Sujet Précédent Sujet Suivant

Win32:Fraudo [Trj] & Win32:FakeAV-NO [Rtk]

Gr4v1ty -  
 Scrouch -
Bonjour,

J'aurai besoin de votre aide pour un virus...que je ne sais comment s'est mis sur mon ordi. Je naviguais clamement sur internet, sur google (cherchant des infos sur l'exmane theorique pour le permis) et la avast me vient m'allerter avec 2 virus....

"Local Settings\Temporary Internet Files\Content.IE5\W9Q7S12F\Install[1].exe"

Un est situé ici... Mais l'autre je ne sais pas...vu que quand je faisais "Move to chest" on me dit qu'on ne peux processer ce fichier...Un peu t'aide SVP?

Merci ;)

PS: Si ca peu aider, il y a une petite boule dans le "taskbar" qui dit que mon ordi est infecté

17 réponses

Réponse 1 / 17
Utilisateur anonyme
 
Hello , tu es encore infecté :

---> Télécharge OTM (OldTimer) sur ton Bureau.

---> Double-clique sur OTM.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :

:processes
explorer.exe

:files
c:\documents and settings\Robert.YOUR-0CDC4F5844\Local Settings\Application Data\edov.com
c:\documents and settings\Robert.YOUR-0CDC4F5844\Local Settings\Application Data\eful.dll
c:\documents and settings\Robert.YOUR-0CDC4F5844\Application Data\osiwa.exe
c:\documents and settings\Robert.YOUR-0CDC4F5844\Application Data\suzehy.bat
c:\windows\capo.sys
c:\windows\dixibi.scr
c:\program files\Common Files\kuzanon.dat
c:\windows\ogisohyni.com
c:\program files\Common Files\xapypowice.sys
c:\program files\PC_Antispyware2010
c:\windows\LastGood
c:\documents and settings\Robert.YOUR-0CDC4F5844\msword98.exe

:registry
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msword98"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=-

:commands
[purity]
[emptytemp]
[reboot]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTM.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

########

• Telecharge malwarebytes

• Tu l´instale, le programme va se mettre automatiquement a jour.

• Une fois a jour, le programme va se lancer.

• Click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

• Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".

• Puis click sur "rechercher".

• Laisse le scanner le pc...

• Si des elements on ete trouvés > click sur supprimer la selection.

• Si il t´es demandé de redemarrer > click sur "yes".

• A la fin un rapport va s´ouvrir, sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

• Copie et colle le rapport stp.

1
Réponse 2 / 17
nihat42 Messages postés 307 Date d'inscription   Statut Membre Dernière intervention   42
 
Bonjour,

Les helpers déconseillent avast ! car il est très lent pour intégrer les nouvelles infections.
Voir :

Avast! vs Antivir
Avast! vs Antivir vs Avg

Pour désinstaller avast!

●Téléchargez aswClear.exe sur votre bureau
●Désactivez le système d’autoprotection avast! ou redémarrez Windows en Mode sans Echec
●Exécutez l'utilitaire téléchargé
●Si vous avez installé avast dans un dossier différent de celui par défaut retrouvez le en parcourrant votre disque avec le bouton "...". (Note: Faites attention! Le contenu de tout dossier que vous choisirez sera supprimé!)
●Cliquez sur Uninstall
●Redémarrez votre ordinateur
________________________________________________________________________________________________

• Télécharger et Installer Antivir : http://dlce.antivir.com/package/wks_avira/win32/fr/pecl/avira_antivir_personal_fr.exe
• Suivez ce tutoriel pour le paramétrer : https://www.commentcamarche.net/faq/16831-tutoriel-configuration-optimale-d-antivir-personal
• Faites la maj.
•Mettre à jour Antivir
• Redémarrez en mode sans échec >> https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/
• Lancer un scan "Complet"
Postez le rapport.
0
Réponse 3 / 17
Gr4v1ty
 
Et ceci va desinstaller...Quoi mon antivirus? Ou le virus?
0
Réponse 4 / 17
Gr4v1ty
 
Question stupide...DSl...

