Qui peut analyser mon log hijack

Résolu/Fermé
romanza Messages postés 250 Date d'inscription samedi 27 janvier 2007 Statut Membre Dernière intervention 4 octobre 2021 - 27 janv. 2007 à 14:45
 whezzos - 21 avril 2008 à 16:07
Voilà, j'ai 13 virus dont j'arrive pas à me débarasser. J'ai Bitdefenderplus 10 que je n'avais qu'installé après les avoir chopé. Je mets un log de Hijack.

Qui peut vraiment m'aider. A+

LLogfile of HijackThis v1.99.1
Scan saved at 14:25:09, on 27/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Documents and Settings\PASCAL\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.EXE
O4 - HKLM\..\Run: [Meal bat default dupe] C:\Documents and Settings\All Users\Application Data\RoadTheMealBat\BuildVc.exe
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [{10A6E8E6-08A3-1036-0602-051001040021}] "C:\Program Files\Fichiers communs\{10A6E8E6-08A3-1036-0602-051001040021}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [lmjvservc] dllzzvyj.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKLM\..\Run: [{10A6E8E6-08A2-1036-0602-051001040021}] "C:\Program Files\Fichiers communs\{10A6E8E6-08A2-1036-0602-051001040021}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [coal funk] C:\DOCUME~1\PASCAL\APPLIC~1\CITYPO~1\Soapview.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [llsymvb] C:\WINDOWS\system32\bsmvvgo.exe
O4 - HKCU\..\Run: [lvcdmsys] C:\WINDOWS\system32\amcxlss.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: (no name) - {A4F64D63-3576-4754-8DD5-4D0A49345FD5} - (no file) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: app_filter - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
A voir également:

45 réponses

green day Messages postés 26364 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 165
27 janv. 2007 à 15:54
Salut

fais un clic droit sur l'icone de hijackthis < renommer, appelle le CCM.exe

et poste un nouveau rapport, en mode normal !

@+
0
romanza Messages postés 250 Date d'inscription samedi 27 janvier 2007 Statut Membre Dernière intervention 4 octobre 2021 2
27 janv. 2007 à 19:22
Salut green, merci à toi de prendre le temps de me répondre : voilà :



Logfile of HijackThis v1.99.1
Scan saved at 19:19:22, on 27/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\dllzzvyj.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\bsmvvgo.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\WINDOWS\system32\amcxlss.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\jvmmods.exe
C:\WINDOWS\system32\vstldmem.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Softwin\BitDefender10\bdlite.exe
C:\Documents and Settings\PASCAL\Bureau\CCM.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C9678E2-77AC-4CAD-89EA-9E3F980C73C4} -

C:\WINDOWS\system32\efccdby.dll
O2 - BHO: (no name) - {41F328E2-5E46-F5B8-0160-020188931F32} -

C:\WINDOWS\system32\imtqodk.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber

Systems\AI RoboForm\roboform.dll
O2 - BHO: (no name) - {737A47C9-C43A-4EAD-8C9B-2DF8737BDB2B} - C:\WINDOWS\system32\jkklj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {788DFC2B-6AEE-374E-BDED-31A6785BCCE9} -

C:\WINDOWS\system32\swutgljz.dll (file missing)
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} -

C:\WINDOWS\system32\qyjhicqd.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program

Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {AF4EBBA0-E7D3-C3C9-8914-F86F5C6A8964} -

C:\DOCUME~1\PASCAL\APPLIC~1\INTERN~1\Four Ref.exe (file missing)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber

Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA

Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.EXE
O4 - HKLM\..\Run: [Meal bat default dupe] C:\Documents and Settings\All Users\Application

Data\RoadTheMealBat\BuildVc.exe
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate

Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers

communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L

AnyDVD
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [{10A6E8E6-08A3-1036-0602-051001040021}] "C:\Program Files\Fichiers

communs\{10A6E8E6-08A3-1036-0602-051001040021}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [lmjvservc] dllzzvyj.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKLM\..\Run: [{10A6E8E6-08A2-1036-0602-051001040021}] "C:\Program Files\Fichiers

communs\{10A6E8E6-08A2-1036-0602-051001040021}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [coal funk] C:\DOCUME~1\PASCAL\APPLIC~1\CITYPO~1\Soapview.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program

Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI

RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft

ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [llsymvb] C:\WINDOWS\system32\bsmvvgo.exe
O4 - HKCU\..\Run: [lvcdmsys] C:\WINDOWS\system32\amcxlss.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat

6.0\Distillr\acrotray.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program

files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber

Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Pages liées - res://c:\program

files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program

files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber

Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Recherche &Google - res://c:\program

files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber

Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program

Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program

Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google -

res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile -

{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program

Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... -

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46}

- file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire -

{320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} -

file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} -

file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -

C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -

C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: (no name) - {A4F64D63-3576-4754-8DD5-4D0A49345FD5} - (no file) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation

Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -

http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/...

329046
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} -

http://www.azebar.com/install/azesearch.cab
O20 - Winlogon Notify: efccdby - C:\WINDOWS\SYSTEM32\efccdby.dll
O20 - Winlogon Notify: jkklj - C:\WINDOWS\system32\jkklj.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: app_filter - Unknown owner - C:\Program Files\NVIDIA

Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers

communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e

mc-110-12-0000272 (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program

Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program

Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k

runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program

Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file

missing)
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner -

C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA

Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\Program

Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner -

%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program

Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program

Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers

communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
0
green day Messages postés 26364 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 165
27 janv. 2007 à 19:26
re ;-)

Téléchargez VundoFix.exe (par Atribune) sur ton Bureau :

http://www.atribune.org/ccount/click.php?id=4

*Double-clique VundoFix.exe afin de le lancer.
* Cochez Run VundoFix as a task.
* l'outil va se fermer et s'ouvrir à nouveau : cliquez Ok
* Cliquez sur le bouton Scan for Vundo.
* Lorsque le scan est complété, cliquez sur le bouton Remove Vundo.
* Une invite vous demandera supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
* le PC va s'éteindre ("shutdown") : clique OK
* Démarrez votre PC à nouveau
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.


++
0
romanza Messages postés 250 Date d'inscription samedi 27 janvier 2007 Statut Membre Dernière intervention 4 octobre 2021 2
27 janv. 2007 à 20:12

Ci-joint le rapport VundoFIX


VundoFix V6.3.2

Checking Java version...

Java version is 1.5.0.4

Java version is 1.5.0.5

Java version is 1.5.0.6

Scan started at 19:31:17 27/01/2007

Listing files found while scanning....

C:\Documents and settings\PASCAL\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\PASCAL\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\WINDOWS\system32\jkklj.dll
C:\WINDOWS\system32\jlkkj.bak1
C:\WINDOWS\system32\jlkkj.bak2
C:\WINDOWS\system32\jlkkj.ini
C:\WINDOWS\system32\qyjhicqd.dll

Beginning removal...

Attempting to delete C:\Documents and settings\PASCAL\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\PASCAL\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt Has been deleted!

Attempting to delete C:\Documents and settings\PASCAL\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Documents and settings\PASCAL\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkklj.dll
C:\WINDOWS\system32\jkklj.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\jlkkj.bak1
C:\WINDOWS\system32\jlkkj.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jlkkj.bak2
C:\WINDOWS\system32\jlkkj.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jlkkj.ini
C:\WINDOWS\system32\jlkkj.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\jkklj.dll
C:\WINDOWS\system32\jkklj.dll Could not be deleted.

Performing Repairs to the registry.
Done!





Le Hijack

Logfile of HijackThis v1.99.1
Scan saved at 20:11:07, on 27/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\dllzzvyj.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\bsmvvgo.exe
C:\WINDOWS\system32\amcxlss.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\PASCAL\Bureau\CCM.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C9678E2-77AC-4CAD-89EA-9E3F980C73C4} - C:\WINDOWS\system32\efccdby.dll
O2 - BHO: (no name) - {41F328E2-5E46-F5B8-0160-020188931F32} - C:\WINDOWS\system32\imtqodk.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: (no name) - {737A47C9-C43A-4EAD-8C9B-2DF8737BDB2B} - C:\WINDOWS\system32\jkklj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {788DFC2B-6AEE-374E-BDED-31A6785BCCE9} - C:\WINDOWS\system32\swutgljz.dll (file missing)
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\qyjhicqd.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {AF4EBBA0-E7D3-C3C9-8914-F86F5C6A8964} - C:\DOCUME~1\PASCAL\APPLIC~1\INTERN~1\Four Ref.exe (file missing)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.EXE
O4 - HKLM\..\Run: [Meal bat default dupe] C:\Documents and Settings\All Users\Application Data\RoadTheMealBat\BuildVc.exe
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [{10A6E8E6-08A3-1036-0602-051001040021}] "C:\Program Files\Fichiers communs\{10A6E8E6-08A3-1036-0602-051001040021}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [lmjvservc] dllzzvyj.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKLM\..\Run: [{10A6E8E6-08A2-1036-0602-051001040021}] "C:\Program Files\Fichiers communs\{10A6E8E6-08A2-1036-0602-051001040021}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [coal funk] C:\DOCUME~1\PASCAL\APPLIC~1\CITYPO~1\Soapview.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [llsymvb] C:\WINDOWS\system32\bsmvvgo.exe
O4 - HKCU\..\Run: [lvcdmsys] C:\WINDOWS\system32\amcxlss.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: (no name) - {A4F64D63-3576-4754-8DD5-4D0A49345FD5} - (no file) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O20 - Winlogon Notify: efccdby - C:\WINDOWS\SYSTEM32\efccdby.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: app_filter - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
0
green day Messages postés 26364 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 165
27 janv. 2007 à 20:18
re

ok,

télécharge l2mfix ici:
http://www.downloads.subratam.org/l2mfix.exe
Double-cliquer sur l2mfix.exe pour lancer l'extraction
Dans le dossier l2mfix, double clic sur l2mfix.bat, appuyer sur n'importe quelle touche puis choisir l'option #1 (et pas autre chose) et valider avec la touche entre.
Le bloc note va s'ouvrir avec le rsultat du scan.copie/colles le rapport ici

++
0
romanza Messages postés 250 Date d'inscription samedi 27 janvier 2007 Statut Membre Dernière intervention 4 octobre 2021 2
27 janv. 2007 à 20:25
Voilà :


L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efccdby]
"Asynchronous"=dword:00000001
"DllName"="efccdby.dll"
"Impersonate"=dword:00000000
"Logon"="Logon"
"Logoff"="Logoff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000000
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Event"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\
00,00,b1,74,0f,47,88,cf,7a,45,a7,5b,56,87,b4,78,21,f9,04,00,00,00,04,00,00,\
00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,8a,09,ac,e9,f5,69,97,16,\
3f,66,c7,55,56,82,c2,f0,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,c3,\
4b,68,c5,ec,df,dc,12,f5,25,4e,71,f5,1f,f4,11,b0,01,00,00,53,e1,bf,18,05,cc,\
2c,5b,ad,a1,ba,95,0e,b5,fe,f1,7f,0d,28,4c,e6,1b,f5,57,17,a0,76,e1,86,8a,4f,\
0f,6b,14,87,73,8b,ea,b0,b1,9f,42,60,0d,72,c8,c9,e6,1e,b9,3b,9d,75,d1,cb,0d,\
bf,0f,03,67,4a,6c,48,71,1e,87,32,d2,a7,e6,c4,98,4e,66,3d,03,02,73,8d,04,f0,\
f6,ff,44,15,75,02,6d,a9,66,3f,6a,7c,18,b8,99,9f,7b,71,f7,4a,e6,d1,be,11,01,\
97,cd,65,82,1e,e5,1b,96,02,5f,bc,52,8d,b5,3e,5c,d7,4c,4d,ac,e9,95,86,94,95,\
49,f1,df,d6,e6,0a,e7,96,e7,5e,d2,f8,2b,4e,0c,9c,18,68,0f,c5,81,ea,9f,49,be,\
43,03,7e,67,3a,e5,50,b0,25,00,32,6f,91,88,39,73,dc,a3,c3,69,76,a6,50,d3,fb,\
eb,75,67,7f,f4,bd,63,b0,c7,6e,fc,a6,d9,5a,bf,e4,a6,ea,33,ef,5e,62,5d,2d,3c,\
19,07,ac,9e,94,ca,10,1f,9a,99,8a,f2,91,32,bc,17,a7,41,75,ab,26,2c,8c,28,75,\
6b,4d,87,3e,a0,2c,b4,3f,c9,83,c9,c7,58,78,89,cb,80,7c,ff,f8,73,b1,b7,5f,9d,\
4c,85,73,53,76,1b,48,bb,11,91,56,80,a7,f9,e8,51,81,02,27,07,56,07,66,24,db,\
df,07,ae,ac,86,f8,be,49,f6,75,71,8b,60,72,7a,74,52,15,29,a0,6b,30,2b,10,be,\
da,41,80,68,d0,27,d9,0c,53,04,1f,d7,3f,fd,bb,5f,4a,b1,94,05,d9,9c,69,d7,6a,\
37,ed,67,e8,54,8f,e7,8d,88,6d,9a,a3,b4,db,34,39,c5,79,78,57,21,7f,13,50,7c,\
68,02,b0,88,4d,00,06,87,43,79,3b,9e,21,40,fe,c4,5f,95,8b,9b,5c,5f,2a,13,3f,\
ed,5b,3d,d4,93,96,df,cd,0b,62,4d,a2,52,1b,19,8b,89,e7,ca,c8,98,e8,64,d0,de,\
e9,aa,c0,91,08,94,f0,e2,18,3c,99,35,77,19,99,1a,6b,90,71,fd,d4,0a,24,17,6b,\
3f,14,00,00,00,0b,37,2c,a8,64,87,0b,c1,2d,08,f5,35,a7,6b,04,43,a5,b2,03,72

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winjyp32]
"Asynchronous"=dword:00000001
"DllName"="winjyp32.dll"
"Impersonate"=dword:00000000
"Startup"="EvtStartup"
"Shutdown"="EvtShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Page de propri‚t‚s des versions pr‚c‚dentes"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Versions pr‚c‚dentes"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Play as Playlist Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"="Adobe.Acrobat.ContextMenu"
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}"="My Logitech Pictures"
"{B327765E-D724-4347-8B16-78AE18552FC3}"="NeroDigitalIconHandler"
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}"="NeroDigitalPropSheetHandler"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{35786D3C-B075-49b9-88DD-029876E11C01}"="Portable Devices"
"{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}"="Portable Devices Menu"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
asferror.dll Fri 3 Nov 2006 9:56:54 A.... 7 680 7,50 K
efccdby.dll Tue 16 Jan 2007 20:42:22 ..SH. 22 029 21,51 K
inetcomm.dll Wed 8 Nov 2006 6:07:30 A.... 679 424 663,50 K
jkklj.dll Thu 18 Jan 2007 20:18:44 ..SH. 277 044 270,55 K
msxml4.dll Sat 4 Nov 2006 14:14:00 A.... 1 245 696 1,19 M
wmerror.dll Fri 3 Nov 2006 9:58:42 A.... 272 384 266,00 K
wmploc.dll Fri 3 Nov 2006 10:03:34 A.... 8 292 352 7,91 M
wmpshell.dll Fri 3 Nov 2006 9:59:06 A.... 99 840 97,50 K
wpdshe~1.dll Thu 2 Nov 2006 11:52:12 ..... 44 032 43,00 K

9 items found: 9 files (2 H/S), 0 directories.
Total of file sizes: 10 940 481 bytes 10,43 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\WINDOWS\System32

27/01/2007 20:24 <REP> ..
27/01/2007 20:24 <REP> .
20/01/2007 09:20 466 tsmfscgv.ini
18/01/2007 20:18 277ÿ044 jkklj.dll
16/01/2007 20:42 22ÿ029 efccdby.dll
12/01/2007 22:32 <REP> dllcache
10/12/2006 14:41 56 18D9FD8534.sys
10/12/2006 14:41 11ÿ270 KGyGaAvL.sys
10/09/2005 15:50 <REP> Microsoft
05/08/2004 13:00 82ÿ867 bsmvvgo.exe
05/08/2004 13:00 72ÿ070 jvmmods.exe
05/08/2004 13:00 74ÿ262 fldmelds.exe
05/08/2004 13:00 91ÿ349 dllzzvyj.exe
05/08/2004 13:00 71ÿ676 mgcplwin.exe
05/08/2004 13:00 71ÿ816 dbbsrcc.exe
05/08/2004 13:00 72ÿ848 sscmsslv.exe
05/08/2004 13:00 79ÿ878 amcxlss.exe
05/08/2004 13:00 70ÿ956 vstldmem.exe
14 fichier(s) 998ÿ587 octets
4 R‚p(s) 47ÿ892ÿ615ÿ168 octets libres
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
green day Messages postés 26364 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 165
27 janv. 2007 à 20:28
re

ok,

Quitter le net, le navigateur, et toutes autres fenêtres d'applications ;
- Double-cliquer sur l2mfix.bat ;
- Choisir OPTION 2 (Run fix) et valider par la touche [Entrée] ;
- A l'invite, appuyer sur une touche du clavier pour redémarrer le PC ;
=> Au redémarrage, le nettoyage de L2mFix se poursuit, puis génère le résultat du nettoyage en ouvrant le Bloc-notes ; se reconnecter pour le poster au forum.


ensuite reposte un nouveau hijackthis stp

++
0
romanza Messages postés 250 Date d'inscription samedi 27 janvier 2007 Statut Membre Dernière intervention 4 octobre 2021 2
27 janv. 2007 à 22:21
Voilà :

L2mfix 051206
Creating Account.
La commande s'est termin‚e correctement.

Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful

Running From:
C:\WINDOWS\system32

Killing Processes!
Killing 'smss.exe'
\SystemRoot\System32\smss.exe (812)
Killing 'winlogon.exe'
winlogon.exe (920)
Killing 'explorer.exe'
C:\WINDOWS\Explorer.EXE (1872)
Killing 'rundll32.exe'
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrateurs ... successful

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!



Restoring Windows Update Certificates.:

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efccdby]
"Asynchronous"=dword:00000001
"DllName"="efccdby.dll"
"Impersonate"=dword:00000000
"Logon"="Logon"
"Logoff"="Logoff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000000
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Event"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\
00,00,b1,74,0f,47,88,cf,7a,45,a7,5b,56,87,b4,78,21,f9,04,00,00,00,04,00,00,\
00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,8a,09,ac,e9,f5,69,97,16,\
3f,66,c7,55,56,82,c2,f0,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,c3,\
4b,68,c5,ec,df,dc,12,f5,25,4e,71,f5,1f,f4,11,b0,01,00,00,53,e1,bf,18,05,cc,\
2c,5b,ad,a1,ba,95,0e,b5,fe,f1,7f,0d,28,4c,e6,1b,f5,57,17,a0,76,e1,86,8a,4f,\
0f,6b,14,87,73,8b,ea,b0,b1,9f,42,60,0d,72,c8,c9,e6,1e,b9,3b,9d,75,d1,cb,0d,\
bf,0f,03,67,4a,6c,48,71,1e,87,32,d2,a7,e6,c4,98,4e,66,3d,03,02,73,8d,04,f0,\
f6,ff,44,15,75,02,6d,a9,66,3f,6a,7c,18,b8,99,9f,7b,71,f7,4a,e6,d1,be,11,01,\
97,cd,65,82,1e,e5,1b,96,02,5f,bc,52,8d,b5,3e,5c,d7,4c,4d,ac,e9,95,86,94,95,\
49,f1,df,d6,e6,0a,e7,96,e7,5e,d2,f8,2b,4e,0c,9c,18,68,0f,c5,81,ea,9f,49,be,\
43,03,7e,67,3a,e5,50,b0,25,00,32,6f,91,88,39,73,dc,a3,c3,69,76,a6,50,d3,fb,\
eb,75,67,7f,f4,bd,63,b0,c7,6e,fc,a6,d9,5a,bf,e4,a6,ea,33,ef,5e,62,5d,2d,3c,\
19,07,ac,9e,94,ca,10,1f,9a,99,8a,f2,91,32,bc,17,a7,41,75,ab,26,2c,8c,28,75,\
6b,4d,87,3e,a0,2c,b4,3f,c9,83,c9,c7,58,78,89,cb,80,7c,ff,f8,73,b1,b7,5f,9d,\
4c,85,73,53,76,1b,48,bb,11,91,56,80,a7,f9,e8,51,81,02,27,07,56,07,66,24,db,\
df,07,ae,ac,86,f8,be,49,f6,75,71,8b,60,72,7a,74,52,15,29,a0,6b,30,2b,10,be,\
da,41,80,68,d0,27,d9,0c,53,04,1f,d7,3f,fd,bb,5f,4a,b1,94,05,d9,9c,69,d7,6a,\
37,ed,67,e8,54,8f,e7,8d,88,6d,9a,a3,b4,db,34,39,c5,79,78,57,21,7f,13,50,7c,\
68,02,b0,88,4d,00,06,87,43,79,3b,9e,21,40,fe,c4,5f,95,8b,9b,5c,5f,2a,13,3f,\
ed,5b,3d,d4,93,96,df,cd,0b,62,4d,a2,52,1b,19,8b,89,e7,ca,c8,98,e8,64,d0,de,\
e9,aa,c0,91,08,94,f0,e2,18,3c,99,35,77,19,99,1a,6b,90,71,fd,d4,0a,24,17,6b,\
3f,14,00,00,00,0b,37,2c,a8,64,87,0b,c1,2d,08,f5,35,a7,6b,04,43,a5,b2,03,72

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winjyp32]
"Asynchronous"=dword:00000001
"DllName"="winjyp32.dll"
"Impersonate"=dword:00000000
"Startup"="EvtStartup"
"Shutdown"="EvtShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************

****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
zip warning: name not matched: dlls\*.*

zip error: Nothing to do! (backup.zip)
adding: backregs/notibac.reg (188 bytes security) (deflated 83%)
adding: backregs/shell.reg (188 bytes security) (deflated 74%)





Logfile of HijackThis v1.99.1
Scan saved at 20:39:22, on 27/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\dllzzvyj.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\bsmvvgo.exe
C:\WINDOWS\system32\amcxlss.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\PASCAL\Bureau\CCM.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C9678E2-77AC-4CAD-89EA-9E3F980C73C4} - C:\WINDOWS\system32\efccdby.dll
O2 - BHO: (no name) - {41F328E2-5E46-F5B8-0160-020188931F32} - C:\WINDOWS\system32\imtqodk.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: (no name) - {737A47C9-C43A-4EAD-8C9B-2DF8737BDB2B} - C:\WINDOWS\system32\jkklj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {788DFC2B-6AEE-374E-BDED-31A6785BCCE9} - C:\WINDOWS\system32\swutgljz.dll (file missing)
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\qyjhicqd.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {AF4EBBA0-E7D3-C3C9-8914-F86F5C6A8964} - C:\DOCUME~1\PASCAL\APPLIC~1\INTERN~1\Four Ref.exe (file missing)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.EXE
O4 - HKLM\..\Run: [Meal bat default dupe] C:\Documents and Settings\All Users\Application Data\RoadTheMealBat\BuildVc.exe
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [{10A6E8E6-08A3-1036-0602-051001040021}] "C:\Program Files\Fichiers communs\{10A6E8E6-08A3-1036-0602-051001040021}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [lmjvservc] dllzzvyj.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKLM\..\Run: [{10A6E8E6-08A2-1036-0602-051001040021}] "C:\Program Files\Fichiers communs\{10A6E8E6-08A2-1036-0602-051001040021}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [coal funk] C:\DOCUME~1\PASCAL\APPLIC~1\CITYPO~1\Soapview.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [llsymvb] C:\WINDOWS\system32\bsmvvgo.exe
O4 - HKCU\..\Run: [lvcdmsys] C:\WINDOWS\system32\amcxlss.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: (no name) - {A4F64D63-3576-4754-8DD5-4D0A49345FD5} - (no file) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O20 - Winlogon Notify: efccdby - C:\WINDOWS\SYSTEM32\efccdby.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: app_filter - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
0
green day Messages postés 26364 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 165
27 janv. 2007 à 22:31
re

ok,

Télécharge Look2Me-Destroyer.exe sur ton Bureau.

http://www.atribune.org/ccount/click.php?id=7

* Ferme toutes les fenêtres actives avant de passer à l'étape suivante.
* Double-clique Look2Me-Destroyer.exe afin de lancer l'outil.
* Coche Run this program as a task
* Un message s'affichera, te disant ceci : "Look2Me-Destroyer will close and re-open in approximately 10 seconds". Clique OK
* Il se relancera après les 10 secondes, puis clique sur le bouton Scan for L2M; les icônes de ton Bureau vont disparaître : c'est normal.
* Lorsque le scan termine, clique sur le bouton Remove L2M
* Un message Done Scanning apparaîtra, clique OK.
* Un nouveau message s'affichera : Done removing infected files! Look2Me-Destroyer will now shutdown your computer; clique OK.
* Ton PC va maintenant s'éteindre.
* Démarre ton PC normalement.
* Colle le rapport généré, situé ici : C:\Look2Me-Destroyer.txt , ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

#Si Look2Me-Destroyer ne se relance pas automatiquement après les 10 secondes, redémarre et essaie à nouveau.

##Si tu reçois un message de ton parefeu que l'outil tente d'accéder à l'internet : accepte.

###Si un message runtime error '339' s'affiche : télécharge MSWINSCK.OCX du lien ci-bas, et place-le dans le dossier C:\Windows\System32.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

@+
0
romanza Messages postés 250 Date d'inscription samedi 27 janvier 2007 Statut Membre Dernière intervention 4 octobre 2021 2
28 janv. 2007 à 11:10
Voilà :

Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 28/01/2007 11:03:01


Attempting to delete infected files...

Making registry repairs.


Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrateurs - Succeeded



Logfile of HijackThis v1.99.1
Scan saved at 11:09:57, on 28/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\dllzzvyj.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\bsmvvgo.exe
C:\WINDOWS\system32\amcxlss.exe
C:\WINDOWS\system32\jvmmods.exe
C:\WINDOWS\system32\vstldmem.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\PASCAL\Bureau\CCM.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C9678E2-77AC-4CAD-89EA-9E3F980C73C4} - C:\WINDOWS\system32\efccdby.dll
O2 - BHO: (no name) - {41F328E2-5E46-F5B8-0160-020188931F32} - C:\WINDOWS\system32\imtqodk.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {788DFC2B-6AEE-374E-BDED-31A6785BCCE9} - C:\WINDOWS\system32\swutgljz.dll (file missing)
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\qyjhicqd.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AAE5B094-7990-478C-9396-1DA553F37269} - C:\WINDOWS\system32\jkklj.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {AF4EBBA0-E7D3-C3C9-8914-F86F5C6A8964} - C:\DOCUME~1\PASCAL\APPLIC~1\INTERN~1\Four Ref.exe (file missing)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.EXE
O4 - HKLM\..\Run: [Meal bat default dupe] C:\Documents and Settings\All Users\Application Data\RoadTheMealBat\BuildVc.exe
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [{10A6E8E6-08A3-1036-0602-051001040021}] "C:\Program Files\Fichiers communs\{10A6E8E6-08A3-1036-0602-051001040021}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [lmjvservc] dllzzvyj.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKLM\..\Run: [{10A6E8E6-08A2-1036-0602-051001040021}] "C:\Program Files\Fichiers communs\{10A6E8E6-08A2-1036-0602-051001040021}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [coal funk] C:\DOCUME~1\PASCAL\APPLIC~1\CITYPO~1\Soapview.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [llsymvb] C:\WINDOWS\system32\bsmvvgo.exe
O4 - HKCU\..\Run: [lvcdmsys] C:\WINDOWS\system32\amcxlss.exe
O4 - HKCU\..\Run: [winksddm] C:\WINDOWS\system32\jvmmods.exe
O4 - HKCU\..\Run: [lsmdwinr] C:\WINDOWS\system32\vstldmem.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: (no name) - {A4F64D63-3576-4754-8DD5-4D0A49345FD5} - (no file) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O20 - Winlogon Notify: efccdby - C:\WINDOWS\SYSTEM32\efccdby.dll
O20 - Winlogon Notify: jkklj - C:\WINDOWS\system32\jkklj.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: app_filter - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
0
green day Messages postés 26364 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 165
29 janv. 2007 à 00:03
Salut

ok,

suite :

# Télécharge ceci: (merci a S!RI pour ce petit programme).

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1,
voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php
il va générer un rapport : copie/colle le sur le poste stp.


Télécharge clean.zip
http://www.malekal.com/download/clean.zip
Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
Ouvre le dossier Clean qui se trouve sur ton bureau.
Double-clic sur clean.cmd.
Une fenêtre noire va apparaître, choisis l'option 1
Poste le rapport qui se trouve ici C:\rapport_clean.txt


ensuite :

# Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Double-clic sur clean.cmd.
Une fenêtre noire va apparaître, choisis l'option 2
Poste le rapport qui se trouve ici C:\rapport_clean.txt


@+
0
romanza Messages postés 250 Date d'inscription samedi 27 janvier 2007 Statut Membre Dernière intervention 4 octobre 2021 2
29 janv. 2007 à 18:47
Salut et merci pour ta patience :

Voilà :

SmitFraudFix v2.132

Rapport fait à 18:27:03,37, 29/01/2007
Executé à partir de C:\Documents and Settings\PASCAL\Bureau\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\PASCAL


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\PASCAL\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PASCAL\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="sockspy.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

pe386 détecté, utilisez un scanner de Rootkit

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin



Rapport clean par Malekal_morte - http://www.malekal.com
Option 1, executee le 29/01/2007 a 18:28:47,53

*** Recherche de fichiers sur C:
C:\StubInstaller.exe FOUND

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\bdod.bin FOUND
C:\WINDOWS\system32\unsvchosts.lzma FOUND

"C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm0000??.exe" FOUND
"C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm0000?.exe" FOUND
"C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm000??.exe" FOUND
"C:\Program Files\InetGet2\" FOUND
"C:\Program Files\Ipwindows\" FOUND
"C:\Program Files\MySearch\" FOUND
"C:\Program Files\winupdates\" FOUND
*** Fin du rapport !




Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Option 2, executee le 29/01/2007 a 18:32:22,84

Microsoft Windows XP [version 5.1.2600]

*** Suppression de fichiers sur C:
tentative de suppression de C:\StubInstaller.exe

*** Suppression des fichiers dans C:\WINDOWS\

*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\bdod.bin
tentative de suppression de C:\WINDOWS\system32\unsvchosts.lzma

tentative de suppression de "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm0000??.exe"
tentative de suppression de "C:\Program Files\InetGet2\"
tentative de suppression de "C:\Program Files\Ipwindows\"
tentative de suppression de "C:\Program Files\MySearch\"
tentative de suppression de "C:\Program Files\winupdates\"

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !

Voilà aussi pour info les virus récurrents que me pointe bitdefender 10 :



c:\WINDOWS\system32\jkklj.dll
est infect avec
MemScan:Adware.Vundo.B


c:\WINDOWS\system32\efccdby.dll
est infect avec
DeepScan:Generic.Malware.SYddldg.DA9D6A9D


et :


ender a bloqu l'acces Internet pour l'application suivante: jgdepgc.exe
0
green day Messages postés 26364 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 165
29 janv. 2007 à 22:43
Salut

ton ordi est vraiment bien infecté ... mais on vire ça petit à petit ;-)

ok pour les alertes de bitdefender, il est prévue de les supprimer !

Présence du rootkit Pe386.

Télécharge ce fichier (par ejvindh)
http://www.uploads.ejvindh.net/rustbfix.exe
...et sauvegarde-le sur ton Bureau.

Double clique rustbfix.exe afin de lancer l'outil.
Si une infection Rustock.b est détectée, une invite t'indiquera qu'il est nécessaire de redémarrer l'ordi. Ce redémarrage pourrait être plus long que d'habitude, et il est possible que deux redémarrages soient requis. Tout cela se fera automatiquement.
Suite au(x) redémarrage(s), deux rapports s'ouvriront : (%root%\avenger.txt & %root%\rustbfix\pelog.txt).
Poste (Copie/Colle) le contenu de ces deux rapports, ainsi qu'un nouveau log HijackThis dans ta prochaine réponse.


@+

La sagesse, c'est d'avoir des rêves suffisamment grands pour ne pas les
perdre de vue lorsqu'on les poursuit. (Oscar Wilde)
0
romanza Messages postés 250 Date d'inscription samedi 27 janvier 2007 Statut Membre Dernière intervention 4 octobre 2021 2
30 janv. 2007 à 18:38
Voilà :



//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Error: could not create zip file.
Error code: 80


Error: could not create reboot file.
Error code: 80


Error: could not create reboot batch.
Error code: 80


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\pielvprk

*******************


Fatal error: integrity of Services key failed verification check! Security may be fatally compromised. Exiting immediately.

Could not open script file! Status: 0xc0000034 Abort!
//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qnkuwdgo

*******************

Script file located at: \??\C:\WINDOWS\fdjikgij.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Driver PE386 unloaded successfully.
Program D:\Rustbfix\2run.bat successfully set up to run once on reboot.

Completed script processing.

*******************

Finished! Terminate.




************************* Rustock.b-fix -- By ejvindh *************************
30/01/2007 18:30:38,59

******************* Pre-run Status of system *******************

Rootkit driver PE386 is found. Starting the unload-procedure....

Rustock.b-ADS attached to the System32-folder:
:lzx32.sys 70570
Total size: 70570 bytes.
Attempting to remove ADS...
system32: deleted 70570 bytes in 1 streams.

Looking for Rustock.b-files in the System32-folder:
No Rustock.b-files found in system32


******************* Post-run Status of system *******************

Rustock.b-driver on the system: NONE!

