Se connecter / S'enregistrer
Votre question

divers trojan spy goldun

Tags :
  • Trojan
  • Sécurité
Dernière réponse : dans Sécurité et virus
31 Mars 2006 15:46:49

bonjour,
cela fait quelques jours que j'ai chopé un trojan type spy goldun,
je suis sous win me
j'ai avast, il detecte au démarrage mais n'arrive pas à le supprimer: il le localise dans svchost.dll et regserv.dll
j'ai fait un scan spybot et ad aware mais toujours pareil.

j'ai fait un scan bitdefender que je joins en dessous.
j'ai également fait un scan hijackthis que je rajoute à la suite. j'ai essayer avec ewido mais sous win me pas moyen de l'installer.
j'ai l'impression que plus ça va, moins ça va et que le virus est en train de s'installer confortablement...
avant de tout formater, si je pouvais avoir un peu d'aide ce serait sympa... ( merci )

scan bitdefender:
Scanned File
Status

C:\Program Files\Windows AdControl\WinAdShift.dll
Detected with: Application.WinAdCtl.A

C:\Program Files\Windows AdControl\WinAdShift.dll
Disinfection failed

C:\Program Files\Windows AdControl\WinAdShift.dll
Deleted

C:\WINDOWS\SYSTEM\svchost.exe
Infected with: Trojan.Spy.Goldun.CM

C:\WINDOWS\SYSTEM\svchost.exe
Disinfection failed

C:\WINDOWS\SYSTEM\svchost.exe
Delete failed

C:\WINDOWS\SYSTEM\SVCHOST.dll
Infected with: Trojan.Spy.Goldun.CM

C:\WINDOWS\SYSTEM\SVCHOST.dll
Disinfection failed

C:\WINDOWS\SYSTEM\SVCHOST.dll
Delete failed

C:\WINDOWS\SYSTEM\regserv.exe
Infected with: Dropped:Trojan.Spy.Goldun.CM

C:\WINDOWS\SYSTEM\regserv.exe
Disinfection failed

C:\WINDOWS\SYSTEM\regserv.exe
Delete failed

C:\WINDOWS\SYSTEM\REGSERV.dll
Infected with: Trojan.Spy.Goldun.CM

C:\WINDOWS\SYSTEM\REGSERV.dll
Disinfection failed

C:\WINDOWS\SYSTEM\REGSERV.dll
Delete failed

C:\WINDOWS\SYSTEM\dvd4free.dll
Infected with: Trojan.Spy.Goldun.CL

C:\WINDOWS\SYSTEM\dvd4free.dll
Disinfection failed

C:\WINDOWS\SYSTEM\dvd4free.dll
Delete failed

C:\WINDOWS\Downloaded Program Files\phoneaccess.dll
Infected with: Trojan.Dialer.OJ

C:\WINDOWS\Downloaded Program Files\phoneaccess.dll
Disinfection failed

C:\WINDOWS\Downloaded Program Files\phoneaccess.dll
Delete failed

C:\WINDOWS\Application Data\Identities\{174AD39A-98AA-4435-AC43-5656BCF0760E}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 0)=>[Subject: [avast! - INFECTED] Your Password (MIME part)=>cg86.zl3
Infected with: Win32.Sober.I@mm

C:\WINDOWS\Application Data\Identities\{174AD39A-98AA-4435-AC43-5656BCF0760E}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 0)=>[Subject: [avast! - INFECTED] Your Password (MIME part)=>cg86.zl3
Disinfection failed

C:\WINDOWS\Application Data\Identities\{174AD39A-98AA-4435-AC43-5656BCF0760E}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 0)=>[Subject: [avast! - INFECTED] Your Password (MIME part)=>cg86.zl3
Deleted

C:\WINDOWS\Application Data\Identities\{174AD39A-98AA-4435-AC43-5656BCF0760E}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 0)=>[Subject: [avast! - INFECTED] Your Password (MIME part)
Updated

