire entendre notre voix, nous devons être le plus nombreux possible à témoigner.

 

  • Voir les règles de Malware-Complaints : http://www.malwarecomplaints.info/phpBB3/viewtopic.php?t=5
     
  • Enregistre toi sur le forum à partir du bouton register en haut :
     
  • Après t'être enregistré, tu as sous forme de liste les types d'infection (Look2Me, Smitfraud, etc..) :
    Exemple pour la France: http://www.malwarecomplaints.info/phpBB3/viewforum.php?f=10
     
    Belgique:
    http://www.malwarecomplaints.info/phpBB3/viewforum.php?f=35
     
    Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas quelle infection tu as eu, crée un message dans le sujet "Autres infections" conforme aux règles du forum (age, ville, département etc..) (Dans ton cas, il s'agit d'une infection Vundo, Smitfraud,Lop; et traojan divers)
     
  • Pour poster un message, clique sur le bouton "post reply" et saisis les informations.
    NE PAS CREER UN NOUVEAU SUJET avec le bouton New Topic.
     
    NB: Si tu as de la difficulté pour l'inscription sur Malware Complaints, tout est expliqué ICI

 

Désinstalle les outils utilisés:

 

Pour désinstaller les outils utilisés:

 

Télécharger ToolsCleaner! de A.Rothstein pour enlever les programmes utilisés pendant la procédure.

http://pc-system.fr/TC/ToolsCleaner2.exe

* Enregistrer ToolsCleaner2.exe sur le Bureau.

Sous Vista,Clic-droit > Exécuter en tant qu' Administrateur

* Double-cliquer dessus, puis cliquer sur Recherche --> Le programme va chercher les utilitaires installés

------> Il se peut que la fenêtre devienne blanche pendant le scan, c'est normal !

* Copier-coller le contenu du rapport qui apparait dans la fenêtre blanche.

 

Lorsque la recherche est terminée ToolsCleaner affiche une liste des différents outils trouvés, cliquez sur "Suppression" afin de les supprimer.

Fermez le programme en cliquant sur "Quitter ".

 

Postez le rapport qui se trouve ici >>> C:\TCleaner.txt

 

Options facultatives

 

A utiliser si vous le souhaitez :

 

Création d'un nouveau point de restauration (conseillé)

Vidage de la corbeille

Nettoyage de vos fichiers temporaires

 

Comment se comporte le pc?

 

@++

R1000 Junior Member

R1000

Posté(e)
  • Auteur
Posté(e)

merci encore pour la rapidite des reponse

le pc a l'aire de bien aller je vais lire la synthese et en prendre compte je te remercie encore

voila le raport de tcleaner:

 

[ Rapport ToolsCleaner version 2.2.3 (par A.Rothstein & dj QUIOU) ]

 

-->- Recherche:

 

C:\SDFIX: trouvé !

C:\FixWareOut: trouvé !

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !

C:\Documents and Settings\radOne\Application Data\TmpRecentIcons\HijackThis.lnk: trouvé !

C:\Documents and Settings\radOne\Bureau\SdFix.exe: trouvé !

C:\Documents and Settings\radOne\Bureau\FixWareout.exe: trouvé !

C:\Documents and Settings\radOne\Bureau\HJTInstall.exe: trouvé !

C:\Documents and Settings\radOne\Recent\HijackThis.lnk: trouvé !

C:\Program Files\Trend Micro\HijackThis: trouvé !

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

 

---------------------------------

-->- Suppression:

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !

C:\Documents and Settings\radOne\Application Data\TmpRecentIcons\HijackThis.lnk: supprimé !

C:\Documents and Settings\radOne\Bureau\SdFix.exe: supprimé !

C:\Documents and Settings\radOne\Bureau\FixWareout.exe: supprimé !

C:\Documents and Settings\radOne\Bureau\HJTInstall.exe: supprimé !

C:\Documents and Settings\radOne\Recent\HijackThis.lnk: supprimé !

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !

C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !

C:\SDFIX: supprimé !

C:\FixWareOut: supprimé !

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !

C:\Program Files\Trend Micro\HijackThis: supprimé !

 

 

merci

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...