Rustock.b-ADS attached to the System32-folder:
No System32-ADS found.

Looking for Rustock.b-files in the System32-folder:
No Rustock.b-files found in system32


******************************* End of Logfile ********************************




Logfile of HijackThis v1.99.1
Scan saved at 18:37:48, on 30/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\dllzzvyj.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\bsmvvgo.exe
C:\WINDOWS\system32\amcxlss.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\jvmmods.exe
C:\WINDOWS\system32\vstldmem.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\jgdepgc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Documents and Settings\PASCAL\Bureau\CCM.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C9678E2-77AC-4CAD-89EA-9E3F980C73C4} - C:\WINDOWS\system32\efccdby.dll
O2 - BHO: (no name) - {41F328E2-5E46-F5B8-0160-020188931F32} - C:\WINDOWS\system32\imtqodk.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {788DFC2B-6AEE-374E-BDED-31A6785BCCE9} - C:\WINDOWS\system32\swutgljz.dll (file missing)
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\qyjhicqd.dll (file missing)
O2 - BHO: (no name) - {89F814AD-4A53-4E20-8D50-D45A7C765EAE} - C:\WINDOWS\system32\jkklj.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {AF4EBBA0-E7D3-C3C9-8914-F86F5C6A8964} - C:\DOCUME~1\PASCAL\APPLIC~1\INTERN~1\Four Ref.exe (file missing)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.EXE
O4 - HKLM\..\Run: [Meal bat default dupe] C:\Documents and Settings\All Users\Application Data\RoadTheMealBat\BuildVc.exe
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [{10A6E8E6-08A3-1036-0602-051001040021}] "C:\Program Files\Fichiers communs\{10A6E8E6-08A3-1036-0602-051001040021}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [lmjvservc] dllzzvyj.exe
O4 - HKLM\..\Run: [{10A6E8E6-08A2-1036-0602-051001040021}] "C:\Program Files\Fichiers communs\{10A6E8E6-08A2-1036-0602-051001040021}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [coal funk] C:\DOCUME~1\PASCAL\APPLIC~1\CITYPO~1\Soapview.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [llsymvb] C:\WINDOWS\system32\bsmvvgo.exe
O4 - HKCU\..\Run: [lvcdmsys] C:\WINDOWS\system32\amcxlss.exe
O4 - HKCU\..\Run: [winksddm] C:\WINDOWS\system32\jvmmods.exe
O4 - HKCU\..\Run: [lsmdwinr] C:\WINDOWS\system32\vstldmem.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: (no name) - {A4F64D63-3576-4754-8DD5-4D0A49345FD5} - (no file) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O20 - Winlogon Notify: efccdby - C:\WINDOWS\SYSTEM32\efccdby.dll
O20 - Winlogon Notify: jkklj - C:\WINDOWS\system32\jkklj.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: app_filter - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
0
green day Messages postés 26364 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 165
30 janv. 2007 à 23:07
Salut

ok,

- Télécharge eScan Antivirus Toolkit https://www.malekal.com/tutorial-escan-antivirus-toolkit/

Redémarre en mode sans échec, pour cela :
redémarre l'ordinateur, avant le logo windows, tapote sur la touche F8, un menu va apparaître, choisis:
mode sans échec avec prise en charge du réseau.

- Installe le dans le dossier C:\Kaspersky
- Rends toi dans le dossier C:\Kaspersky et double-clic sur kavupd.exe pour le mettre à jour
- Ouvre le dossier C:\Kaspersky
- double-clique sur le fichier mwavscan.com
- Coche les options comme indiquées sur cette page https://www.malekal.com/fichiers/eScan/eScan3.png
- puis en bas à droite, clic sur Scan Clean pour démarrer le scan
- A la fin du scan clic sur le bouton view log, enregistre le fichier à l'endroit que tu le souhaites

- Redémarre l'ordinateur
- Copie/colle le contenu le rapport de scan que tu as sauvegardé


ensuite, reposte un rapport smitfraud option 1 stp

@+
0
romanza Messages postés 250 Date d'inscription samedi 27 janvier 2007 Statut Membre Dernière intervention 4 octobre 2021 2
2 févr. 2007 à 23:19
Le fichier mwavscan est trop volumineux, impossible de te le transmettre (essayé à plusieurs reprises).<code>






SmitFraudFix v2.132

Rapport fait à 23:21:05,76, 31/01/2007
Executé à partir de C:\Documents and Settings\PASCAL\Bureau\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\PASCAL


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\PASCAL\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PASCAL\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="sockspy.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
green day Messages postés 26364 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 165
2 févr. 2007 à 23:51
Salut

ok pour smitfraud !

pour afficher le rapport, fais ceci stp :

Ouvre un nouveau fichier Bloc notes (clique sur "Démarrer" >> "Programmes" >>"Accessoires" >> "Bloc notes"), puis copie/colle tout le contenu de la fenêtre Virus Log Information (la deuxième, au bas) dans le fichier texte, et sauvegarde le et poste le stp

++
0
romanza Messages postés 250 Date d'inscription samedi 27 janvier 2007 Statut Membre Dernière intervention 4 octobre 2021 2
3 févr. 2007 à 21:06
ok mais c'est quoi le contenu de la fenêtre Virus Log Information ??

J'ai le contenu C/Kaspersky/mwav2.log à te transmettre figurant sur un fichier "Bloc Note" mais qui est trop volumineux à te transmettre.
0
green day Messages postés 26364 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 165
3 févr. 2007 à 21:47
Salut

ok, pas grave, remets un nouveau hijackthis stp

++
0
romanza Messages postés 250 Date d'inscription samedi 27 janvier 2007 Statut Membre Dernière intervention 4 octobre 2021 2
4 févr. 2007 à 11:39
Logfile of HijackThis v1.99.1
Scan saved at 11:38:51, on 04/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\dllzzvyj.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\bsmvvgo.exe
C:\WINDOWS\system32\amcxlss.exe
C:\WINDOWS\system32\jvmmods.exe
C:\WINDOWS\system32\vstldmem.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\dllgcd.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\bglocds.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Documents and Settings\PASCAL\Bureau\CCM.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C9678E2-77AC-4CAD-89EA-9E3F980C73C4} - C:\WINDOWS\system32\efccdby.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6FF522A3-4E46-4D80-98C3-44A09AD23B33} - C:\WINDOWS\system32\jkklj.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.EXE
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [lmjvservc] dllzzvyj.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [coal funk] C:\DOCUME~1\PASCAL\APPLIC~1\CITYPO~1\Soapview.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [llsymvb] C:\WINDOWS\system32\bsmvvgo.exe
O4 - HKCU\..\Run: [lvcdmsys] C:\WINDOWS\system32\amcxlss.exe
O4 - HKCU\..\Run: [winksddm] C:\WINDOWS\system32\jvmmods.exe
O4 - HKCU\..\Run: [lsmdwinr] C:\WINDOWS\system32\vstldmem.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: (no name) - {A4F64D63-3576-4754-8DD5-4D0A49345FD5} - (no file) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O20 - Winlogon Notify: efccdby - C:\WINDOWS\SYSTEM32\efccdby.dll
O20 - Winlogon Notify: jkklj - C:\WINDOWS\system32\jkklj.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: app_filter - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
0
romanza Messages postés 250 Date d'inscription samedi 27 janvier 2007 Statut Membre Dernière intervention 4 octobre 2021 2
4 févr. 2007 à 00:26
Voilà :

Logfile of HijackThis v1.99.1
Scan saved at 00:26:13, on 04/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\dllzzvyj.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\bsmvvgo.exe
C:\WINDOWS\system32\amcxlss.exe
C:\WINDOWS\system32\jvmmods.exe
C:\WINDOWS\system32\vstldmem.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\system32\cstatvmq.exe
C:\WINDOWS\system32\dllgcd.exe
C:\WINDOWS\system32\bglocds.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Documents and Settings\PASCAL\Bureau\CCM.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C9678E2-77AC-4CAD-89EA-9E3F980C73C4} - C:\WINDOWS\system32\efccdby.dll
O2 - BHO: (no name) - {43998923-40FB-418F-9221-3DC3AF41886C} - C:\WINDOWS\system32\jkklj.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.EXE
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [lmjvservc] dllzzvyj.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [coal funk] C:\DOCUME~1\PASCAL\APPLIC~1\CITYPO~1\Soapview.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [llsymvb] C:\WINDOWS\system32\bsmvvgo.exe
O4 - HKCU\..\Run: [lvcdmsys] C:\WINDOWS\system32\amcxlss.exe
O4 - HKCU\..\Run: [winksddm] C:\WINDOWS\system32\jvmmods.exe
O4 - HKCU\..\Run: [lsmdwinr] C:\WINDOWS\system32\vstldmem.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: (no name) - {A4F64D63-3576-4754-8DD5-4D0A49345FD5} - (no file) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O20 - Winlogon Notify: efccdby - C:\WINDOWS\SYSTEM32\efccdby.dll
O20 - Winlogon Notify: jkklj - C:\WINDOWS\system32\jkklj.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: app_filter - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
0
green day Messages postés 26364 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 165
4 févr. 2007 à 18:50
Salut

ok fais les manips de ce lien stp :

virus methode preliminaire de desinfection version fr

++
0
romanza Messages postés 250 Date d'inscription samedi 27 janvier 2007 Statut Membre Dernière intervention 4 octobre 2021 2
9 févr. 2007 à 23:34
Ci-joint :


BitDefender Online Scanner







Scan report generated at: Fri, Feb 09, 2007 - 09:30:55









Scan path: C:\;D:\;E:\;F:\;















Statistics

Time


01:59:28

Files


402413

Folders


7806

Boot Sectors


3

Archives


2906

Packed Files


32731







Results

Identified Viruses


2

Infected Files


2

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


2







Engines Info

Virus Definitions


419508

Engine build


AVCORE v1.0 (build 2371) (i386) (Dec 13 2006 11:16:42)

Scan plugins


14

Archive plugins


38

Unpack plugins


6

E-mail plugins


6

System plugins


1







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\System Volume Information\_restore{F1C592E0-0B29-408C-9162-B671143E145D}\RP2\A0003618.exe=>(NSIS o)=>lzma_nsis0040


Infected with: Dropped:Application.Adware.NewDotNet.A

C:\System Volume Information\_restore{F1C592E0-0B29-408C-9162-B671143E145D}\RP2\A0003618.exe=>(NSIS o)=>lzma_nsis0040


Disinfection failed

C:\System Volume Information\_restore{F1C592E0-0B29-408C-9162-B671143E145D}\RP2\A0003618.exe=>(NSIS o)=>lzma_nsis0040


Deleted

C:\System Volume Information\_restore{F1C592E0-0B29-408C-9162-B671143E145D}\RP2\A0003618.exe=>(NSIS o)


Update failed

C:\System Volume Information\_restore{F1C592E0-0B29-408C-9162-B671143E145D}\RP2\A0003618.exe=>(NSIS o)=>lzma_nsis0041


Infected with: Trojan.Downloader.Swizzor.DO

C:\System Volume Information\_restore{F1C592E0-0B29-408C-9162-B671143E145D}\RP2\A0003618.exe=>(NSIS o)=>lzma_nsis0041


Disinfection failed

C:\System Volume Information\_restore{F1C592E0-0B29-408C-9162-B671143E145D}\RP2\A0003618.exe=>(NSIS o)=>lzma_nsis0041


Deleted

C:\System Volume Information\_restore{F1C592E0-0B29-408C-9162-B671143E145D}\RP2\A0003618.exe=>(NSIS o)


Update failed












BitDefender Online Scanner







Scan report generated at: Fri, Feb 09, 2007 - 09:30:55









Scan path: C:\;D:\;E:\;F:\;















Statistics

Time


01:59:28

Files


402413

Folders


7806

Boot Sectors


3

Archives


2906

Packed Files


32731







Results

Identified Viruses


2

Infected Files


2

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


2







Engines Info

Virus Definitions


419508

Engine build


AVCORE v1.0 (build 2371) (i386) (Dec 13 2006 11:16:42)

Scan plugins


14

Archive plugins


38

Unpack plugins


6

E-mail plugins


6

System plugins


1







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\System Volume Information\_restore{F1C592E0-0B29-408C-9162-B671143E145D}\RP2\A0003618.exe=>(NSIS o)=>lzma_nsis0040


Infected with: Dropped:Application.Adware.NewDotNet.A

C:\System Volume Information\_restore{F1C592E0-0B29-408C-9162-B671143E145D}\RP2\A0003618.exe=>(NSIS o)=>lzma_nsis0040


Disinfection failed

C:\System Volume Information\_restore{F1C592E0-0B29-408C-9162-B671143E145D}\RP2\A0003618.exe=>(NSIS o)=>lzma_nsis0040


Deleted

C:\System Volume Information\_restore{F1C592E0-0B29-408C-9162-B671143E145D}\RP2\A0003618.exe=>(NSIS o)


Update failed

C:\System Volume Information\_restore{F1C592E0-0B29-408C-9162-B671143E145D}\RP2\A0003618.exe=>(NSIS o)=>lzma_nsis0041


Infected with: Trojan.Downloader.Swizzor.DO

C:\System Volume Information\_restore{F1C592E0-0B29-408C-9162-B671143E145D}\RP2\A0003618.exe=>(NSIS o)=>lzma_nsis0041


Disinfection failed

C:\System Volume Information\_restore{F1C592E0-0B29-408C-9162-B671143E145D}\RP2\A0003618.exe=>(NSIS o)=>lzma_nsis0041


Deleted

C:\System Volume Information\_restore{F1C592E0-0B29-408C-9162-B671143E145D}\RP2\A0003618.exe=>(NSIS o)


Update failed




Logfile of HijackThis v1.99.1
Scan saved at 23:33:25, on 09/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\dllzzvyj.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\amcxlss.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\gmonstml.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\PASCAL\Bureau\CCM.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C9678E2-77AC-4CAD-89EA-9E3F980C73C4} - C:\WINDOWS\system32\efccdby.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {FB91FD49-FA77-4234-A8CB-13C2F3569937} - C:\WINDOWS\system32\jkklj.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.EXE
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [lmjvservc] dllzzvyj.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [coal funk] C:\DOCUME~1\PASCAL\APPLIC~1\CITYPO~1\Soapview.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [lvcdmsys] C:\WINDOWS\system32\amcxlss.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: (no name) - {A4F64D63-3576-4754-8DD5-4D0A49345FD5} - (no file) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O20 - Winlogon Notify: efccdby - C:\WINDOWS\SYSTEM32\efccdby.dll
O20 - Winlogon Notify: jkklj - C:\WINDOWS\system32\jkklj.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: app_filter - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
0
green day Messages postés 26364 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 165
9 févr. 2007 à 23:40
Salut

# Télécharge Blacklight (de F-Secure) :

https://europe.f-secure.com/exclude/blacklight/index.shtml

et sauvegarde le sur ton Bureau.