C:\WINDOWS\Application Data\Identities\{174AD39A-98AA-4435-AC43-5656BCF0760E}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 0)
Updated

C:\WINDOWS\Application Data\Identities\{174AD39A-98AA-4435-AC43-5656BCF0760E}\Microsoft\Outlook Express\Boîte de réception.dbx
Update failed

C:\WINDOWS\Application Data\Identities\{174AD39A-98AA-4435-AC43-5656BCF0760E}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 1)=>[Subject: [avast! - INFECTED] Wet girls][Date: Fri, 26 Nov 2004 17:17:34 +0100]=>(MIME part)=>jenifer.zip
Infected with: Win32.Mabutu.A@mm

C:\WINDOWS\Application Data\Identities\{174AD39A-98AA-4435-AC43-5656BCF0760E}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 1)=>[Subject: [avast! - INFECTED] Wet girls][Date: Fri, 26 Nov 2004 17:17:34 +0100]=>(MIME part)=>jenifer.zip
Disinfection failed

C:\WINDOWS\Application Data\Identities\{174AD39A-98AA-4435-AC43-5656BCF0760E}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 1)=>[Subject: [avast! - INFECTED] Wet girls][Date: Fri, 26 Nov 2004 17:17:34 +0100]=>(MIME part)=>jenifer.zip
Deleted

C:\WINDOWS\Application Data\Identities\{174AD39A-98AA-4435-AC43-5656BCF0760E}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 1)=>[Subject: [avast! - INFECTED] Wet girls][Date: Fri, 26 Nov 2004 17:17:34 +0100]=>(MIME part)
Updated

C:\WINDOWS\Application Data\Identities\{174AD39A-98AA-4435-AC43-5656BCF0760E}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 1)
Updated

C:\WINDOWS\Application Data\Identities\{174AD39A-98AA-4435-AC43-5656BCF0760E}\Microsoft\Outlook Express\Boîte de réception.dbx
Update failed

C:\WINDOWS\Application Data\Identities\{174AD39A-98AA-4435-AC43-5656BCF0760E}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 2)=>[Subject: [avast! - INFECTED] Registration con][Date: Fri, 26 Nov 2004 14:53:15 GMT]=>(MIME part)=>cg86.eml.zip
Infected with: Win32.Sober.I@mm

C:\WINDOWS\Application Data\Identities\{174AD39A-98AA-4435-AC43-5656BCF0760E}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 2)=>[Subject: [avast! - INFECTED] Registration con][Date: Fri, 26 Nov 2004 14:53:15 GMT]=>(MIME part)=>cg86.eml.zip
Deleted

C:\WINDOWS\Application Data\Identities\{174AD39A-98AA-4435-AC43-5656BCF0760E}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 2)=>[Subject: [avast! - INFECTED] Registration con][Date: Fri, 26 Nov 2004 14:53:15 GMT]=>(MIME part)
Updated

C:\WINDOWS\Application Data\Identities\{174AD39A-98AA-4435-AC43-5656BCF0760E}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 2)
Updated

C:\WINDOWS\Application Data\Identities\{174AD39A-98AA-4435-AC43-5656BCF0760E}\Microsoft\Outlook Express\Boîte de réception.dbx
Update failed