Mais la...Ca ne reglera pas mon probleme...? N'est-ce pas?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 17
Gr4v1ty
 
Désolé...Je n'ai pas vu la fleche pointant vers le bas pour le rest du message... Moi ce que j'ai fait. En lisant d'autre tutoriel, j'ai installé ComboFix et la je fais un scan avec Malwarebytes.

Le scan de Combo fix me donne ca:

ComboFix 09-08-10.06 - Robert 08/14/2009 11:23.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.617 [GMT -4:00]
Running from: c:\documents and settings\Robert.YOUR-0CDC4F5844\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090813-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Robert.YOUR-0CDC4F5844\Application Data\Microsoft\Internet Explorer\Quick Launch\PC_Antispyware2010.lnk
c:\documents and settings\Robert.YOUR-0CDC4F5844\Application Data\wiaserva.log
c:\documents and settings\Robert.YOUR-0CDC4F5844\Local Settings\Temporary Internet Files\bymaku.db
c:\documents and settings\Robert.YOUR-0CDC4F5844\Local Settings\Temporary Internet Files\qukam._sy
c:\documents and settings\Robert.YOUR-0CDC4F5844\Local Settings\Temporary Internet Files\teqixajuq.dll
c:\documents and settings\Robert.YOUR-0CDC4F5844\Local Settings\Temporary Internet Files\ucudawyzu.dat
c:\documents and settings\Robert.YOUR-0CDC4F5844\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\Robert.YOUR-0CDC4F5844\Start Menu\Programs\Startup\ikowin32.exe
C:\Documents
C:\install.exe
c:\recycler\S-1-5-21-853375835-2925165621-1566566333-1006
c:\recycler\S-1-5-21-853375835-2925165621-1566566333-1007
c:\recycler\S-1-5-21-853375835-2925165621-1566566333-1008
c:\windows\Installer\10b10922.msp
c:\windows\Installer\119a0.msi
c:\windows\Installer\135fb.msi
c:\windows\Installer\13b3f.msi
c:\windows\Installer\151495b.msp
c:\windows\Installer\15e4a9.msi
c:\windows\Installer\1770f.msi
c:\windows\Installer\1949b89.msi
c:\windows\Installer\1949e34.msp
c:\windows\Installer\1949f0b.msp
c:\windows\Installer\199afd2.msp
c:\windows\Installer\1af0b.msi
c:\windows\Installer\1af11.msi
c:\windows\Installer\1af17.msi
c:\windows\Installer\1af1d.msi
c:\windows\Installer\1af23.msi
c:\windows\Installer\1af31.msi
c:\windows\Installer\1ce92.msi
c:\windows\Installer\1f0a4.msi
c:\windows\Installer\23a0f.msp
c:\windows\Installer\265a3.msi
c:\windows\Installer\2e84a06.msi
c:\windows\Installer\31f1c4e.msi
c:\windows\Installer\360e5.msi
c:\windows\Installer\379719.msi
c:\windows\Installer\3b82d24.msp
c:\windows\Installer\3bc5e.msp
c:\windows\Installer\3bc70.msp
c:\windows\Installer\3bc81.msp
c:\windows\Installer\3bc93.msp
c:\windows\Installer\3bcbb.msp
c:\windows\Installer\3bcce.msp
c:\windows\Installer\3bce0.msp
c:\windows\Installer\3bcf2.msp
c:\windows\Installer\404e63e.msp
c:\windows\Installer\410276b.msi
c:\windows\Installer\42c49c.msi
c:\windows\Installer\451e00.msi
c:\windows\Installer\50cc8f8.msi
c:\windows\Installer\52012f.msi
c:\windows\Installer\520135.msi
c:\windows\Installer\52013b.msi
c:\windows\Installer\526aa50.msp
c:\windows\Installer\53076ea.msi
c:\windows\Installer\56a079c.msp
c:\windows\Installer\56a07b2.msp
c:\windows\Installer\5e185f2.msp
c:\windows\Installer\5e18605.msp
c:\windows\Installer\5e18618.msp
c:\windows\Installer\5e1862b.msp
c:\windows\Installer\710ca0c.msp
c:\windows\Installer\710ca13.msi
c:\windows\Installer\8dc6fab.msi
c:\windows\Installer\98316.msp
c:\windows\Installer\a4e2428.msi
c:\windows\Installer\b7dbd.msi
c:\windows\Installer\b8054ad.msi
c:\windows\Installer\b944e7.msi
c:\windows\Installer\b9cb51f.msp
c:\windows\Installer\b9cb5b7.msp
c:\windows\Installer\b9cb5c9.msp
c:\windows\Installer\b9cb5cb.msp
c:\windows\Installer\b9cb663.msi
c:\windows\Installer\bc4820.msi
c:\windows\Installer\cd9d4f8.msi
c:\windows\Installer\cd9d4fe.msi
c:\windows\Installer\ce424.msi
c:\windows\Installer\ce42e.msi
c:\windows\Installer\ec063.msi
c:\windows\Installer\ed6f2f.msi
c:\windows\Installer\ed6f35.msi
c:\windows\Installer\ed6f3e.msi
c:\windows\Installer\ed6f48.msi
c:\windows\Installer\ed6f4e.msi
c:\windows\Installer\ed6f57.msi
c:\windows\Installer\ed6f5d.msi
c:\windows\Installer\ed6f68.msi
c:\windows\Installer\ed6f6e.msi
c:\windows\Installer\ed6f78.msi
c:\windows\Installer\ed6f84.msi
c:\windows\Installer\ed6f8a.msi
c:\windows\Installer\ed6f90.msi
c:\windows\Installer\ed6f96.msi
c:\windows\Installer\ed6f9d.msi
c:\windows\kb913800.exe
c:\windows\system32\_scui.cpl
c:\windows\system32\braviax.exe
c:\windows\system32\muzapp.exe
c:\windows\system32\wisdstr.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-07-14 to 2009-08-14 )))))))))))))))))))))))))))))))
.