Double-clique blbeta.exe et accepte la licence ;clique Scan puis Next

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

Copie et colle le contenu de ce rapport dans ta prochaine réponse

# Télécharge ComboFix (par sUBs) d'un de ces liens sur ton bureau:

http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/combofix.exe


Double clique combofix.exe et suis les invites

Poste le rapport ici stp

@+
0
romanza Messages postés 250 Date d'inscription samedi 27 janvier 2007 Statut Membre Dernière intervention 4 octobre 2021 2
10 févr. 2007 à 08:23
Salut, voilà :


02/10/07 08:06:33 [Info]: BlackLight Engine 1.0.55 initialized
02/10/07 08:06:33 [Info]: OS: 5.1 build 2600 (Service Pack 2)
02/10/07 08:06:33 [Note]: 7019 4
02/10/07 08:06:33 [Note]: 7005 0
02/10/07 08:06:35 [Note]: 7006 0
02/10/07 08:06:35 [Note]: 7011 168
02/10/07 08:06:35 [Note]: 7026 0
02/10/07 08:06:35 [Note]: 7026 0
02/10/07 08:06:41 [Note]: FSRAW library version 1.7.1021
02/10/07 08:14:41 [Note]: 7007 0









"PASCAL" - 07-02-10 8:16:18 Service Pack 2
ComboFix 07-02-08.2 - Running from: "C:\Documents and Settings\PASCAL\Bureau\Utilitares r‚solution virus"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Fichiers communs\Yazzle1162OinUninstaller.exe
C:\Program Files\INSTALL.LOG
C:\WINDOWS\system32\drivers\npf.sys
C:\Program Files\Fichiers communs\{10A6E~2
C:\Program Files\Fichiers communs\{10A6E~1
C:\Program Files\Fichiers communs\{30A6E~1
C:\DOCUME~1\PASCAL\Application Data\SearchToolbarCorp
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\ICROSO~1


((((((((((((((((((((((((((((((( Files Created from 2007-01-10 to 2007-02-10 ))))))))))))))))))))))))))))))))))


2007-02-09 10:54 74,094 --a------ C:\WINDOWS\yhgnrknfref.exe
2007-02-09 10:28 1,635 --a------ C:\WINDOWS\qefnjnwd.exe
2007-02-09 07:30 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-02-09 07:29 77,466 --a------ C:\WINDOWS\hrefnkndefsd.exe
2007-02-04 19:23 70,123 --a------ C:\WINDOWS\gtjekmnkew.exe
2007-02-04 19:07 70,929 --a------ C:\WINDOWS\tojndkedewf.exe
2007-02-04 18:05 77,466 --a------ C:\WINDOWS\bgtrneiknkjnew.exe
2007-02-03 23:40 70,123 --a------ C:\WINDOWS\wijnjre.exe
2007-02-03 22:05 70,929 --a------ C:\WINDOWS\frewinefew.exe
2007-02-03 20:39 77,466 --a------ C:\WINDOWS\debcjnkfd.exe
2007-02-03 18:19 71,833 --a------ C:\WINDOWS\rfhijikgre.exe
2007-02-03 17:58 71,833 --a------ C:\WINDOWS\nsicknjnfew.exe
2007-02-02 23:00 503,921 ---hs---- C:\WINDOWS\system32\jlkkj.ini2
2007-02-01 19:39 70,956 --a------ C:\WINDOWS\xnwinenewd.exe
2007-01-31 21:50 70,956 --a------ C:\WINDOWS\hoinkndw.exe
2007-01-30 23:43 <REP> d-------- C:\Bases
2007-01-30 23:32 <REP> d-------- C:\Kaspersky
2007-01-30 18:33 <REP> d-------- C:\avenger
2007-01-30 18:30 60,416 --a------ C:\WINDOWS\system32\drivers\uw^rcuxt.sys
2007-01-30 18:30 <REP> d-------- C:\Rustbfix
2007-01-30 18:28 60,416 --a------ C:\WINDOWS\system32\drivers\xanxojki.sys
2007-01-30 18:28 1,080 --a------ C:\bucelmsm.bat
2007-01-28 17:36 501,452 ---hs---- C:\WINDOWS\system32\jlkkj.bak2
2007-01-28 16:55 <REP> d-------- C:\Program Files\Alwil Software
2007-01-28 11:06 475,170 ---hs---- C:\WINDOWS\system32\jlkkj.bak1
2007-01-27 22:08 70,956 --a------ C:\WINDOWS\vwbydhekf.exe
2007-01-27 22:08 23,040 --a------ C:\WINDOWS\system32\drivers\GVTDrv.sys
2007-01-27 19:31 <REP> d-------- C:\VundoFix Backups
2007-01-27 16:35 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Yahoo! Companion
2007-01-27 12:57 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-01-27 12:57 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-01-27 12:57 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-01-27 12:57 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2007-01-27 12:57 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-01-27 12:57 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2007-01-27 12:54 <REP> d-------- C:\Program Files\ewido anti-spyware 4.0
2007-01-27 12:53 <REP> d-------- C:\Program Files\Yahoo!
2007-01-27 12:53 <REP> d-------- C:\Program Files\CCleaner
2007-01-21 19:31 <REP> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Bitdefender
2007-01-21 12:46 <REP> d-------- C:\DOCUME~1\PASCAL\Application Data\Lavasoft
2007-01-21 10:52 <REP> d-------- C:\WINDOWS\pss
2007-01-20 20:09 <REP> d-------- C:\WINDOWS\report
2007-01-20 20:08 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-01-20 20:08 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2007-01-20 20:08 229,957 --a------ C:\WINDOWS\tsc.exe
2007-01-20 20:08 1,101,904 --a------ C:\WINDOWS\vsapi32.dll
2007-01-20 20:08 <REP> d-------- C:\WINDOWS\AU_Backup
2007-01-20 20:02 <REP> d-------- C:\WINDOWS\AU_Temp
2007-01-20 20:02 <REP> d-------- C:\WINDOWS\AU_Log
2007-01-20 20:01 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-01-20 20:01 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-01-20 20:01 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-01-20 18:04 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\BitDefender
2007-01-18 20:38 3,780 --a------ C:\WINDOWS\system32\tmp.reg
2007-01-18 20:20 <REP> d-------- C:\DOCUME~1\LOCALS~1\Application Data\BitDefender
2007-01-18 20:18 277,044 ---hs---- C:\WINDOWS\system32\jkklj.dll
2007-01-18 20:14 83,956 --a------ C:\WINDOWS\ghrgeghf.exe
2007-01-18 20:14 79,878 --a------ C:\WINDOWS\nimnkwfw.exe
2007-01-17 20:35 <REP> d-------- C:\DOCUME~1\PASCAL\Application Data\BitDefender
2007-01-16 20:42 22,029 ---hs---- C:\WINDOWS\system32\efccdby.dll
2007-01-16 20:42 0 --a------ C:\WINDOWS\aconti.exe
2007-01-16 20:42 <REP> d-------- C:\Program Files\mediaring talk
2007-01-16 20:42 <REP> d-------- C:\Program Files\acenotes free


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-10 08:17 -------- d-------- C:\DOCUME~1\PASCAL\Application Data\skype
2007-02-10 08:15 -------- d-------- C:\Program Files\mozilla firefox
2007-02-04 20:26 -------- d-------- C:\Program Files\steam
2007-02-04 09:50 33704 --a------ C:\DOCUME~1\PASCAL\Application Data\gdipfontcachev1.dat
2007-01-30 22:26 -------- d-------- C:\DOCUME~1\PASCAL\Application Data\azureus
2007-01-30 19:11 -------- d-------- C:\Program Files\azureus
2007-01-22 20:18 -------- d-------- C:\Program Files\divx
2007-01-21 19:38 -------- d-------- C:\Program Files\slysoft
2007-01-21 11:32 -------- d-------- C:\Program Files\radio fr solo
2007-01-21 10:46 -------- d-------- C:\Program Files\limewire
2007-01-20 10:17 29 --a------ C:\WINDOWS\system32\getfile.dat
2007-01-16 20:43 -------- d-------- C:\Program Files\common files
2007-01-08 20:24 -------- d-------- C:\DOCUME~1\PASCAL\Application Data\vlc
2007-01-08 20:23 -------- d-------- C:\Program Files\videolan
2006-12-21 10:28 -------- d-------- C:\Program Files\windows media connect 2
2006-12-20 20:40 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-12-10 14:55 -------- d-------- C:\Program Files\archos mp4sp
2006-12-10 14:41 56 -r-hs---- C:\WINDOWS\system32\18d9fd8534.sys
2006-12-10 14:41 11270 --ahs---- C:\WINDOWS\system32\kgygaavl.sys
2006-12-10 14:18 -------- d-------- C:\Program Files\xvid


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"coal funk"="C:\\DOCUME~1\\PASCAL\\APPLIC~1\\CITYPO~1\\Soapview.exe"
"Steam"=""
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Fichiers communs\\Ahead\\lib\\NMBgMonitor.exe\""
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"RoboForm"="\"C:\\Program Files\\Siber Systems\\AI RoboForm\\RoboTaskBarIcon.exe\""
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Display Drivers"=""
"netmanagerservice"=""
"lvcdmsys"="C:\\WINDOWS\\system32\\amcxlss.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\intnets]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\Winlogon]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\Winlogon\Notify]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\Winlogon\Notify\mallocator]
"DllName"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]
"Microsoft Services"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"nTrayFw"="C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\bin\\nTrayFw.exe"
"SoundMan"="SOUNDMAN.EXE"
"NVRTCLK"="C:\\WINDOWS\\system32\\NVRTCLK\\NVRTClk.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"VGAUtil"="C:\\Program Files\\GigaByte\\VGA Utility Manager\\G-VGA.EXE"
"CloneDVDElbyDelay"="\"C:\\Program Files\\Elaborate Bytes\\CloneDVD\\ElbyCheck.exe\" /L ElbyDelay"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"ElbyCheckAnyDVD"="\"C:\\Program Files\\SlySoft\\AnyDVD\\ElbyCheck.exe\" /L AnyDVD"
"AnyDVD"="C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Piolet"="C:\\Program Files\\Piolet\\Piolet.exe SILENT"
"LogitechGalleryRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
"lmjvservc"="dllzzvyj.exe"
"BDMCon"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdmcon.exe\" /reg"
"BDAgent"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdagent.exe\""
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DllRunning]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="vgcsfmst"
"hkey"="HKLM"
"command"="rundll32.exe \"C:\\WINDOWS\\system32\\vgcsfmst.dll\",setvm"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wdokbye.dll]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wdokbye"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\rundll32.exe \"C:\\Documents and Settings\\PASCAL\\Local Settings\\Application Data\\wdokbye.dll\",bpzgoi"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="sockspy.dll"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{1C9678E2-77AC-4CAD-89EA-9E3F980C73C4}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efccdby
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkklj
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjyp32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3420adc2-2217-11da-bbc5-806d6172696f}]
Shell\AutoRun\command E:\ASUSACPI.exe


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job


********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-02-10 8:18:11
0
green day Messages postés 26364 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 165
10 févr. 2007 à 13:04
Salut

très bien poste un new hijack stp

++
0
romanza Messages postés 250 Date d'inscription samedi 27 janvier 2007 Statut Membre Dernière intervention 4 octobre 2021 2
11 févr. 2007 à 01:37
Logfile of HijackThis v1.99.1
Scan saved at 01:35:57, on 11/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\amcxlss.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\scmdcon.exe
C:\WINDOWS\system32\sdmmlmn.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\gmonstml.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\PASCAL\Bureau\CCM.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C9678E2-77AC-4CAD-89EA-9E3F980C73C4} - C:\WINDOWS\system32\efccdby.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {EC069314-572E-4C2A-B645-46340EC78C31} - C:\WINDOWS\system32\jkklj.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.EXE
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [lmjvservc] dllzzvyj.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [coal funk] C:\DOCUME~1\PASCAL\APPLIC~1\CITYPO~1\Soapview.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [lvcdmsys] C:\WINDOWS\system32\amcxlss.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: (no name) - {A4F64D63-3576-4754-8DD5-4D0A49345FD5} - (no file) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O20 - Winlogon Notify: efccdby - C:\WINDOWS\SYSTEM32\efccdby.dll
O20 - Winlogon Notify: jkklj - C:\WINDOWS\system32\jkklj.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: app_filter - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
0
green day Messages postés 26364 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 165
11 févr. 2007 à 14:03
Salut

1) Affiche les dossiers système et fichiers cachés :
Ouvrir le poste de travail
- Outils --> Options des dossiers
- Affichage --> zone Paramètres avancés
- Cocher : Afficher le contenu des dossiers système
- Cocher : Afficher les fichiers et dossiers cachés
- Décocher : Masquer les extensions des fichiers dont le type est connu
- Décocher : Masquer les fichiers protégés du système d'exploitation (recommandé)
répondre Oui au message
Clique sur "Appliquer à tous les dossiers"
Clique sur OK

2) Désactiver la Restauration du système

* Cliquez sur le bouton Démarrer.
* Cliquez avec le bouton droit de la souris sur Poste de travail puis cliquez sur Propriétés.
* Dans l'onglet Restauration du système, sélectionnez l'option Désactiver la Restauration du système ou Désactiver la Restauration du système sur tous les lecteurs

( tu pourras la réactivé à la fin de la manip )


3) Relance hijackthis :

choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :

O2 - BHO: (no name) - {1C9678E2-77AC-4CAD-89EA-9E3F980C73C4} - C:\WINDOWS\system32\efccdby.dll

O2 - BHO: (no name) - {EC069314-572E-4C2A-B645-46340EC78C31} - C:\WINDOWS\system32\jkklj.dll


O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit


O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [lmjvservc] dllzzvyj.exe

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [lvcdmsys] C:\WINDOWS\system32\amcxlss.exe


O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html


O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/default.aspx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab

O20 - Winlogon Notify: efccdby - C:\WINDOWS\SYSTEM32\efccdby.dll
O20 - Winlogon Notify: jkklj - C:\WINDOWS\system32\jkklj.dll

O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)



4) Télécharge Killbox sur ton Bureau :

http://www.downloads.subratam.org/KillBox.exe

Double-clique killbox.exe.

Copie le texte gras ci-bas (sélectionne tout avec ta souris, clic-droit et "Copier") :


C:\WINDOWS\SYSTEM32\efccdby.dll
C:\WINDOWS\system32\jkklj.dll
winjyp32.dll
C:\WINDOWS\system32\amcxlss.exe
dllzzvyj.exe



* Sélectionnz "delete on reboot"
* Cliquez sur le menu "File" -> "Past from clip board"
* Cliquez sur All Files
* Cliquez sur la croix rouge et et blanche
* Répondez yes et laisse redémarrer ton pc.
*poste un nouveau blacklight

cf démo : http://mickael.barroux.free.fr/securite/killbox.html


passe un coup de ccleaner + cleanup :

* CleanUp40 (qui élimine les fichiers temporaires + cookies : gratuit )
http://pageperso.aol.fr/Balltrap34/CleanUp40.exe

tuto : (merci à Balltrap) http://pageperso.aol.fr/balltrap34/democleanup.htm


5) Télécharge LopxpMH sur ton Bureau.

http://perso.numericable.fr/~altshift/Info/Fichiers/lopxpMH2.zip

Dézippe-le (clic droit >> Extraire ici) et double clique sur le fichier lopxpMH.bat.

Poste le contenu du rapport stp


6) fais ceci :

HijackThis -> Open the misc tools sections -> open Uninstall manager -> clique sur "Save list" -> enregistre le fichier -> fais-en un copier/coller ici.


bon courage,@+





La sagesse, c'est d'avoir des rêves suffisamment grands pour ne pas les
perdre de vue lorsqu'on les poursuit. (Oscar Wilde)
0
romanza Messages postés 250 Date d'inscription samedi 27 janvier 2007 Statut Membre Dernière intervention 4 octobre 2021 2
15 févr. 2007 à 22:11
Voilà


Killbox ne reboot pas !

Rapport fait à 20:42:18,92 le 11/02/2007

******************************************
## Répertoires Application Data

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\Administrateur\Application Data

28/05/2006 12:14 <REP> .
28/05/2006 12:14 <REP> ..
28/05/2006 12:14 <REP> Microsoft
28/05/2006 12:14 62 desktop.ini
1 fichier(s) 62 octets
3 R‚p(s) 47ÿ908ÿ737ÿ024 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\Administrateur\Local Settings\Application Data

28/05/2006 12:14 <REP> .
28/05/2006 12:14 <REP> ..
28/05/2006 12:14 <REP> Microsoft
09/09/2006 18:50 3ÿ584 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
1 fichier(s) 3ÿ584 octets
3 R‚p(s) 47ÿ908ÿ732ÿ928 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\All Users\Application Data

10/09/2005 17:23 <REP> .
10/09/2005 17:23 <REP> ..
17/09/2005 16:00 <REP> Adobe
31/10/2005 11:25 <REP> Ahead
05/03/2006 12:01 <REP> Apple Computer
05/11/2005 20:26 <REP> CyberLink
15/04/2006 22:29 <REP> DVD Shrink
10/09/2006 10:26 <REP> Macromedia
10/09/2005 17:23 <REP> Microsoft
11/09/2005 10:13 <REP> nView_Profiles
01/10/2005 10:41 <REP> QuickTime
13/09/2005 18:53 <REP> RoadTheMealBat
27/05/2006 15:41 <REP> RoboForm
10/11/2005 23:06 <REP> Skype
16/09/2005 20:58 <REP> Spybot - Search & Destroy
11/09/2005 08:25 <REP> Symantec
09/07/2006 11:30 <REP> TechSmith
28/10/2005 18:26 <REP> Ulead Systems
13/11/2005 18:53 <REP> vidcap
10/09/2005 11:48 <REP> Windows Genuine Advantage
27/01/2007 16:35 <REP> Yahoo! Companion
10/09/2005 17:25 62 desktop.ini
05/03/2006 12:03 1ÿ767 QTSBandwidthCache
2 fichier(s) 1ÿ829 octets
21 R‚p(s) 47ÿ908ÿ732ÿ928 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\Default User\Application Data

10/09/2005 17:23 <REP> .
10/09/2005 17:23 <REP> ..
10/09/2005 17:23 <REP> Microsoft
10/09/2005 17:25 62 desktop.ini
1 fichier(s) 62 octets
3 R‚p(s) 47ÿ908ÿ732ÿ928 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\Default User\Local Settings\Application Data

10/09/2005 17:25 <REP> .
10/09/2005 17:25 <REP> ..
10/09/2005 15:41 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 47ÿ908ÿ732ÿ928 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\LocalService\Application Data

10/09/2005 15:50 <REP> .
10/09/2005 15:50 <REP> ..
10/09/2005 15:50 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 47ÿ908ÿ732ÿ928 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data

10/09/2005 15:50 <REP> .
10/09/2005 15:50 <REP> ..
10/09/2005 15:50 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 47ÿ908ÿ732ÿ928 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\NetworkService\Application Data