scan hijackthis:
Logfile of HijackThis v1.99.0
Scan saved at 15:25:57, on 31/03/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\OMNIPAGESE\OPWARE32.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\FR\MSNAPPAU.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\CNNIC\CDN\CDNUP.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SYSTEM\REGSERV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\A-SQUARED\A2GUARD.EXE
C:\PROGRAM FILES\MODEM ADSL USB\MODEM ADSL USB\DSLMON.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.neuf.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neuf.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\FR\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
O2 - BHO: phoneaccess Class - {5054F860-748D-4840-B7B4-DDDB428421AF} - C:\WINDOWS\DOWNLO~1\PHONEA~1.DLL
O2 - BHO: CNNIC_IDN - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\CDN\CDNIEHLP.DLL
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\FR\MSNTB.DLL
O3 - Toolbar: &Translator Internet - {8E4AA109-7239-4B85-8196-7377A53DDEFF} - C:\PROGRA~1\TRANSL~1\DELPHI~1.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exe"
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WindowsUpdateR] C:\WINDOWS\SYSTEM\REGSERV.EXE /s
O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\SYSTEM\SVCHOST.EXE /s
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"
O4 - Startup: DSLMON.lnk = C:\Program Files\modem ADSL USB\modem ADSL USB\dslmon.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Ouvrir le cadre dans une nouvelle fenêtre - file://C:\WINDOWS\web\nvcadre.html
O8 - Extra context menu item: Voir les cookies - C:\WINDOWS\web\cookies.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Chinese Navigation - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\CDN\CDNIEHLP.DLL
O9 - Extra 'Tools' menuitem: Chinese Navigation - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\CDN\CDNIEHLP.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O16 - DPF: {5054F860-748D-4840-B7B4-DDDB428421AF} (phoneaccess Class) - http://ip.sponsoradulto.com/cab/4/fr/phoneaccess.cab
O16 - DPF: {9A578C98-3C2F-4630-890B-FC04196EF420} (CNNIC_IDN) - http://jump.cnnic.cn/stat/stat?sid=0008&debug=false&pid...
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/...
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.antivirus-france.com/kavwebscan_ansi....

et scan kapersky:

Nom de l'objet infecté Nom du virus Dernière action
c:\_RESTORE\TEMP\A0000276.CPY Infecté: Trojan-Proxy.Win32.Agent.jo ignoré

c:\_RESTORE\TEMP\A0000279.CPY Infecté: Trojan-Proxy.Win32.Agent.jo ignoré

c:\WINDOWS\SYSTEM\svchost.exe Infecté: Trojan-Proxy.Win32.Agent.jo ignoré

c:\WINDOWS\SYSTEM\SVCHOST.dll Infecté: Trojan-Proxy.Win32.Agent.jo ignoré

c:\WINDOWS\SYSTEM\REGSERV.dll Infecté: Trojan-Proxy.Win32.Agent.jo ignoré

c:\WINDOWS\Downloaded Program Files\phoneaccess.dll Infecté: Trojan.Win32.Dialer.oj ignoré

c:\WINDOWS\Application Data\Identities\{174AD39A-98AA-4435-AC43-5656BCF0760E}\Microsoft\Outlook Express\Boîte de réception.dbx/[From hostmaster@cg86.fr][Date Fri, 26 Nov 2004 14:53:15 GMT]/UNNAMED/cg86.eml.zip/message_text.txt .pif Infecté: Email-Worm.Win32.Sober.i ignoré

c:\WINDOWS\Application Data\Identities\{174AD39A-98AA-4435-AC43-5656BCF0760E}\Microsoft\Outlook Express\Boîte de réception.dbx/[From hostmaster@cg86.fr][Date Fri, 26 Nov 2004 14:53:15 GMT]/UNNAMED/cg86.eml.zip Infecté: Email-Worm.Win32.Sober.i ignoré

c:\WINDOWS\Application Data\Identities\{174AD39A-98AA-4435-AC43-5656BCF0760E}\Microsoft\Outlook Express\Boîte de réception.dbx/[From hostmaster@cg86.fr][Date Fri, 26 Nov 2004 14:53:15 GMT]/UNNAMED Infecté: Email-Worm.Win32.Sober.i ignoré

c:\WINDOWS\Application Data\Identities\{174AD39A-98AA-4435-AC43-5656BCF0760E}\Microsoft\Outlook Express\Boîte de réception.dbx/[From ][Date Fri, 26 Nov 2004 17:17:34 +0100]/UNNAMED/jenifer.zip/jenifer.jpg .scr Infecté: Email-Worm.Win32.Mabutu.a ignoré