2009-08-14 15:10 . 2009-08-14 15:10 19316 ----a-w- c:\documents and settings\Robert.YOUR-0CDC4F5844\Local Settings\Application Data\edov.com
2009-08-14 15:10 . 2009-08-14 15:10 18426 ----a-w- c:\documents and settings\Robert.YOUR-0CDC4F5844\Local Settings\Application Data\eful.dll
2009-08-14 15:10 . 2009-08-14 15:10 18408 ----a-w- c:\documents and settings\Robert.YOUR-0CDC4F5844\Application Data\osiwa.exe
2009-08-14 15:10 . 2009-08-14 15:10 18052 ----a-w- c:\documents and settings\Robert.YOUR-0CDC4F5844\Application Data\suzehy.bat
2009-08-14 15:10 . 2009-08-14 15:10 17957 ----a-w- c:\windows\capo.sys
2009-08-14 15:10 . 2009-08-14 15:10 17596 ----a-w- c:\windows\dixibi.scr
2009-08-14 15:10 . 2009-08-14 15:10 15494 ----a-w- c:\program files\Common Files\kuzanon.dat
2009-08-14 15:10 . 2009-08-14 15:10 12000 ----a-w- c:\windows\ogisohyni.com
2009-08-14 15:10 . 2009-08-14 15:10 11171 ----a-w- c:\windows\system32\rehubely.sys
2009-08-14 15:10 . 2009-08-14 15:10 10045 ----a-w- c:\program files\Common Files\xapypowice.sys
2009-08-14 15:09 . 2009-08-14 15:09 -------- d-----w- c:\program files\PC_Antispyware2010
2009-08-14 14:44 . 2009-08-14 14:44 619584 ----a-w- c:\windows\system32\dllcache\ntfs.sys
2009-08-14 14:44 . 2009-08-14 14:44 27004 ----a-w- c:\windows\system32\msword98.exe
2009-08-14 14:44 . 2009-08-14 14:44 27004 ----a-w- c:\documents and settings\Robert.YOUR-0CDC4F5844\msword98.exe
2009-08-12 14:30 . 2009-08-12 14:30 -------- d-----w- c:\windows\LastGood
2009-08-11 03:05 . 2009-08-11 03:05 -------- d-----w- c:\documents and settings\Admin\Application Data\vlc
2009-08-10 12:53 . 2009-08-10 12:55 -------- d-----w- c:\documents and settings\Robert.YOUR-0CDC4F5844\Application Data\vlc
2009-08-10 01:45 . 2009-08-10 01:45 -------- d-----w- c:\program files\VideoLAN
2009-08-09 05:18 . 2009-08-09 05:19 -------- d-----w- C:\3f3908cf97f5cd4f804edf311dc1ba0a
2009-08-05 10:56 . 2009-08-05 10:56 -------- d-----w- c:\documents and settings\Robert.YOUR-0CDC4F5844\Application Data\Nero
2009-08-05 02:23 . 2009-08-05 02:23 -------- d-----w- c:\documents and settings\Admin\Application Data\Nero
2009-08-05 02:22 . 2009-08-05 02:22 -------- d-----w- c:\program files\Nero
2009-08-02 04:05 . 2008-04-13 15:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-08-02 04:05 . 2008-04-13 15:45 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-07-29 13:59 . 2009-07-29 13:59 -------- d-----w- C:\ProgramData
2009-07-29 13:59 . 2009-07-29 13:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-07-29 13:54 . 2008-09-04 18:17 447752 ----a-r- c:\windows\system32\vp6vfw.dll
2009-07-29 13:54 . 2009-07-29 13:54 10134 ----a-r- c:\documents and settings\Robert.YOUR-0CDC4F5844\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-07-29 13:54 . 2009-07-29 13:54 -------- d-----w- c:\program files\Microsoft WSE
2009-07-29 13:14 . 2009-07-31 23:18 -------- d-----w- c:\program files\Electronic Arts
2009-07-29 13:03 . 2009-02-24 22:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2009-07-29 13:03 . 2009-07-29 13:03 -------- d-----w- c:\program files\MagicDisc
2009-07-29 12:56 . 2009-07-29 13:33 -------- d-----w- c:\program files\MagicISO
2009-07-29 12:53 . 2009-07-29 12:53 -------- d-----w- c:\documents and settings\Robert.YOUR-0CDC4F5844\Application Data\Thinstall
2009-07-27 02:57 . 2009-07-27 03:04 -------- d-----w- c:\documents and settings\Robert.YOUR-0CDC4F5844\Application Data\Nikon
2009-07-27 02:56 . 2009-07-27 02:56 49152 ----a-r- c:\documents and settings\Robert.YOUR-0CDC4F5844\Application Data\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
2009-07-27 02:55 . 2009-07-27 02:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Nikon
2009-07-27 02:55 . 2009-07-27 03:04 -------- d-----w- c:\program files\Common Files\Nikon
2009-07-27 02:55 . 2009-07-27 02:55 -------- d-----w- c:\program files\Nikon
2009-07-27 02:54 . 2009-07-27 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Ultima_T15
2009-07-27 02:54 . 2009-07-27 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Podcasting
2009-07-27 02:54 . 2009-07-27 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\EnterNHelp
2009-07-27 02:54 . 2009-07-27 02:54 -------- d-----w- c:\program files\ArcSoft
2009-07-27 01:00 . 2009-07-07 02:44 103424 ----a-w- c:\documents and settings\Robert.YOUR-0CDC4F5844\Application Data\Mozilla\Firefox\Profiles\cyi4kumr.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-07-27 01:00 . 2009-07-07 02:44 937984 ----a-w- c:\documents and settings\Robert.YOUR-0CDC4F5844\Application Data\Mozilla\Firefox\Profiles\cyi4kumr.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-07-27 01:00 . 2009-07-07 02:44 65536 ----a-w- c:\documents and settings\Robert.YOUR-0CDC4F5844\Application Data\Mozilla\Firefox\Profiles\cyi4kumr.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-07-27 01:00 . 2009-07-07 02:44 4722688 ----a-w- c:\documents and settings\Robert.YOUR-0CDC4F5844\Application Data\Mozilla\Firefox\Profiles\cyi4kumr.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-07-27 01:00 . 2009-07-07 02:44 344064 ----a-w- c:\documents and settings\Robert.YOUR-0CDC4F5844\Application Data\Mozilla\Firefox\Profiles\cyi4kumr.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-07-27 01:00 . 2009-07-07 02:44 106496 ----a-w- c:\documents and settings\Robert.YOUR-0CDC4F5844\Application Data\Mozilla\Firefox\Profiles\cyi4kumr.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2009-07-19 05:05 . 2009-07-19 05:05 -------- d-----w- c:\documents and settings\Sorin\Application Data\Corel
2009-07-19 04:47 . 2009-07-19 04:47 -------- d-----w- c:\documents and settings\Sorin\Application Data\HP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-14 14:44 . 2006-03-16 04:00 619584 ----a-w- c:\windows\system32\drivers\ntfs.sys
2009-08-13 14:47 . 2008-09-04 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-10 03:08 . 2008-08-22 17:54 91088 ----a-w- c:\documents and settings\Robert.YOUR-0CDC4F5844\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-09 01:18 . 2007-09-15 23:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-05 03:11 . 2008-03-11 02:54 -------- d-----w- c:\program files\Common Files\Nero
2009-08-05 03:11 . 2008-03-11 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-08-05 02:59 . 2006-09-21 06:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-03 17:21 . 2009-07-27 02:54 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-07-27 02:54 . 2003-03-19 10:05 106496 ----a-w- c:\windows\system32\ATL71.DLL
2009-07-27 02:53 . 2009-05-13 19:39 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-19 04:46 . 2008-08-31 03:23 91088 -c--a-w- c:\documents and settings\Sorin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-18 23:56 . 2008-10-14 22:46 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-30 03:35 . 2009-06-30 02:18 -------- d-----w- c:\program files\Burn4Free
2009-06-26 16:50 . 2006-03-16 04:00 666624 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2006-03-16 04:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-23 01:41 . 2009-03-19 03:40 -------- d-----w- c:\documents and settings\Admin\Application Data\DAEMON Tools Lite
2009-06-21 18:59 . 2009-03-18 19:50 -------- d-----w- c:\documents and settings\Robert.YOUR-0CDC4F5844\Application Data\DAEMON Tools Lite
2009-06-21 18:51 . 2008-10-13 00:09 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-16 14:36 . 2005-10-18 05:14 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2005-10-18 05:14 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-14 21:32 . 2009-06-14 21:32 152576 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-03 19:09 . 2005-08-30 12:13 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-21 15:33 . 2009-02-03 02:20 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-20 01:41 . 2009-05-20 01:41 152576 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2008-02-25 21:40 . 2008-02-25 21:38 494 -c--a-w- c:\program files\FASMW.INI
2008-01-29 04:33 . 2008-01-29 04:33 80384 -c--a-w- c:\program files\FASM.EXE
2008-01-29 04:33 . 2008-01-29 04:33 119296 -c--a-w- c:\program files\FASMW.EXE
2008-01-27 23:57 . 2008-01-27 23:57 11104 -c--a-w- c:\program files\WHATSNEW.TXT
2007-08-05 22:11 . 2007-08-05 22:11 419923 -c--a-w- c:\program files\FASM.PDF
2007-08-05 13:06 . 2007-08-05 13:06 9483616 -c--a-w- c:\program files\winzip111.exe
2007-04-13 15:09 . 2007-04-13 14:45 14994144 -c--a-w- c:\program files\Google_Earth_EARL_opt_ie6_en-us.exe
2007-04-09 16:21 . 2007-04-09 16:21 465496 ----a-w- c:\program files\msgr8us.exe
2007-02-10 19:24 . 2007-02-10 19:24 1819 -c--a-w- c:\program files\LICENSE.TXT
2006-12-25 09:36 . 2006-12-25 07:36 22 -csha-w- c:\windows\SMINST\HPCD.sys
.

------- Sigcheck -------

[-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2006-03-16 04:00 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2006-03-16 04:00 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtUninstallKB930916$\ntfs.sys
[7] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2006-03-16 04:00 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\backup\ntfs.sys
[-] 2009-08-14 14:44 619584 4DFB45D14330ACE7FD32EE8DBCF50C97 c:\windows\system32\dllcache\ntfs.sys
[-] 2009-08-14 14:44 619584 4DFB45D14330ACE7FD32EE8DBCF50C97 c:\windows\system32\drivers\ntfs.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-04 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"msword98"="c:\documents and settings\Robert.YOUR-0CDC4F5844\msword98.exe" [2009-08-14 27004]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-18 7585792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-18 86016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-12 102400]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Windows Media Connect 2"="c:\program files\Windows Media Connect 2\wmccfg.exe" [2006-10-19 8704]
"USB Storage Toolbox"="c:\program files\USB Disk Win98 Driver\Res.EXE" [2005-09-15 65536]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"WildTangent CDA"="c:\program files\WildTangent\Apps\CDA\GameDrvr.exe" [2005-03-29 28616]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"msword98"="c:\windows\system32\msword98.exe" [2009-08-14 27004]
"PC Antispyware 2010"="c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe" [2009-08-14 588886]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-18 1617920]
"MsmqIntCert"="mqrt.dll" - c:\windows\system32\mqrt.dll [2008-04-14 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-06-02 61952]
"kmw_run.exe"="kmw_run.exe" - c:\windows\system32\kmw_run.exe [2005-02-03 106496]

c:\documents and settings\Admin\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2003-10-14 299008]

c:\documents and settings\Robert.YOUR-0CDC4F5844\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-7-29 576000]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2009-2-14 368640]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Dataviz Messenger.lnk - c:\windows\DvzCommon\DvzMsgr.exe [2003-7-1 24576]
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:15322c4dc29

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Documents and Settings\\Administrator\\temp\\TeamViewer3\\TeamViewer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Palm\\HOTSYNC.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\Robert.YOUR-0CDC4F5844\\Desktop\\WLM Lite 8.5.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"c:\\Program Files\\PBX Telecom\\PBX TV\\pbxtv.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57504:TCP"= 57504:TCP:Pando Media Booster
"57504:UDP"= 57504:UDP:Pando Media Booster
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8/22/2008 3:02 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/22/2008 3:02 PM 20560]
S2 gupdate1c987eed5bfa966;Google Update Service (gupdate1c987eed5bfa966);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2009 8:06 PM 133104]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 4:39 PM 61952]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [1/31/2009 7:13 PM 28672]
.
Contents of the 'Scheduled Tasks' folder

2009-08-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-08-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-04 01:31]

2009-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 00:06]

2009-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 00:06]

2009-08-13 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-21 05:36]

2009-08-14 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-21 05:36]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
HKLM-Run-PININST - c:\system.sav\UTIL\PININST_CHK.BAT
HKLM-Run-MSWheel - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://g.live.com/9uxp9en-us/hpg_lnk2
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Robert.YOUR-0CDC4F5844\Application Data\Mozilla\Firefox\Profiles\cyi4kumr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\Robert.YOUR-0CDC4F5844\Application Data\Mozilla\Firefox\Profiles\cyi4kumr.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\Robert.YOUR-0CDC4F5844\Application Data\Mozilla\Firefox\Profiles\cyi4kumr.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np32dsw.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-14 11:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ??? Z??????Y?@?????<?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-428655531-1847626733-3131575439-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{849A4132-D7AF-5C3F-F738-BB410CDF4362}*]
"oapfnpkmgikfcmidcdglkggelnjpma"=hex:6a,61,64,70,6b,61,6f,61,62,6e,6a,70,66,6e,
6c,70,70,6e,6a,6f,00,17
"nafghhaohcokoidpnldlehnijpio"=hex:6a,61,64,70,6b,61,6f,61,62,6e,6a,70,66,6e,
6c,70,70,6e,6a,6f,00,17
"oadjngdpgbdcncnllhkaapddglmmdk"=hex:64,61,63,70,63,62,6e,68,00,70

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,0a,d3,93,e1,cb,
e7,8e,1c,e2,63,26,f1,3f,c8,ff,68,6c,40,8a,f2,6a,c0,86,38,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,de,0b,d9,ca,b5,
ec,2a,61,6a,9c,d6,61,af,45,84,18,6e,ae,81,d3,d9,68,f7,bf,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,3b,70,7f,6f,c8,
1e,1f,a8,ff,7c,85,e0,43,d4,0e,fe,42,6c,f0,0d,c0,5b,d9,8f,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,86,f6,5a,24,56,
59,a5,47,86,8c,21,01,be,91,eb,e7,bd,41,d0,ab,c6,c6,a4,c1,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,7d,bc,d8,5f,13,
e4,55,a0,f5,1d,4d,73,a8,13,5c,05,29,3b,06,a8,ef,b2,3c,ee,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,b8,47,aa,fe,19,
13,3a,84,df,20,58,62,78,6b,cf,c8,95,c8,72,0b,d5,49,b2,a5,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,d8,06,1e,d0,d0,
4c,c9,4c,fb,a7,78,e6,12,2f,9a,ea,e3,49,18,08,ba,6e,3f,ad,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,c6,b9,2c,38,dd,
b0,07,df,01,3a,48,fc,e8,04,4a,f1,0c,e6,d2,87,26,a3,df,4a,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,35,64,3f,49,bc,
8f,90,0d,f6,0f,4e,58,98,5b,89,c9,99,b9,2f,f2,7c,47,6f,63,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,02,39,ad,3b,d3,
60,94,e1,3d,ce,ea,26,2d,45,aa,78,93,5d,89,39,62,8f,c5,ca,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,a8,2a,65,9c,cd,
87,5c,4b,2a,b7,cc,b5,b9,7f,41,e7,b2,a7,fd,b8,55,bf,a5,30,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,75,74,17,19,f5,
f5,dc,67,6c,43,2d,1e,aa,22,2f,9c,f7,6d,3d,a5,9d,cc,f2,2d,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\wbem\fastprox.dll
.
Completion time: 2009-08-14 11:42
ComboFix-quarantined-files.txt 2009-08-14 15:42

Pre-Run: 7,751,163,904 bytes free
Post-Run: 16,861,278,208 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

462 --- E O F --- 2009-08-10 00:18
0
Réponse 6 / 17
XaTon Messages postés 2160 Statut Membre 208
 
Bonjour ,

Je vais essayer de t'aider mais je pourrais avoir un Log Hijack ?
0
Réponse 7 / 17
Gr4v1ty
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:35 PM, on 8/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\msword98.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Robert.YOUR-0CDC4F5844\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://outlook.live.com/owa/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\wmccfg.exe" /StartQuiet
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [msword98] C:\WINDOWS\system32\msword98.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [msword98] C:\Documents and Settings\Robert.YOUR-0CDC4F5844\msword98.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://hp-consumer.my.aol.ca/?icid=notebook
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c987eed5bfa966) (gupdate1c987eed5bfa966) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
0
Réponse 8 / 17
XaTon Messages postés 2160 Statut Membre 208
 
Bon !

Tu vas faire ceci :

~~~~~~~~~~~~~~> SmitFraudfix <~~~~~~~~~~~~~~~~~~~

Telecharger SmitFraudfix sur ce lien :

> http://www.geekstogo.com/forum/files/file/6-smitfraudfix/

* Place le sur le bureau tu obtiens alors une icône SmitFraudfix avec un triangle jaune.
* Double-cliquez sur l'icone, un nouveau dossier est alors créé.

* Clic sur l'icône SmitFraudfix
* Effectuer l'option 1 ( Recherche )

Note
Une fois, l'option 1 lancée.
Une fenêtre sur fond bleu s'ouvre alors... un message d'informations s'ouvre, appuyez sur une touche pour passer à l'étape suivante.

/!\ Laisse l'analyse ce terminer /!\

_ Une fois le scan terminé, un rapport va s'ouvrir sur le Bloc-Note.
* Clique sur le menu Édition puis Sélectionner tout.
* Puis poste moi le rapport
0
Réponse 9 / 17
Gr4v1ty
 
Bon maitenant je ne sais plus qui suivre...Quoi faire en premier. Le scan?

Pcq la je ne sais plus. J'ai 2 reponse mais je ne sais par ou commencer...?

Merci
0
Réponse 10 / 17
XaTon Messages postés 2160 Statut Membre 208
 
Suis Chiquitine29 , plus expérimente que moi = )

Et bonne continuation a vous deux
0
Réponse 11 / 17
Utilisateur anonyme
 
fais ceci : https://forums.commentcamarche.net/forum/affich-13880098-win32-fraudo-trj-win32-fakeav-no-rtk#8
0
Réponse 12 / 17
Gr4v1ty
 
Voici le rapport... De SmitfraudFix :

SmitFraudFix v2.423

Scan done at 12:37:12.54, Fri 08/14/2009
Run from C:\Documents and Settings\Robert.YOUR-0CDC4F5844\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\msword98.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Robert.YOUR-0CDC4F5844\Desktop\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Robert.YOUR-0CDC4F5844

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ROBERT~1.YOU\LOCALS~1\Temp

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Robert.YOUR-0CDC4F5844\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ROBERT~1.YOU\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom 802.11b/g WLAN - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E30D297B-0B92-4988-ACFB-62C7A0F5B3D4}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E30D297B-0B92-4988-ACFB-62C7A0F5B3D4}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E30D297B-0B92-4988-ACFB-62C7A0F5B3D4}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E30D297B-0B92-4988-ACFB-62C7A0F5B3D4}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End
0
Réponse 13 / 17
Gr4v1ty
 
Et me voila que l<ordi ne redemarre plus...Mtn je suis sur un autre ordi mais je ne suis plus capable de redemarrer mon ordi... J'ai un ecran bleu juste apres que j;ai eu le choix de choisir <Start windows normally ou Safe mode ou Safe mode with command prompt ou un autre que je ne me rapelle plus>

Ca ne REDEMARRE PLUS!!
0
Réponse 14 / 17
Gr4v1ty
 
Un peu d<aide SVP???

J'ai comme erreu a mon Blue screen of death :

***STOP : 0x0000007E (0x0000005,0x8069B1c7,0xF78AE534, 0xF78AE230)
0
Réponse 15 / 17
XaTon Messages postés 2160 Statut Membre 208
 
Fait ceci :

> https://forums.commentcamarche.net/forum/affich-13880098-win32-fraudo-trj-win32-fakeav-no-rtk#8
0
Réponse 16 / 17
Gr4v1ty
 
Je t'ai dit que mon ordi ne peut meme plus redemarrer...Capout. Ca ne redemarre plus. A l'affaire de windows XP... Bam. Blue Screen of Death...

Je pense pas que ce que tu mas pointe va maider..DSl
0
Réponse 17 / 17
Scrouch
 
Même problême mais je n'ai encore rien fait !
A mon avis, la méthode qui consiste à redémarrer en Mode sans échec conduit à un Blue Screen Of Death donc pour le moment, non merci ...
0

Discussions similaires

Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
PUADlManager:Win32/OfferCore
tenmalade -
tenmalade -

2 réponses
win32:malware-gen bloqué par avast
ikkual -
Utilisateur anonyme -

69 réponses
PUABundler:Win32/CandyOpen : dangereux ?
joubine -
bazfile -

2 réponses
C'est quoi "Win32:Trojan-gen {Other}"
Uzumaki -
Utilisateur anonyme -

5 réponses