10/09/2005 15:44 <REP> .
10/09/2005 15:44 <REP> ..
10/09/2005 15:44 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 47ÿ908ÿ728ÿ832 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data

10/09/2005 15:44 <REP> .
10/09/2005 15:44 <REP> ..
10/09/2005 15:44 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 47ÿ908ÿ728ÿ832 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\PASCAL\Application Data

10/09/2005 15:53 <REP> .
10/09/2005 15:53 <REP> ..
14/08/2006 11:19 <REP> .BitTornado
17/09/2005 15:05 <REP> .bittorrent
17/09/2005 16:01 <REP> Adobe
17/09/2005 16:03 <REP> AdobeUM
01/11/2005 20:02 <REP> Ahead
05/03/2006 12:03 <REP> Apple Computer
17/09/2005 14:37 <REP> Azureus
13/09/2005 18:53 <REP> CityPokeTest
20/09/2005 17:58 <REP> CyberLink
19/11/2005 12:19 <REP> eConf
15/09/2005 19:26 <REP> Google
11/09/2005 12:29 <REP> Help
10/09/2005 15:53 <REP> Identities
13/09/2005 18:53 <REP> INTERNET DENT
15/04/2006 19:44 <REP> InterVideo
07/05/2006 09:52 <REP> iPodder
11/02/2007 13:06 <REP> Jetico Personal Firewall
21/01/2007 12:46 <REP> Lavasoft
10/09/2005 22:07 <REP> Macromedia
10/09/2005 15:53 <REP> Microsoft
03/12/2005 12:12 <REP> Mozilla
16/09/2005 21:06 <REP> Real
11/02/2007 12:08 <REP> SearchToolbarCorp
17/09/2005 16:37 <REP> Shareaza
10/11/2005 23:06 <REP> Skype
17/09/2005 14:37 <REP> Sun
11/09/2005 08:25 <REP> Symantec
28/10/2005 18:28 <REP> Ulead Systems
08/04/2006 17:02 <REP> uTorrent
08/01/2007 20:24 <REP> vlc
10/09/2005 15:53 62 desktop.ini
17/07/2006 21:00 33ÿ704 GDIPFONTCACHEV1.DAT
2 fichier(s) 33ÿ766 octets
32 R‚p(s) 47ÿ908ÿ728ÿ832 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\PASCAL\Local Settings\Application Data

10/09/2005 15:53 <REP> .
10/09/2005 15:53 <REP> ..
17/09/2005 16:03 <REP> Adobe
01/11/2005 22:44 <REP> Ahead
05/03/2006 12:03 <REP> Apple Computer
11/09/2005 12:29 <REP> Help
11/09/2005 12:01 <REP> Identities
10/09/2005 15:53 <REP> Microsoft
03/12/2005 12:12 <REP> Mozilla
17/09/2005 16:37 <REP> Shareaza
06/07/2006 19:49 <REP> TechSmith
11/09/2005 15:43 235ÿ008 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
10/09/2005 22:05 33ÿ704 GDIPFONTCACHEV1.DAT
05/02/2006 15:02 2ÿ644ÿ274 IconCache.db
3 fichier(s) 2ÿ912ÿ986 octets
11 R‚p(s) 47ÿ908ÿ728ÿ832 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\WINDOWS\system32\config\systemprofile\Application Data

10/09/2005 15:43 <REP> .
10/09/2005 15:43 <REP> ..
10/09/2005 15:43 <REP> Microsoft
10/09/2005 15:43 62 desktop.ini
1 fichier(s) 62 octets
3 R‚p(s) 47ÿ908ÿ728ÿ832 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data

10/09/2005 15:43 <REP> .
10/09/2005 15:43 <REP> ..
10/09/2005 15:43 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 47ÿ908ÿ724ÿ736 octets libres

******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\WINDOWS\Tasks

28/05/2006 11:50 366 Symantec NetDetect.job
10/09/2005 15:50 6 SA.DAT
10/09/2005 15:39 65 desktop.ini
10/09/2005 15:39 <REP> ..
10/09/2005 15:39 <REP> .
3 fichier(s) 437 octets
2 R‚p(s) 47ÿ908ÿ724ÿ736 octets libres

******************************************
## Répertoires de Program files

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Program Files

11/02/2007 13:01 <REP> .
11/02/2007 13:01 <REP> ..
19/04/2006 22:10 <REP> 3ivx
16/01/2007 20:42 <REP> acenotes free
17/09/2005 16:00 <REP> Adobe
17/08/2006 10:28 <REP> Ahead
28/01/2007 16:55 <REP> Alwil Software
10/09/2005 10:59 <REP> AMD
26/11/2005 16:53 <REP> Anuman Interactive
10/12/2006 14:55 <REP> Archos MP4SP
05/11/2005 20:25 <REP> ASUSTek
17/09/2006 08:34 <REP> AudioCDMagic
15/08/2006 15:25 <REP> AvantGo Connect
03/03/2006 23:39 <REP> AVI MPEG RM WMV Joiner
15/04/2006 23:15 <REP> AviSynth 2.5
10/09/2005 10:58 <REP> AvRack
30/01/2007 19:11 <REP> Azureus
07/04/2006 20:41 <REP> BitComet
06/07/2006 19:19 <REP> CamStudio
08/10/2005 17:27 <REP> Canon
27/01/2007 12:53 <REP> CCleaner
16/09/2006 11:34 <REP> CDex_150
13/09/2005 18:53 <REP> CityPokeTest
16/01/2007 20:43 <REP> Common Files
10/09/2005 15:39 <REP> ComPlus Applications
16/09/2006 11:28 <REP> CREATIVE
05/11/2005 20:26 <REP> CyberLink
17/09/2006 08:26 <REP> Dealio
13/11/2005 19:06 <REP> directx
22/01/2007 20:18 <REP> DivX
24/04/2006 22:06 <REP> DivXMachine II
15/04/2006 22:29 <REP> DVD Shrink
16/09/2005 21:10 <REP> Elaborate Bytes
17/08/2006 13:40 <REP> eMule
11/02/2007 12:25 <REP> ESET
10/02/2007 20:07 <REP> ewido anti-spyware 4.0
13/05/2006 19:00 <REP> FairUse Wizard 2
15/04/2006 23:15 <REP> ffvfw
10/02/2007 08:17 <REP> Fichiers communs
05/02/2006 19:37 <REP> FlashGet
10/09/2005 11:19 <REP> GigaByte
14/04/2006 06:52 <REP> Google
13/09/2005 22:00 <REP> Imprimante canon
16/12/2006 22:21 <REP> Internet Explorer
03/09/2006 17:56 <REP> Intuisphere
13/02/2006 23:29 <REP> Java
11/02/2007 13:01 <REP> Jetico
07/05/2006 09:52 <REP> Juice
26/02/2006 12:41 <REP> Lavalys
11/02/2007 11:32 <REP> LimeWire
28/05/2006 11:49 <REP> LiveUpdate Administration
17/09/2006 08:27 <REP> Logitech
10/09/2006 10:26 <REP> Macromedia
10/09/2005 10:57 <REP> Marvell
16/01/2007 20:42 <REP> mediaring talk
10/09/2005 12:01 <REP> Messenger
17/08/2006 11:47 <REP> Micro Application
02/09/2006 09:29 <REP> Microsoft ActiveSync
10/09/2005 15:42 <REP> microsoft frontpage
02/09/2006 09:28 <REP> Microsoft Office
02/09/2006 09:34 <REP> Microsoft Visual Studio
19/08/2006 19:03 <REP> MixMeister BPM Analyzer
25/04/2006 13:10 <REP> Monkey's Audio
16/04/2006 01:17 <REP> Morgan
10/09/2005 15:39 <REP> Movie Maker
11/02/2007 20:39 <REP> Mozilla Firefox
10/09/2005 15:37 <REP> MSN
10/09/2005 15:38 <REP> MSN Gaming Zone
15/11/2006 19:55 <REP> MSXML 4.0
20/06/2006 19:06 <REP> MUSK Codec Pack v5
03/12/2005 10:33 <REP> Nero
10/09/2005 15:39 <REP> NetMeeting
24/11/2005 19:56 <REP> Nokia
05/06/2006 09:40 <REP> Norton Internet Security
10/09/2005 16:23 <REP> NVIDIA Corporation
01/10/2005 10:42 <REP> On2 Technologies
10/09/2005 15:38 <REP> Online Services
16/12/2006 22:20 <REP> Outlook Express
18/09/2006 17:45 <REP> PhotoDeluxe 2.0
29/08/2006 18:38 <REP> Piolet
05/03/2006 12:01 <REP> QuickTime
21/01/2007 11:32 <REP> Radio Fr Solo
16/09/2005 21:06 <REP> Real
10/09/2005 10:58 <REP> Realtek Sound Manager
02/09/2006 19:40 <REP> REFERENCE SOFTWARE
16/04/2006 01:16 <REP> Rippackv3
10/09/2005 15:40 <REP> Services en ligne
24/06/2006 10:12 <REP> Siber Systems
10/11/2005 23:06 <REP> Skype
21/01/2007 19:38 <REP> SlySoft
31/12/2006 11:58 <REP> Softwin
19/02/2006 18:14 <REP> SP2 Connection Patcher
19/02/2006 19:08 <REP> Spybot - Search & Destroy
11/02/2007 19:41 <REP> Steam
09/07/2006 11:30 <REP> TechSmith
28/10/2005 18:26 <REP> Ulead Systems
28/10/2006 08:09 <REP> vanBasco's Karaoke Player
08/01/2007 20:23 <REP> VideoLAN
19/08/2006 19:09 <REP> VirtualDJ
25/04/2006 08:53 <REP> VirtualDub
11/02/2007 12:12 <REP> VSAdd-in
09/10/2005 11:15 <REP> vso
19/02/2006 18:54 <REP> Wanadoo
15/09/2005 18:47 <REP> Warez P2P Client
08/05/2006 09:43 <REP> Winamp
15/04/2006 22:50 <REP> WinAVIVideoConverter
06/07/2006 19:48 <REP> Windows Media Components
21/12/2006 10:28 <REP> Windows Media Connect 2
21/12/2006 20:35 <REP> Windows Media Player
10/09/2005 15:38 <REP> Windows NT
05/11/2005 10:54 <REP> WinMX
09/07/2006 13:55 <REP> WinPcap
16/09/2005 21:56 <REP> WinRAR
16/07/2006 14:49 <REP> WinZip
10/07/2006 20:06 <REP> WM Recorder 10.2
10/09/2005 15:42 <REP> xerox
10/12/2006 14:18 <REP> XviD
27/01/2007 12:53 <REP> Yahoo!
0 fichier(s) 0 octets
118 R‚p(s) 47ÿ908ÿ720ÿ640 octets libres

******************************************
## Popups autorisées

* Internet Explorer

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow

* Mozilla Firefox (1 autorisé 2 interdit)

---------- C:\DOCUMENTS AND SETTINGS\PASCAL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R15UP8KJ.DEFAULT\HOSTPERM.1
host popup 1 www.newpct.com
host popup 1 www.fr.ford.be
host popup 1 www.parier.pmu.fr
host popup 1 banner.casinotropez.com

******************************************
## Registre

* [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
coal funk REG_SZ C:\DOCUME~1\PASCAL\APPLIC~1\CITYPO~1\Soapview.exe

* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
command REG_SZ C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\PASCAL\Local Settings\Application Data\wdokbye.dll",bpzgoi

******************************************
## Zones de sécurité

* HKCU Domains (4)

* P3P History (5)

******************************************
## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif"

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\WINDOWS

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\WINDOWS


*************** Fin du rapport ****************
Rapport fait à 22:05:30,71 le 15/02/2007

******************************************
## Répertoires Application Data

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\Administrateur\Application Data

28/05/2006 12:14 <REP> .
28/05/2006 12:14 <REP> ..
28/05/2006 12:14 <REP> Microsoft
28/05/2006 12:14 62 desktop.ini
1 fichier(s) 62 octets
3 R‚p(s) 47ÿ877ÿ009ÿ408 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\Administrateur\Local Settings\Application Data

28/05/2006 12:14 <REP> .
28/05/2006 12:14 <REP> ..
28/05/2006 12:14 <REP> Microsoft
09/09/2006 18:50 3ÿ584 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
1 fichier(s) 3ÿ584 octets
3 R‚p(s) 47ÿ877ÿ009ÿ408 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\All Users\Application Data

10/09/2005 17:23 <REP> .
10/09/2005 17:23 <REP> ..
17/09/2005 16:00 <REP> Adobe
31/10/2005 11:25 <REP> Ahead
05/03/2006 12:01 <REP> Apple Computer
05/11/2005 20:26 <REP> CyberLink
15/04/2006 22:29 <REP> DVD Shrink
10/09/2006 10:26 <REP> Macromedia
10/09/2005 17:23 <REP> Microsoft
11/09/2005 10:13 <REP> nView_Profiles
01/10/2005 10:41 <REP> QuickTime
13/09/2005 18:53 <REP> RoadTheMealBat
27/05/2006 15:41 <REP> RoboForm
10/11/2005 23:06 <REP> Skype
16/09/2005 20:58 <REP> Spybot - Search & Destroy
11/09/2005 08:25 <REP> Symantec
09/07/2006 11:30 <REP> TechSmith
28/10/2005 18:26 <REP> Ulead Systems
13/11/2005 18:53 <REP> vidcap
10/09/2005 11:48 <REP> Windows Genuine Advantage
27/01/2007 16:35 <REP> Yahoo! Companion
10/09/2005 17:25 62 desktop.ini
05/03/2006 12:03 1ÿ767 QTSBandwidthCache
2 fichier(s) 1ÿ829 octets
21 R‚p(s) 47ÿ877ÿ009ÿ408 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\Default User\Application Data

10/09/2005 17:23 <REP> .
10/09/2005 17:23 <REP> ..
10/09/2005 17:23 <REP> Microsoft
10/09/2005 17:25 62 desktop.ini
1 fichier(s) 62 octets
3 R‚p(s) 47ÿ877ÿ009ÿ408 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\Default User\Local Settings\Application Data

10/09/2005 17:25 <REP> .
10/09/2005 17:25 <REP> ..
10/09/2005 15:41 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 47ÿ877ÿ009ÿ408 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\LocalService\Application Data

10/09/2005 15:50 <REP> .
10/09/2005 15:50 <REP> ..
10/09/2005 15:50 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 47ÿ877ÿ009ÿ408 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data

10/09/2005 15:50 <REP> .
10/09/2005 15:50 <REP> ..
10/09/2005 15:50 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 47ÿ877ÿ005ÿ312 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\NetworkService\Application Data

10/09/2005 15:44 <REP> .
10/09/2005 15:44 <REP> ..
10/09/2005 15:44 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 47ÿ877ÿ005ÿ312 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data

10/09/2005 15:44 <REP> .
10/09/2005 15:44 <REP> ..
10/09/2005 15:44 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 47ÿ877ÿ005ÿ312 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\PASCAL\Application Data

10/09/2005 15:53 <REP> .
10/09/2005 15:53 <REP> ..
14/08/2006 11:19 <REP> .BitTornado
17/09/2005 15:05 <REP> .bittorrent
17/09/2005 16:01 <REP> Adobe
17/09/2005 16:03 <REP> AdobeUM
01/11/2005 20:02 <REP> Ahead
05/03/2006 12:03 <REP> Apple Computer
17/09/2005 14:37 <REP> Azureus
13/09/2005 18:53 <REP> CityPokeTest
20/09/2005 17:58 <REP> CyberLink
19/11/2005 12:19 <REP> eConf
15/09/2005 19:26 <REP> Google
11/09/2005 12:29 <REP> Help
10/09/2005 15:53 <REP> Identities
13/09/2005 18:53 <REP> INTERNET DENT
15/04/2006 19:44 <REP> InterVideo
07/05/2006 09:52 <REP> iPodder
11/02/2007 13:06 <REP> Jetico Personal Firewall
21/01/2007 12:46 <REP> Lavasoft
10/09/2005 22:07 <REP> Macromedia
10/09/2005 15:53 <REP> Microsoft
03/12/2005 12:12 <REP> Mozilla
16/09/2005 21:06 <REP> Real
11/02/2007 12:08 <REP> SearchToolbarCorp
17/09/2005 16:37 <REP> Shareaza
10/11/2005 23:06 <REP> Skype
17/09/2005 14:37 <REP> Sun
11/09/2005 08:25 <REP> Symantec
28/10/2005 18:28 <REP> Ulead Systems
08/04/2006 17:02 <REP> uTorrent
08/01/2007 20:24 <REP> vlc
10/09/2005 15:53 62 desktop.ini
17/07/2006 21:00 33ÿ704 GDIPFONTCACHEV1.DAT
2 fichier(s) 33ÿ766 octets
32 R‚p(s) 47ÿ877ÿ005ÿ312 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\PASCAL\Local Settings\Application Data

10/09/2005 15:53 <REP> .
10/09/2005 15:53 <REP> ..
17/09/2005 16:03 <REP> Adobe
01/11/2005 22:44 <REP> Ahead
05/03/2006 12:03 <REP> Apple Computer
11/09/2005 12:29 <REP> Help
11/09/2005 12:01 <REP> Identities
10/09/2005 15:53 <REP> Microsoft
03/12/2005 12:12 <REP> Mozilla
17/09/2005 16:37 <REP> Shareaza
06/07/2006 19:49 <REP> TechSmith
11/09/2005 15:43 235ÿ008 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
10/09/2005 22:05 33ÿ704 GDIPFONTCACHEV1.DAT
05/02/2006 15:02 2ÿ644ÿ274 IconCache.db
3 fichier(s) 2ÿ912ÿ986 octets
11 R‚p(s) 47ÿ877ÿ005ÿ312 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\WINDOWS\system32\config\systemprofile\Application Data

10/09/2005 15:43 <REP> .
10/09/2005 15:43 <REP> ..
10/09/2005 15:43 <REP> Microsoft
10/09/2005 15:43 62 desktop.ini
1 fichier(s) 62 octets
3 R‚p(s) 47ÿ877ÿ001ÿ216 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data

10/09/2005 15:43 <REP> .
10/09/2005 15:43 <REP> ..
10/09/2005 15:43 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 47ÿ877ÿ001ÿ216 octets libres

******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\WINDOWS\Tasks

28/05/2006 11:50 366 Symantec NetDetect.job
10/09/2005 15:50 6 SA.DAT
10/09/2005 15:39 65 desktop.ini
10/09/2005 15:39 <REP> ..
10/09/2005 15:39 <REP> .
3 fichier(s) 437 octets
2 R‚p(s) 47ÿ877ÿ001ÿ216 octets libres

******************************************
## Répertoires de Program files

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Program Files

11/02/2007 13:01 <REP> .
11/02/2007 13:01 <REP> ..
19/04/2006 22:10 <REP> 3ivx
16/01/2007 20:42 <REP> acenotes free
17/09/2005 16:00 <REP> Adobe
17/08/2006 10:28 <REP> Ahead
28/01/2007 16:55 <REP> Alwil Software
10/09/2005 10:59 <REP> AMD
26/11/2005 16:53 <REP> Anuman Interactive
10/12/2006 14:55 <REP> Archos MP4SP
05/11/2005 20:25 <REP> ASUSTek
17/09/2006 08:34 <REP> AudioCDMagic
15/08/2006 15:25 <REP> AvantGo Connect
03/03/2006 23:39 <REP> AVI MPEG RM WMV Joiner
15/04/2006 23:15 <REP> AviSynth 2.5
10/09/2005 10:58 <REP> AvRack
30/01/2007 19:11 <REP> Azureus
07/04/2006 20:41 <REP> BitComet
06/07/2006 19:19 <REP> CamStudio
08/10/2005 17:27 <REP> Canon
27/01/2007 12:53 <REP> CCleaner
16/09/2006 11:34 <REP> CDex_150
13/09/2005 18:53 <REP> CityPokeTest
16/01/2007 20:43 <REP> Common Files
10/09/2005 15:39 <REP> ComPlus Applications
16/09/2006 11:28 <REP> CREATIVE
05/11/2005 20:26 <REP> CyberLink
17/09/2006 08:26 <REP> Dealio
13/11/2005 19:06 <REP> directx
22/01/2007 20:18 <REP> DivX
24/04/2006 22:06 <REP> DivXMachine II
15/04/2006 22:29 <REP> DVD Shrink
16/09/2005 21:10 <REP> Elaborate Bytes
17/08/2006 13:40 <REP> eMule
15/02/2007 22:01 <REP> ESET
15/02/2007 22:00 <REP> ewido anti-spyware 4.0
13/05/2006 19:00 <REP> FairUse Wizard 2
15/04/2006 23:15 <REP> ffvfw
10/02/2007 08:17 <REP> Fichiers communs
05/02/2006 19:37 <REP> FlashGet
10/09/2005 11:19 <REP> GigaByte
14/04/2006 06:52 <REP> Google
13/09/2005 22:00 <REP> Imprimante canon
16/12/2006 22:21 <REP> Internet Explorer
03/09/2006 17:56 <REP> Intuisphere
13/02/2006 23:29 <REP> Java
11/02/2007 13:01 <REP> Jetico
07/05/2006 09:52 <REP> Juice
26/02/2006 12:41 <REP> Lavalys
11/02/2007 11:32 <REP> LimeWire
28/05/2006 11:49 <REP> LiveUpdate Administration
17/09/2006 08:27 <REP> Logitech
10/09/2006 10:26 <REP> Macromedia
10/09/2005 10:57 <REP> Marvell
16/01/2007 20:42 <REP> mediaring talk
10/09/2005 12:01 <REP> Messenger
17/08/2006 11:47 <REP> Micro Application
02/09/2006 09:29 <REP> Microsoft ActiveSync
10/09/2005 15:42 <REP> microsoft frontpage
02/09/2006 09:28 <REP> Microsoft Office
02/09/2006 09:34 <REP> Microsoft Visual Studio
19/08/2006 19:03 <REP> MixMeister BPM Analyzer
25/04/2006 13:10 <REP> Monkey's Audio
16/04/2006 01:17 <REP> Morgan
10/09/2005 15:39 <REP> Movie Maker
15/02/2007 22:02 <REP> Mozilla Firefox
10/09/2005 15:37 <REP> MSN
10/09/2005 15:38 <REP> MSN Gaming Zone
15/11/2006 19:55 <REP> MSXML 4.0
20/06/2006 19:06 <REP> MUSK Codec Pack v5
03/12/2005 10:33 <REP> Nero
10/09/2005 15:39 <REP> NetMeeting
24/11/2005 19:56 <REP> Nokia
05/06/2006 09:40 <REP> Norton Internet Security
10/09/2005 16:23 <REP> NVIDIA Corporation
01/10/2005 10:42 <REP> On2 Technologies
10/09/2005 15:38 <REP> Online Services
16/12/2006 22:20 <REP> Outlook Express
18/09/2006 17:45 <REP> PhotoDeluxe 2.0
29/08/2006 18:38 <REP> Piolet
05/03/2006 12:01 <REP> QuickTime
21/01/2007 11:32 <REP> Radio Fr Solo
16/09/2005 21:06 <REP> Real
10/09/2005 10:58 <REP> Realtek Sound Manager
02/09/2006 19:40 <REP> REFERENCE SOFTWARE
16/04/2006 01:16 <REP> Rippackv3
10/09/2005 15:40 <REP> Services en ligne
24/06/2006 10:12 <REP> Siber Systems
10/11/2005 23:06 <REP> Skype
21/01/2007 19:38 <REP> SlySoft
31/12/2006 11:58 <REP> Softwin
19/02/2006 18:14 <REP> SP2 Connection Patcher
19/02/2006 19:08 <REP> Spybot - Search & Destroy
11/02/2007 19:41 <REP> Steam
09/07/2006 11:30 <REP> TechSmith
28/10/2005 18:26 <REP> Ulead Systems
28/10/2006 08:09 <REP> vanBasco's Karaoke Player
08/01/2007 20:23 <REP> VideoLAN
19/08/2006 19:09 <REP> VirtualDJ
25/04/2006 08:53 <REP> VirtualDub
11/02/2007 12:12 <REP> VSAdd-in
09/10/2005 11:15 <REP> vso
19/02/2006 18:54 <REP> Wanadoo
15/09/2005 18:47 <REP> Warez P2P Client
08/05/2006 09:43 <REP> Winamp
15/04/2006 22:50 <REP> WinAVIVideoConverter
06/07/2006 19:48 <REP> Windows Media Components
21/12/2006 10:28 <REP> Windows Media Connect 2
21/12/2006 20:35 <REP> Windows Media Player
10/09/2005 15:38 <REP> Windows NT
05/11/2005 10:54 <REP> WinMX
09/07/2006 13:55 <REP> WinPcap
16/09/2005 21:56 <REP> WinRAR
16/07/2006 14:49 <REP> WinZip
10/07/2006 20:06 <REP> WM Recorder 10.2
10/09/2005 15:42 <REP> xerox
10/12/2006 14:18 <REP> XviD
27/01/2007 12:53 <REP> Yahoo!
0 fichier(s) 0 octets
118 R‚p(s) 47ÿ876ÿ997ÿ120 octets libres

******************************************
## Popups autorisées

* Internet Explorer

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow

* Mozilla Firefox (1 autorisé 2 interdit)

---------- C:\DOCUMENTS AND SETTINGS\PASCAL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R15UP8KJ.DEFAULT\HOSTPERM.1
host popup 1 www.newpct.com
host popup 1 www.fr.ford.be
host popup 1 www.parier.pmu.fr
host popup 1 banner.casinotropez.com

******************************************
## Registre

* [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
coal funk REG_SZ C:\DOCUME~1\PASCAL\APPLIC~1\CITYPO~1\Soapview.exe

* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
command REG_SZ C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\PASCAL\Local Settings\Application Data\wdokbye.dll",bpzgoi

******************************************
## Zones de sécurité

* HKCU Domains (4)

* P3P History (5)

******************************************
## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif"

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\WINDOWS

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\WINDOWS


*************** Fin du rapport ****************





Rapport fait à 20:42:18,92 le 11/02/2007

******************************************
## Répertoires Application Data

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\Administrateur\Application Data

28/05/2006 12:14 <REP> .
28/05/2006 12:14 <REP> ..
28/05/2006 12:14 <REP> Microsoft
28/05/2006 12:14 62 desktop.ini
1 fichier(s) 62 octets
3 R‚p(s) 47ÿ908ÿ737ÿ024 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\Administrateur\Local Settings\Application Data

28/05/2006 12:14 <REP> .
28/05/2006 12:14 <REP> ..
28/05/2006 12:14 <REP> Microsoft
09/09/2006 18:50 3ÿ584 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
1 fichier(s) 3ÿ584 octets
3 R‚p(s) 47ÿ908ÿ732ÿ928 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\All Users\Application Data

10/09/2005 17:23 <REP> .
10/09/2005 17:23 <REP> ..
17/09/2005 16:00 <REP> Adobe
31/10/2005 11:25 <REP> Ahead
05/03/2006 12:01 <REP> Apple Computer
05/11/2005 20:26 <REP> CyberLink
15/04/2006 22:29 <REP> DVD Shrink
10/09/2006 10:26 <REP> Macromedia
10/09/2005 17:23 <REP> Microsoft
11/09/2005 10:13 <REP> nView_Profiles
01/10/2005 10:41 <REP> QuickTime
13/09/2005 18:53 <REP> RoadTheMealBat
27/05/2006 15:41 <REP> RoboForm
10/11/2005 23:06 <REP> Skype
16/09/2005 20:58 <REP> Spybot - Search & Destroy
11/09/2005 08:25 <REP> Symantec
09/07/2006 11:30 <REP> TechSmith
28/10/2005 18:26 <REP> Ulead Systems
13/11/2005 18:53 <REP> vidcap
10/09/2005 11:48 <REP> Windows Genuine Advantage
27/01/2007 16:35 <REP> Yahoo! Companion
10/09/2005 17:25 62 desktop.ini
05/03/2006 12:03 1ÿ767 QTSBandwidthCache
2 fichier(s) 1ÿ829 octets
21 R‚p(s) 47ÿ908ÿ732ÿ928 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\Default User\Application Data

10/09/2005 17:23 <REP> .
10/09/2005 17:23 <REP> ..
10/09/2005 17:23 <REP> Microsoft
10/09/2005 17:25 62 desktop.ini
1 fichier(s) 62 octets
3 R‚p(s) 47ÿ908ÿ732ÿ928 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\Default User\Local Settings\Application Data

10/09/2005 17:25 <REP> .
10/09/2005 17:25 <REP> ..
10/09/2005 15:41 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 47ÿ908ÿ732ÿ928 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\LocalService\Application Data

10/09/2005 15:50 <REP> .
10/09/2005 15:50 <REP> ..
10/09/2005 15:50 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 47ÿ908ÿ732ÿ928 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data

10/09/2005 15:50 <REP> .
10/09/2005 15:50 <REP> ..
10/09/2005 15:50 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 47ÿ908ÿ732ÿ928 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\NetworkService\Application Data

10/09/2005 15:44 <REP> .
10/09/2005 15:44 <REP> ..
10/09/2005 15:44 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 47ÿ908ÿ728ÿ832 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data

10/09/2005 15:44 <REP> .
10/09/2005 15:44 <REP> ..
10/09/2005 15:44 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 47ÿ908ÿ728ÿ832 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\PASCAL\Application Data

10/09/2005 15:53 <REP> .
10/09/2005 15:53 <REP> ..
14/08/2006 11:19 <REP> .BitTornado
17/09/2005 15:05 <REP> .bittorrent
17/09/2005 16:01 <REP> Adobe
17/09/2005 16:03 <REP> AdobeUM
01/11/2005 20:02 <REP> Ahead
05/03/2006 12:03 <REP> Apple Computer
17/09/2005 14:37 <REP> Azureus
13/09/2005 18:53 <REP> CityPokeTest
20/09/2005 17:58 <REP> CyberLink
19/11/2005 12:19 <REP> eConf
15/09/2005 19:26 <REP> Google
11/09/2005 12:29 <REP> Help
10/09/2005 15:53 <REP> Identities
13/09/2005 18:53 <REP> INTERNET DENT
15/04/2006 19:44 <REP> InterVideo
07/05/2006 09:52 <REP> iPodder
11/02/2007 13:06 <REP> Jetico Personal Firewall
21/01/2007 12:46 <REP> Lavasoft
10/09/2005 22:07 <REP> Macromedia
10/09/2005 15:53 <REP> Microsoft
03/12/2005 12:12 <REP> Mozilla
16/09/2005 21:06 <REP> Real
11/02/2007 12:08 <REP> SearchToolbarCorp
17/09/2005 16:37 <REP> Shareaza
10/11/2005 23:06 <REP> Skype
17/09/2005 14:37 <REP> Sun
11/09/2005 08:25 <REP> Symantec
28/10/2005 18:28 <REP> Ulead Systems
08/04/2006 17:02 <REP> uTorrent
08/01/2007 20:24 <REP> vlc
10/09/2005 15:53 62 desktop.ini
17/07/2006 21:00 33ÿ704 GDIPFONTCACHEV1.DAT
2 fichier(s) 33ÿ766 octets
32 R‚p(s) 47ÿ908ÿ728ÿ832 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\PASCAL\Local Settings\Application Data

10/09/2005 15:53 <REP> .
10/09/2005 15:53 <REP> ..
17/09/2005 16:03 <REP> Adobe
01/11/2005 22:44 <REP> Ahead
05/03/2006 12:03 <REP> Apple Computer
11/09/2005 12:29 <REP> Help
11/09/2005 12:01 <REP> Identities
10/09/2005 15:53 <REP> Microsoft
03/12/2005 12:12 <REP> Mozilla
17/09/2005 16:37 <REP> Shareaza
06/07/2006 19:49 <REP> TechSmith
11/09/2005 15:43 235ÿ008 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
10/09/2005 22:05 33ÿ704 GDIPFONTCACHEV1.DAT
05/02/2006 15:02 2ÿ644ÿ274 IconCache.db
3 fichier(s) 2ÿ912ÿ986 octets
11 R‚p(s) 47ÿ908ÿ728ÿ832 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\WINDOWS\system32\config\systemprofile\Application Data

10/09/2005 15:43 <REP> .
10/09/2005 15:43 <REP> ..
10/09/2005 15:43 <REP> Microsoft
10/09/2005 15:43 62 desktop.ini
1 fichier(s) 62 octets
3 R‚p(s) 47ÿ908ÿ728ÿ832 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data

10/09/2005 15:43 <REP> .
10/09/2005 15:43 <REP> ..
10/09/2005 15:43 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 47ÿ908ÿ724ÿ736 octets libres

******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\WINDOWS\Tasks

28/05/2006 11:50 366 Symantec NetDetect.job
10/09/2005 15:50 6 SA.DAT
10/09/2005 15:39 65 desktop.ini
10/09/2005 15:39 <REP> ..
10/09/2005 15:39 <REP> .
3 fichier(s) 437 octets
2 R‚p(s) 47ÿ908ÿ724ÿ736 octets libres

******************************************
## Répertoires de Program files

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Program Files

11/02/2007 13:01 <REP> .
11/02/2007 13:01 <REP> ..
19/04/2006 22:10 <REP> 3ivx
16/01/2007 20:42 <REP> acenotes free
17/09/2005 16:00 <REP> Adobe
17/08/2006 10:28 <REP> Ahead
28/01/2007 16:55 <REP> Alwil Software
10/09/2005 10:59 <REP> AMD
26/11/2005 16:53 <REP> Anuman Interactive
10/12/2006 14:55 <REP> Archos MP4SP
05/11/2005 20:25 <REP> ASUSTek
17/09/2006 08:34 <REP> AudioCDMagic
15/08/2006 15:25 <REP> AvantGo Connect
03/03/2006 23:39 <REP> AVI MPEG RM WMV Joiner
15/04/2006 23:15 <REP> AviSynth 2.5
10/09/2005 10:58 <REP> AvRack
30/01/2007 19:11 <REP> Azureus
07/04/2006 20:41 <REP> BitComet
06/07/2006 19:19 <REP> CamStudio
08/10/2005 17:27 <REP> Canon
27/01/2007 12:53 <REP> CCleaner
16/09/2006 11:34 <REP> CDex_150
13/09/2005 18:53 <REP> CityPokeTest
16/01/2007 20:43 <REP> Common Files
10/09/2005 15:39 <REP> ComPlus Applications
16/09/2006 11:28 <REP> CREATIVE
05/11/2005 20:26 <REP> CyberLink
17/09/2006 08:26 <REP> Dealio
13/11/2005 19:06 <REP> directx
22/01/2007 20:18 <REP> DivX
24/04/2006 22:06 <REP> DivXMachine II
15/04/2006 22:29 <REP> DVD Shrink
16/09/2005 21:10 <REP> Elaborate Bytes
17/08/2006 13:40 <REP> eMule
11/02/2007 12:25 <REP> ESET
10/02/2007 20:07 <REP> ewido anti-spyware 4.0
13/05/2006 19:00 <REP> FairUse Wizard 2
15/04/2006 23:15 <REP> ffvfw
10/02/2007 08:17 <REP> Fichiers communs
05/02/2006 19:37 <REP> FlashGet
10/09/2005 11:19 <REP> GigaByte
14/04/2006 06:52 <REP> Google
13/09/2005 22:00 <REP> Imprimante canon
16/12/2006 22:21 <REP> Internet Explorer
03/09/2006 17:56 <REP> Intuisphere
13/02/2006 23:29 <REP> Java
11/02/2007 13:01 <REP> Jetico
07/05/2006 09:52 <REP> Juice
26/02/2006 12:41 <REP> Lavalys
11/02/2007 11:32 <REP> LimeWire
28/05/2006 11:49 <REP> LiveUpdate Administration
17/09/2006 08:27 <REP> Logitech
10/09/2006 10:26 <REP> Macromedia
10/09/2005 10:57 <REP> Marvell
16/01/2007 20:42 <REP> mediaring talk
10/09/2005 12:01 <REP> Messenger
17/08/2006 11:47 <REP> Micro Application
02/09/2006 09:29 <REP> Microsoft ActiveSync
10/09/2005 15:42 <REP> microsoft frontpage
02/09/2006 09:28 <REP> Microsoft Office
02/09/2006 09:34 <REP> Microsoft Visual Studio
19/08/2006 19:03 <REP> MixMeister BPM Analyzer
25/04/2006 13:10 <REP> Monkey's Audio
16/04/2006 01:17 <REP> Morgan
10/09/2005 15:39 <REP> Movie Maker
11/02/2007 20:39 <REP> Mozilla Firefox
10/09/2005 15:37 <REP> MSN
10/09/2005 15:38 <REP> MSN Gaming Zone
15/11/2006 19:55 <REP> MSXML 4.0
20/06/2006 19:06 <REP> MUSK Codec Pack v5
03/12/2005 10:33 <REP> Nero
10/09/2005 15:39 <REP> NetMeeting
24/11/2005 19:56 <REP> Nokia
05/06/2006 09:40 <REP> Norton Internet Security
10/09/2005 16:23 <REP> NVIDIA Corporation
01/10/2005 10:42 <REP> On2 Technologies
10/09/2005 15:38 <REP> Online Services
16/12/2006 22:20 <REP> Outlook Express
18/09/2006 17:45 <REP> PhotoDeluxe 2.0
29/08/2006 18:38 <REP> Piolet
05/03/2006 12:01 <REP> QuickTime
21/01/2007 11:32 <REP> Radio Fr Solo
16/09/2005 21:06 <REP> Real
10/09/2005 10:58 <REP> Realtek Sound Manager
02/09/2006 19:40 <REP> REFERENCE SOFTWARE
16/04/2006 01:16 <REP> Rippackv3
10/09/2005 15:40 <REP> Services en ligne
24/06/2006 10:12 <REP> Siber Systems
10/11/2005 23:06 <REP> Skype
21/01/2007 19:38 <REP> SlySoft
31/12/2006 11:58 <REP> Softwin
19/02/2006 18:14 <REP> SP2 Connection Patcher
19/02/2006 19:08 <REP> Spybot - Search & Destroy
11/02/2007 19:41 <REP> Steam
09/07/2006 11:30 <REP> TechSmith
28/10/2005 18:26 <REP> Ulead Systems
28/10/2006 08:09 <REP> vanBasco's Karaoke Player
08/01/2007 20:23 <REP> VideoLAN
19/08/2006 19:09 <REP> VirtualDJ
25/04/2006 08:53 <REP> VirtualDub
11/02/2007 12:12 <REP> VSAdd-in
09/10/2005 11:15 <REP> vso
19/02/2006 18:54 <REP> Wanadoo
15/09/2005 18:47 <REP> Warez P2P Client
08/05/2006 09:43 <REP> Winamp
15/04/2006 22:50 <REP> WinAVIVideoConverter
06/07/2006 19:48 <REP> Windows Media Components
21/12/2006 10:28 <REP> Windows Media Connect 2
21/12/2006 20:35 <REP> Windows Media Player
10/09/2005 15:38 <REP> Windows NT
05/11/2005 10:54 <REP> WinMX
09/07/2006 13:55 <REP> WinPcap
16/09/2005 21:56 <REP> WinRAR
16/07/2006 14:49 <REP> WinZip
10/07/2006 20:06 <REP> WM Recorder 10.2
10/09/2005 15:42 <REP> xerox
10/12/2006 14:18 <REP> XviD
27/01/2007 12:53 <REP> Yahoo!
0 fichier(s) 0 octets
118 R‚p(s) 47ÿ908ÿ720ÿ640 octets libres

******************************************
## Popups autorisées

* Internet Explorer

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow

* Mozilla Firefox (1 autorisé 2 interdit)

---------- C:\DOCUMENTS AND SETTINGS\PASCAL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R15UP8KJ.DEFAULT\HOSTPERM.1
host popup 1 www.newpct.com
host popup 1 www.fr.ford.be
host popup 1 www.parier.pmu.fr
host popup 1 banner.casinotropez.com

******************************************
## Registre

* [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
coal funk REG_SZ C:\DOCUME~1\PASCAL\APPLIC~1\CITYPO~1\Soapview.exe

* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
command REG_SZ C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\PASCAL\Local Settings\Application Data\wdokbye.dll",bpzgoi

******************************************
## Zones de sécurité

* HKCU Domains (4)

* P3P History (5)

******************************************
## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif"

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\WINDOWS

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\WINDOWS


*************** Fin du rapport ****************
Rapport fait à 22:05:30,71 le 15/02/2007

******************************************
## Répertoires Application Data

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\Administrateur\Application Data

28/05/2006 12:14 <REP> .
28/05/2006 12:14 <REP> ..
28/05/2006 12:14 <REP> Microsoft
28/05/2006 12:14 62 desktop.ini
1 fichier(s) 62 octets
3 R‚p(s) 47ÿ877ÿ009ÿ408 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\Administrateur\Local Settings\Application Data

28/05/2006 12:14 <REP> .
28/05/2006 12:14 <REP> ..
28/05/2006 12:14 <REP> Microsoft
09/09/2006 18:50 3ÿ584 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
1 fichier(s) 3ÿ584 octets
3 R‚p(s) 47ÿ877ÿ009ÿ408 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\All Users\Application Data

10/09/2005 17:23 <REP> .
10/09/2005 17:23 <REP> ..
17/09/2005 16:00 <REP> Adobe
31/10/2005 11:25 <REP> Ahead
05/03/2006 12:01 <REP> Apple Computer
05/11/2005 20:26 <REP> CyberLink
15/04/2006 22:29 <REP> DVD Shrink
10/09/2006 10:26 <REP> Macromedia
10/09/2005 17:23 <REP> Microsoft
11/09/2005 10:13 <REP> nView_Profiles
01/10/2005 10:41 <REP> QuickTime
13/09/2005 18:53 <REP> RoadTheMealBat
27/05/2006 15:41 <REP> RoboForm
10/11/2005 23:06 <REP> Skype
16/09/2005 20:58 <REP> Spybot - Search & Destroy
11/09/2005 08:25 <REP> Symantec
09/07/2006 11:30 <REP> TechSmith
28/10/2005 18:26 <REP> Ulead Systems
13/11/2005 18:53 <REP> vidcap
10/09/2005 11:48 <REP> Windows Genuine Advantage
27/01/2007 16:35 <REP> Yahoo! Companion
10/09/2005 17:25 62 desktop.ini
05/03/2006 12:03 1ÿ767 QTSBandwidthCache
2 fichier(s) 1ÿ829 octets
21 R‚p(s) 47ÿ877ÿ009ÿ408 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\Default User\Application Data

10/09/2005 17:23 <REP> .
10/09/2005 17:23 <REP> ..
10/09/2005 17:23 <REP> Microsoft
10/09/2005 17:25 62 desktop.ini
1 fichier(s) 62 octets
3 R‚p(s) 47ÿ877ÿ009ÿ408 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\Default User\Local Settings\Application Data

10/09/2005 17:25 <REP> .
10/09/2005 17:25 <REP> ..
10/09/2005 15:41 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 47ÿ877ÿ009ÿ408 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\LocalService\Application Data

10/09/2005 15:50 <REP> .
10/09/2005 15:50 <REP> ..
10/09/2005 15:50 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 47ÿ877ÿ009ÿ408 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data

10/09/2005 15:50 <REP> .
10/09/2005 15:50 <REP> ..
10/09/2005 15:50 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 47ÿ877ÿ005ÿ312 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\NetworkService\Application Data

10/09/2005 15:44 <REP> .
10/09/2005 15:44 <REP> ..
10/09/2005 15:44 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 47ÿ877ÿ005ÿ312 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data

10/09/2005 15:44 <REP> .
10/09/2005 15:44 <REP> ..
10/09/2005 15:44 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 47ÿ877ÿ005ÿ312 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\PASCAL\Application Data

10/09/2005 15:53 <REP> .
10/09/2005 15:53 <REP> ..
14/08/2006 11:19 <REP> .BitTornado
17/09/2005 15:05 <REP> .bittorrent
17/09/2005 16:01 <REP> Adobe
17/09/2005 16:03 <REP> AdobeUM
01/11/2005 20:02 <REP> Ahead
05/03/2006 12:03 <REP> Apple Computer
17/09/2005 14:37 <REP> Azureus
13/09/2005 18:53 <REP> CityPokeTest
20/09/2005 17:58 <REP> CyberLink
19/11/20
0
romanza Messages postés 250 Date d'inscription samedi 27 janvier 2007 Statut Membre Dernière intervention 4 octobre 2021 2
11 févr. 2007 à 18:20
Salut,


J'ai installé un nouvel antivirus NOD 32 (j'ai désinstallé bitdefender 10).

A priori, il m'a fait un sacré ménage.

J'ai donc refait un Hijack que je te soumets :


Logfile of HijackThis v1.99.1
Scan saved at 18:15:53, on 11/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\dllzzvyj.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\scmdcon.exe
C:\WINDOWS\system32\cstatvmq.exe
C:\WINDOWS\system32\gmonstml.exe
C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\amcxlss.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\PASCAL\Bureau\CCM.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C9678E2-77AC-4CAD-89EA-9E3F980C73C4} - C:\WINDOWS\system32\efccdby.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\wtjgkwrg.dll (file missing)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {96BB057A-ABBF-4FAC-A5BA-A9FBB0D20ACA} - C:\WINDOWS\system32\jkklj.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.EXE
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [lmjvservc] dllzzvyj.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ddsysmns] C:\WINDOWS\system32\scmdcon.exe
O4 - HKLM\..\Run: [nvcdllx] C:\WINDOWS\system32\cstatvmq.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\nouicsyp.dll",setvm
O4 - HKLM\..\Run: [kdmmcvs] C:\WINDOWS\system32\gmonstml.exe
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"
O4 - HKCU\..\Run: [coal funk] C:\DOCUME~1\PASCAL\APPLIC~1\CITYPO~1\Soapview.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [lvcdmsys] C:\WINDOWS\system32\amcxlss.exe
O4 - HKCU\..\Run: [ddsysmns] C:\WINDOWS\system32\scmdcon.exe
O4 - HKCU\..\Run: [nvcdllx] C:\WINDOWS\system32\cstatvmq.exe
O4 - HKCU\..\Run: [kdmmcvs] C:\WINDOWS\system32\gmonstml.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: (no name) - {A4F64D63-3576-4754-8DD5-4D0A49345FD5} - (no file) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O20 - Winlogon Notify: efccdby - C:\WINDOWS\SYSTEM32\efccdby.dll
O20 - Winlogon Notify: jkklj - C:\WINDOWS\system32\jkklj.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: app_filter - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
0
green day Messages postés 26364 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 165
11 févr. 2007 à 18:46
re

de nouvelles lignes sont apparues ...

tu n'as pas fais la manip du poste 28 ???

Même manip que precedement avec quelques ajouts :


1) Affiche les dossiers système et fichiers cachés :
Ouvrir le poste de travail
- Outils --> Options des dossiers
- Affichage --> zone Paramètres avancés
- Cocher : Afficher le contenu des dossiers système
- Cocher : Afficher les fichiers et dossiers cachés
- Décocher : Masquer les extensions des fichiers dont le type est connu
- Décocher : Masquer les fichiers protégés du système d'exploitation (recommandé)
répondre Oui au message
Clique sur "Appliquer à tous les dossiers"
Clique sur OK

2) Désactiver la Restauration du système

* Cliquez sur le bouton Démarrer.
* Cliquez avec le bouton droit de la souris sur Poste de travail puis cliquez sur Propriétés.
* Dans l'onglet Restauration du système, sélectionnez l'option Désactiver la Restauration du système ou Désactiver la Restauration du système sur tous les lecteurs

( tu pourras la réactivé à la fin de la manip )


3) Relance hijackthis :

choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :

O2 - BHO: (no name) - {1C9678E2-77AC-4CAD-89EA-9E3F980C73C4} - C:\WINDOWS\system32\efccdby.dll

O2 - BHO: (no name) - {EC069314-572E-4C2A-B645-46340EC78C31} - C:\WINDOWS\system32\jkklj.dll


O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\wtjgkwrg.dll (file missing)

O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit


O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [lmjvservc] dllzzvyj.exe

O4 - HKLM\..\Run: [ddsysmns] C:\WINDOWS\system32\scmdcon.exe
O4 - HKLM\..\Run: [nvcdllx] C:\WINDOWS\system32\cstatvmq.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\nouicsyp.dll",setvm
O4 - HKLM\..\Run: [kdmmcvs] C:\WINDOWS\system32\gmonstml.exe

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [lvcdmsys] C:\WINDOWS\system32\amcxlss.exe
O4 - HKCU\..\Run: [ddsysmns] C:\WINDOWS\system32\scmdcon.exe
O4 - HKCU\..\Run: [nvcdllx] C:\WINDOWS\system32\cstatvmq.exe
O4 - HKCU\..\Run: [kdmmcvs] C:\WINDOWS\system32\gmonstml.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html


O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/default.aspx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab

O20 - Winlogon Notify: efccdby - C:\WINDOWS\SYSTEM32\efccdby.dll
O20 - Winlogon Notify: jkklj - C:\WINDOWS\system32\jkklj.dll

O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)


4) Télécharge Killbox sur ton Bureau :

http://www.downloads.subratam.org/KillBox.exe

Double-clique killbox.exe.

Copie le texte gras ci-bas (sélectionne tout avec ta souris, clic-droit et "Copier") :

C:\WINDOWS\SYSTEM32\efccdby.dll
C:\WINDOWS\system32\jkklj.dll
C:\WINDOWS\system32\wtjgkwrg.dll
C:\WINDOWS\system32\amcxlss.exe
C:\WINDOWS\system32\scmdcon.exe
C:\WINDOWS\system32\cstatvmq.exe
C:\WINDOWS\system32\nouicsyp.dll
C:\WINDOWS\system32\gmonstml.exe
C:\WINDOWS\system32\amcxlss.exe
winjyp32.dll
dllzzvyj.exe




* Sélectionnz "delete on reboot"
* Cliquez sur le menu "File" -> "Past from clip board"
* Cliquez sur All Files
* Cliquez sur la croix rouge et et blanche
* Répondez yes et laisse redémarrer ton pc.
*poste un nouveau blacklight

cf démo : http://mickael.barroux.free.fr/securite/killbox.html


passe un coup de ccleaner + cleanup :

* CleanUp40 (qui élimine les fichiers temporaires + cookies : gratuit )
http://pageperso.aol.fr/Balltrap34/CleanUp40.exe

tuto : (merci à Balltrap) http://pageperso.aol.fr/balltrap34/democleanup.htm


5) Télécharge LopxpMH sur ton Bureau.

http://perso.numericable.fr/~altshift/Info/Fichiers/lopxpMH2.zip

Dézippe-le (clic droit >> Extraire ici) et double clique sur le fichier lopxpMH.bat.

Poste le contenu du rapport stp


6) fais ceci :

HijackThis -> Open the misc tools sections -> open Uninstall manager -> clique sur "Save list" -> enregistre le fichier -> fais-en un copier/coller ici.


@+


0
romanza Messages postés 250 Date d'inscription samedi 27 janvier 2007 Statut Membre Dernière intervention 4 octobre 2021 2
11 févr. 2007 à 20:45
02/11/07 20:30:15 [Info]: BlackLight Engine 1.0.55 initialized
02/11/07 20:30:15 [Info]: OS: 5.1 build 2600 (Service Pack 2)
02/11/07 20:30:15 [Note]: 7019 4
02/11/07 20:30:15 [Note]: 7005 0
02/11/07 20:30:49 [Note]: 7006 0
02/11/07 20:30:49 [Note]: 7011 312
02/11/07 20:30:57 [Note]: 7026 0
02/11/07 20:30:57 [Note]: 7026 0
02/11/07 20:31:02 [Note]: FSRAW library version 1.7.1021
02/11/07 20:38:17 [Note]: 7007 0




Rapport fait à 20:42:18,92 le 11/02/2007

******************************************
## Répertoires Application Data

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\Administrateur\Application Data

28/05/2006 12:14 <REP> .
28/05/2006 12:14 <REP> ..
28/05/2006 12:14 <REP> Microsoft
28/05/2006 12:14 62 desktop.ini
1 fichier(s) 62 octets
3 R‚p(s) 47ÿ908ÿ737ÿ024 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\Administrateur\Local Settings\Application Data

28/05/2006 12:14 <REP> .
28/05/2006 12:14 <REP> ..
28/05/2006 12:14 <REP> Microsoft
09/09/2006 18:50 3ÿ584 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
1 fichier(s) 3ÿ584 octets
3 R‚p(s) 47ÿ908ÿ732ÿ928 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\All Users\Application Data

10/09/2005 17:23 <REP> .
10/09/2005 17:23 <REP> ..
17/09/2005 16:00 <REP> Adobe
31/10/2005 11:25 <REP> Ahead
05/03/2006 12:01 <REP> Apple Computer
05/11/2005 20:26 <REP> CyberLink
15/04/2006 22:29 <REP> DVD Shrink
10/09/2006 10:26 <REP> Macromedia
10/09/2005 17:23 <REP> Microsoft
11/09/2005 10:13 <REP> nView_Profiles
01/10/2005 10:41 <REP> QuickTime
13/09/2005 18:53 <REP> RoadTheMealBat
27/05/2006 15:41 <REP> RoboForm
10/11/2005 23:06 <REP> Skype
16/09/2005 20:58 <REP> Spybot - Search & Destroy
11/09/2005 08:25 <REP> Symantec
09/07/2006 11:30 <REP> TechSmith
28/10/2005 18:26 <REP> Ulead Systems
13/11/2005 18:53 <REP> vidcap
10/09/2005 11:48 <REP> Windows Genuine Advantage
27/01/2007 16:35 <REP> Yahoo! Companion
10/09/2005 17:25 62 desktop.ini
05/03/2006 12:03 1ÿ767 QTSBandwidthCache
2 fichier(s) 1ÿ829 octets
21 R‚p(s) 47ÿ908ÿ732ÿ928 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\Default User\Application Data

10/09/2005 17:23 <REP> .
10/09/2005 17:23 <REP> ..
10/09/2005 17:23 <REP> Microsoft
10/09/2005 17:25 62 desktop.ini
1 fichier(s) 62 octets
3 R‚p(s) 47ÿ908ÿ732ÿ928 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\Default User\Local Settings\Application Data

10/09/2005 17:25 <REP> .
10/09/2005 17:25 <REP> ..
10/09/2005 15:41 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 47ÿ908ÿ732ÿ928 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\LocalService\Application Data

10/09/2005 15:50 <REP> .
10/09/2005 15:50 <REP> ..
10/09/2005 15:50 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 47ÿ908ÿ732ÿ928 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data

10/09/2005 15:50 <REP> .
10/09/2005 15:50 <REP> ..
10/09/2005 15:50 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 47ÿ908ÿ732ÿ928 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\NetworkService\Application Data

10/09/2005 15:44 <REP> .
10/09/2005 15:44 <REP> ..
10/09/2005 15:44 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 47ÿ908ÿ728ÿ832 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data

10/09/2005 15:44 <REP> .
10/09/2005 15:44 <REP> ..
10/09/2005 15:44 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 47ÿ908ÿ728ÿ832 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\PASCAL\Application Data

10/09/2005 15:53 <REP> .
10/09/2005 15:53 <REP> ..
14/08/2006 11:19 <REP> .BitTornado
17/09/2005 15:05 <REP> .bittorrent
17/09/2005 16:01 <REP> Adobe
17/09/2005 16:03 <REP> AdobeUM
01/11/2005 20:02 <REP> Ahead
05/03/2006 12:03 <REP> Apple Computer
17/09/2005 14:37 <REP> Azureus
13/09/2005 18:53 <REP> CityPokeTest
20/09/2005 17:58 <REP> CyberLink
19/11/2005 12:19 <REP> eConf
15/09/2005 19:26 <REP> Google
11/09/2005 12:29 <REP> Help
10/09/2005 15:53 <REP> Identities
13/09/2005 18:53 <REP> INTERNET DENT
15/04/2006 19:44 <REP> InterVideo
07/05/2006 09:52 <REP> iPodder
11/02/2007 13:06 <REP> Jetico Personal Firewall
21/01/2007 12:46 <REP> Lavasoft
10/09/2005 22:07 <REP> Macromedia
10/09/2005 15:53 <REP> Microsoft
03/12/2005 12:12 <REP> Mozilla
16/09/2005 21:06 <REP> Real
11/02/2007 12:08 <REP> SearchToolbarCorp
17/09/2005 16:37 <REP> Shareaza
10/11/2005 23:06 <REP> Skype
17/09/2005 14:37 <REP> Sun
11/09/2005 08:25 <REP> Symantec
28/10/2005 18:28 <REP> Ulead Systems
08/04/2006 17:02 <REP> uTorrent
08/01/2007 20:24 <REP> vlc
10/09/2005 15:53 62 desktop.ini
17/07/2006 21:00 33ÿ704 GDIPFONTCACHEV1.DAT
2 fichier(s) 33ÿ766 octets
32 R‚p(s) 47ÿ908ÿ728ÿ832 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Documents and Settings\PASCAL\Local Settings\Application Data

10/09/2005 15:53 <REP> .
10/09/2005 15:53 <REP> ..
17/09/2005 16:03 <REP> Adobe
01/11/2005 22:44 <REP> Ahead
05/03/2006 12:03 <REP> Apple Computer
11/09/2005 12:29 <REP> Help
11/09/2005 12:01 <REP> Identities
10/09/2005 15:53 <REP> Microsoft
03/12/2005 12:12 <REP> Mozilla
17/09/2005 16:37 <REP> Shareaza
06/07/2006 19:49 <REP> TechSmith
11/09/2005 15:43 235ÿ008 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
10/09/2005 22:05 33ÿ704 GDIPFONTCACHEV1.DAT
05/02/2006 15:02 2ÿ644ÿ274 IconCache.db
3 fichier(s) 2ÿ912ÿ986 octets
11 R‚p(s) 47ÿ908ÿ728ÿ832 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\WINDOWS\system32\config\systemprofile\Application Data

10/09/2005 15:43 <REP> .
10/09/2005 15:43 <REP> ..
10/09/2005 15:43 <REP> Microsoft
10/09/2005 15:43 62 desktop.ini
1 fichier(s) 62 octets
3 R‚p(s) 47ÿ908ÿ728ÿ832 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data

10/09/2005 15:43 <REP> .
10/09/2005 15:43 <REP> ..
10/09/2005 15:43 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 47ÿ908ÿ724ÿ736 octets libres

******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\WINDOWS\Tasks

28/05/2006 11:50 366 Symantec NetDetect.job
10/09/2005 15:50 6 SA.DAT
10/09/2005 15:39 65 desktop.ini
10/09/2005 15:39 <REP> ..
10/09/2005 15:39 <REP> .
3 fichier(s) 437 octets
2 R‚p(s) 47ÿ908ÿ724ÿ736 octets libres

******************************************
## Répertoires de Program files

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\Program Files

11/02/2007 13:01 <REP> .
11/02/2007 13:01 <REP> ..
19/04/2006 22:10 <REP> 3ivx
16/01/2007 20:42 <REP> acenotes free
17/09/2005 16:00 <REP> Adobe
17/08/2006 10:28 <REP> Ahead
28/01/2007 16:55 <REP> Alwil Software
10/09/2005 10:59 <REP> AMD
26/11/2005 16:53 <REP> Anuman Interactive
10/12/2006 14:55 <REP> Archos MP4SP
05/11/2005 20:25 <REP> ASUSTek
17/09/2006 08:34 <REP> AudioCDMagic
15/08/2006 15:25 <REP> AvantGo Connect
03/03/2006 23:39 <REP> AVI MPEG RM WMV Joiner
15/04/2006 23:15 <REP> AviSynth 2.5
10/09/2005 10:58 <REP> AvRack
30/01/2007 19:11 <REP> Azureus
07/04/2006 20:41 <REP> BitComet
06/07/2006 19:19 <REP> CamStudio
08/10/2005 17:27 <REP> Canon
27/01/2007 12:53 <REP> CCleaner
16/09/2006 11:34 <REP> CDex_150
13/09/2005 18:53 <REP> CityPokeTest
16/01/2007 20:43 <REP> Common Files
10/09/2005 15:39 <REP> ComPlus Applications
16/09/2006 11:28 <REP> CREATIVE
05/11/2005 20:26 <REP> CyberLink
17/09/2006 08:26 <REP> Dealio
13/11/2005 19:06 <REP> directx
22/01/2007 20:18 <REP> DivX
24/04/2006 22:06 <REP> DivXMachine II
15/04/2006 22:29 <REP> DVD Shrink
16/09/2005 21:10 <REP> Elaborate Bytes
17/08/2006 13:40 <REP> eMule
11/02/2007 12:25 <REP> ESET
10/02/2007 20:07 <REP> ewido anti-spyware 4.0
13/05/2006 19:00 <REP> FairUse Wizard 2
15/04/2006 23:15 <REP> ffvfw
10/02/2007 08:17 <REP> Fichiers communs
05/02/2006 19:37 <REP> FlashGet
10/09/2005 11:19 <REP> GigaByte
14/04/2006 06:52 <REP> Google
13/09/2005 22:00 <REP> Imprimante canon
16/12/2006 22:21 <REP> Internet Explorer
03/09/2006 17:56 <REP> Intuisphere
13/02/2006 23:29 <REP> Java
11/02/2007 13:01 <REP> Jetico
07/05/2006 09:52 <REP> Juice
26/02/2006 12:41 <REP> Lavalys
11/02/2007 11:32 <REP> LimeWire
28/05/2006 11:49 <REP> LiveUpdate Administration
17/09/2006 08:27 <REP> Logitech
10/09/2006 10:26 <REP> Macromedia
10/09/2005 10:57 <REP> Marvell
16/01/2007 20:42 <REP> mediaring talk
10/09/2005 12:01 <REP> Messenger
17/08/2006 11:47 <REP> Micro Application
02/09/2006 09:29 <REP> Microsoft ActiveSync
10/09/2005 15:42 <REP> microsoft frontpage
02/09/2006 09:28 <REP> Microsoft Office
02/09/2006 09:34 <REP> Microsoft Visual Studio
19/08/2006 19:03 <REP> MixMeister BPM Analyzer
25/04/2006 13:10 <REP> Monkey's Audio
16/04/2006 01:17 <REP> Morgan
10/09/2005 15:39 <REP> Movie Maker
11/02/2007 20:39 <REP> Mozilla Firefox
10/09/2005 15:37 <REP> MSN
10/09/2005 15:38 <REP> MSN Gaming Zone
15/11/2006 19:55 <REP> MSXML 4.0
20/06/2006 19:06 <REP> MUSK Codec Pack v5
03/12/2005 10:33 <REP> Nero
10/09/2005 15:39 <REP> NetMeeting
24/11/2005 19:56 <REP> Nokia
05/06/2006 09:40 <REP> Norton Internet Security
10/09/2005 16:23 <REP> NVIDIA Corporation
01/10/2005 10:42 <REP> On2 Technologies
10/09/2005 15:38 <REP> Online Services
16/12/2006 22:20 <REP> Outlook Express
18/09/2006 17:45 <REP> PhotoDeluxe 2.0
29/08/2006 18:38 <REP> Piolet
05/03/2006 12:01 <REP> QuickTime
21/01/2007 11:32 <REP> Radio Fr Solo
16/09/2005 21:06 <REP> Real
10/09/2005 10:58 <REP> Realtek Sound Manager
02/09/2006 19:40 <REP> REFERENCE SOFTWARE
16/04/2006 01:16 <REP> Rippackv3
10/09/2005 15:40 <REP> Services en ligne
24/06/2006 10:12 <REP> Siber Systems
10/11/2005 23:06 <REP> Skype
21/01/2007 19:38 <REP> SlySoft
31/12/2006 11:58 <REP> Softwin
19/02/2006 18:14 <REP> SP2 Connection Patcher
19/02/2006 19:08 <REP> Spybot - Search & Destroy
11/02/2007 19:41 <REP> Steam
09/07/2006 11:30 <REP> TechSmith
28/10/2005 18:26 <REP> Ulead Systems
28/10/2006 08:09 <REP> vanBasco's Karaoke Player
08/01/2007 20:23 <REP> VideoLAN
19/08/2006 19:09 <REP> VirtualDJ
25/04/2006 08:53 <REP> VirtualDub
11/02/2007 12:12 <REP> VSAdd-in
09/10/2005 11:15 <REP> vso
19/02/2006 18:54 <REP> Wanadoo
15/09/2005 18:47 <REP> Warez P2P Client
08/05/2006 09:43 <REP> Winamp
15/04/2006 22:50 <REP> WinAVIVideoConverter
06/07/2006 19:48 <REP> Windows Media Components
21/12/2006 10:28 <REP> Windows Media Connect 2
21/12/2006 20:35 <REP> Windows Media Player
10/09/2005 15:38 <REP> Windows NT
05/11/2005 10:54 <REP> WinMX
09/07/2006 13:55 <REP> WinPcap
16/09/2005 21:56 <REP> WinRAR
16/07/2006 14:49 <REP> WinZip
10/07/2006 20:06 <REP> WM Recorder 10.2
10/09/2005 15:42 <REP> xerox
10/12/2006 14:18 <REP> XviD
27/01/2007 12:53 <REP> Yahoo!
0 fichier(s) 0 octets
118 R‚p(s) 47ÿ908ÿ720ÿ640 octets libres

******************************************
## Popups autorisées

* Internet Explorer

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow

* Mozilla Firefox (1 autorisé 2 interdit)

---------- C:\DOCUMENTS AND SETTINGS\PASCAL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R15UP8KJ.DEFAULT\HOSTPERM.1
host popup 1 www.newpct.com
host popup 1 www.fr.ford.be
host popup 1 www.parier.pmu.fr
host popup 1 banner.casinotropez.com

******************************************
## Registre

* [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
coal funk REG_SZ C:\DOCUME~1\PASCAL\APPLIC~1\CITYPO~1\Soapview.exe

* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
command REG_SZ C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\PASCAL\Local Settings\Application Data\wdokbye.dll",bpzgoi

******************************************
## Zones de sécurité

* HKCU Domains (4)

* P3P History (5)

******************************************
## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif"

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\WINDOWS

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 10A6-E8E6

R‚pertoire de C:\WINDOWS


*************** Fin du rapport ****************







Logfile of HijackThis v1.99.1
Scan saved at 20:44:39, on 11/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\amcxlss.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\PASCAL\Bureau\CCM.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C9678E2-77AC-4CAD-89EA-9E3F980C73C4} - C:\WINDOWS\system32\efccdby.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B1368768-D895-4A94-A1E5-6C161B02A8D9} - C:\WINDOWS\system32\jkklj.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [coal funk] C:\DOCUME~1\PASCAL\APPLIC~1\CITYPO~1\Soapview.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [lvcdmsys] C:\WINDOWS\system32\amcxlss.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: (no name) - {A4F64D63-3576-4754-8DD5-4D0A49345FD5} - (no file) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O20 - Winlogon Notify: efccdby - C:\WINDOWS\SYSTEM32\efccdby.dll
O20 - Winlogon Notify: jkklj - C:\WINDOWS\system32\jkklj.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: app_filter - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
0
green day Messages postés 26364 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 165
11 févr. 2007 à 21:08
as tu fais la manip en entier ???

++
0