c:\WINDOWS\Application Data\Identities\{174AD39A-98AA-4435-AC43-5656BCF0760E}\Microsoft\Outlook Express\Boîte de réception.dbx/[From ][Date Fri, 26 Nov 2004 17:17:34 +0100]/UNNAMED/jenifer.zip Infecté: Email-Worm.Win32.Mabutu.a ignoré

c:\WINDOWS\Application Data\Identities\{174AD39A-98AA-4435-AC43-5656BCF0760E}\Microsoft\Outlook Express\Boîte de réception.dbx/[From ][Date Fri, 26 Nov 2004 17:17:34 +0100]/UNNAMED Infecté: Email-Worm.Win32.Mabutu.a ignoré

c:\WINDOWS\Application Data\Identities\{174AD39A-98AA-4435-AC43-5656BCF0760E}\Microsoft\Outlook Express\Boîte de réception.dbx/[From user_info@cg86.fr][Date Fri, 26 Nov 2004 16:20:50 GMT]/UNNAMED/cg86.zl3 Infecté: Email-Worm.Win32.Sober.i ignoré

c:\WINDOWS\Application Data\Identities\{174AD39A-98AA-4435-AC43-5656BCF0760E}\Microsoft\Outlook Express\Boîte de réception.dbx/[From user_info@cg86.fr][Date Fri, 26 Nov 2004 16:20:50 GMT]/UNNAMED Infecté: Email-Worm.Win32.Sober.i ignoré

c:\WINDOWS\Application Data\Identities\{174AD39A-98AA-4435-AC43-5656BCF0760E}\Microsoft\Outlook Express\Boîte de réception.dbx Mail MS Outlook 5: infecté - 8 ignoré

Analyse terminée.
encore merci pour votre aide

Autres pages sur : divers trojan spy goldun

31 Mars 2006 19:57:49

je rajoute le scan de hijackthis nouvelle version !

Logfile of HijackThis v1.99.1
Scan saved at 19:50:56, on 31/03/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\OMNIPAGESE\OPWARE32.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\CNNIC\CDN\CDNUP.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SYSTEM\REGSERV.EXE
C:\WINDOWS\SYSTEM\SVCHOST.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\A-SQUARED\A2GUARD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MODEM ADSL USB\MODEM ADSL USB\DSLMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS LAUNCHER\OELAUNCHER.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\DAP\DAP.EXE
C:\WINDOWS\BUREAU\EXTRA\à OUVRIR\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.neuf.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\FR\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
O2 - BHO: phoneaccess Class - {5054F860-748D-4840-B7B4-DDDB428421AF} - C:\WINDOWS\DOWNLO~1\PHONEA~1.DLL
O2 - BHO: CNNIC_IDN - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\CDN\CDNIEHLP.DLL
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\FR\MSNTB.DLL
O3 - Toolbar: &Translator Internet - {8E4AA109-7239-4B85-8196-7377A53DDEFF} - C:\PROGRA~1\TRANSL~1\DELPHI~1.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exe"
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WindowsUpdateR] C:\WINDOWS\SYSTEM\REGSERV.EXE /s
O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\SYSTEM\SVCHOST.EXE /s
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"
O4 - Startup: DSLMON.lnk = C:\Program Files\modem ADSL USB\modem ADSL USB\dslmon.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Ouvrir le cadre dans une nouvelle fenêtre - file://C:\WINDOWS\web\nvcadre.html
O8 - Extra context menu item: Voir les cookies - C:\WINDOWS\web\cookies.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Chinese Navigation - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\CDN\CDNIEHLP.DLL
O9 - Extra 'Tools' menuitem: Chinese Navigation - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\CDN\CDNIEHLP.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O16 - DPF: {5054F860-748D-4840-B7B4-DDDB428421AF} (phoneaccess Class) - http://ip.sponsoradulto.com/cab/4/fr/phoneaccess.cab
O16 - DPF: {9A578C98-3C2F-4630-890B-FC04196EF420} (CNNIC_IDN) - http://jump.cnnic.cn/stat/stat?sid=0008&debug=false&pid...
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/...
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.antivirus-france.com/kavwebscan_ansi....
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS