Sujet Précédent Sujet Suivant

Trojan dropper

Résolu
Margie01 Messages postés 10 Statut Membre -  
duflox Messages postés 2014 Statut Membre -
Bonjour

Voila mon souci. Tout les jours lors du démarrage de mon PC, j'ai une fenetre windows "preventionde l'execution de données" qui ferme un programme qu'on va appeler kjjppe.exe. (j'ai remarqué qu'a ce dossier est tjr attache un autre fichier du mm nom que l'executable mais c'est un fichier .pf)

Oui je dis qu'on va appeler car tt les jours le nom change. La premiere fois j'ai fait une recherche et j'ai effacé le fichier. Quand j'ai vu que cela ne suffisait pas, j'ai fait une analyse de mon pc avec spybot et A-quarred.

A-squarred identifie ces programmes comme des trojans et les a effacé je pensais que s'en etait fini mais non cela continue tt les jour j'ai un nouveau nom qui apparait.

Il semblerait donc qu'il y ait un programme tierce qui n'est pas detecté lui et qui crée ces noms bidon de fichier .exe.

Les fichier se trouvent tous ds ce repertoire C:\WINDOWS\Prefetch

Autre chose qui je ne sais si elle est en relation mais lorsque je consulte mes mail(via internet explorer) j'ai une fenetre pop up sur un site drive cleaner impossible d'enlever ce truc. Est ce en relation ou pas je ne sais pas. Biensur avec opera je n'ai pas ce souci. Tout ça est un peut confut mais je ne sais plus trop quoi faire et d'ou ça vient, etant donné que tt les logiciels de securité ont été ss effet pour le moment.

Merci de votre aide par avance

Margie

P.S: Mon pc est protege par un anti virus et un firewall à jour.
A voir également:

16 réponses

Réponse 1 / 16
duflox Messages postés 2014 Statut Membre 43
 
Tout d'abord Bonjour et bienvenue sur le forum d'entraide COMMENT CA MARCHE

télécharge HijackThis ici:
https://www.zebulon.fr/telechargements/securite/systeme/hijackthis.html

Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/Hijenr.gif

renomme hijackthis. en "scan" par exemple

Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum

Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm

Bon courage
0
Réponse 2 / 16
Margie01 Messages postés 10 Statut Membre
 
Voila comme tu me l'a demandéj'ai fait un scan.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:38:59, on 29/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Razer\razerhid.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Mcafee\MWL\MWLGui.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\usbhethw.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\Razer\razerofa.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nxosokrq.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mcafee\MWL\MwlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lwdklphe.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\a-squared Free\a2free.exe
C:\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\Pepso\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ARC] "C:\Program Files\McAfee\McAfee QuickClean\Uni.exe" /ARC:McAfee Personal Firewall Plus
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by129fd.bay129.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} (Pegasus ImagN' 32-bit (Windowed) ActiveX Control v4.00) - http://www.internationalbeerparty.com/video/NetCam.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/hardwaredetection.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15016/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: DomainService - - C:\WINDOWS\system32\usbhethw.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
0
Réponse 3 / 16
duflox Messages postés 2014 Statut Membre 43
 
Fais un clic droit sur ce lien :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Fais un clic droit sur navilog1.zip et choisis "tout extraire"
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
0
Réponse 4 / 16
Margie01 Messages postés 10 Statut Membre
 
Comme tu me l'as demandé, j'ai lançé l'analyse. Voila le rapport:

Search Navipromo version 2.0.9 commencé le 29/08/2007 à 18:07:00,70

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 20.08.2007 a 22h30 by IL-MAFIOSO

Executé en mode normal

*** Recherche Programmes installes ***

*** Recherche dossiers dans C:\WINDOWS ***

*** Recherche dossiers dans C:\Program Files ***

*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***

*** Recherche dossiers dans C:\Documents and Settings\Pepso\Application Data ***

*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
https://www.f-secure.com/en

F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================

Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of October, 2007.
Version information: 2.2.1064.

[+] Started on 08/29/07 at 18:07:04.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items .....................................................................................................................................................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 08/29/07 at 18:26:55 (return code = 0).

*** Recherche avec GenericNaviSearch ***
!!! Tous Ces résultats peuvent révéler des fichiers légitimes !!!
!!! A verifier impérativement avant toute suppression manuelle !!!

Fichiers trouvés :

Aucun Fichier trouvé !

Fichiers suspects :

C:\WINDOWS\system32\efcdddb.exe trouvé !
C:\WINDOWS\prefetch\efcdddb*.pf trouvé !
C:\WINDOWS\system32\fccdbxu.exe trouvé !
C:\WINDOWS\prefetch\fccdbxu*.pf trouvé !
C:\WINDOWS\system32\jkkkkli.exe trouvé !
C:\WINDOWS\system32\khfeeeb.exe trouvé !
C:\WINDOWS\system32\mljjgde.exe trouvé !
C:\WINDOWS\prefetch\mljjgde*.pf trouvé !
C:\WINDOWS\system32\opnnlki.exe trouvé !
C:\WINDOWS\prefetch\opnnlki*.pf trouvé !
C:\WINDOWS\system32\pmnoomj.exe trouvé !
C:\WINDOWS\prefetch\pmnoomj*.pf trouvé !
C:\WINDOWS\system32\qomlljg.exe trouvé !
C:\WINDOWS\system32\ssqpppn.exe trouvé !
C:\WINDOWS\system32\vtuutst.exe trouvé !

*** Recherche fichiers ***

*** Recherche cles registre ***

Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]

Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]

Recherche Clé Magic Control

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

C:\WINDOWS\system32\cccdd.ini2 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\whfracuv.ini2 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\xjkvqbxx.ini2 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\cccdd.bak1 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\srqss.bak1 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\cccdd.bak2 trouvé ! infection Vundo possible non traité par cet outil !

2)Recherche Heuristique :
*
**
***
****
*****
******
*******
********
C:\WINDOWS\system32\dlebiudx.exe trouvé !
C:\WINDOWS\system32\fxbswibp.exe trouvé !
C:\WINDOWS\system32\hjudafhw.exe trouvé !
C:\WINDOWS\system32\iaqntkvq.exe trouvé !
C:\WINDOWS\system32\jiqywkpg.exe trouvé !
C:\WINDOWS\system32\jnkeqkiq.exe trouvé !
C:\WINDOWS\system32\kgtdajwc.exe trouvé !
C:\WINDOWS\system32\kppvwsus.exe trouvé !
C:\WINDOWS\system32\lmcwonuq.exe trouvé !
C:\WINDOWS\system32\lwdklphe.exe trouvé !
C:\WINDOWS\system32\mhqnvmyh.exe trouvé !
C:\WINDOWS\system32\nxosokrq.exe trouvé !
C:\WINDOWS\system32\oyuofegm.exe trouvé !
C:\WINDOWS\system32\rofngxeb.exe trouvé !
C:\WINDOWS\system32\toajkcgb.exe trouvé !
C:\WINDOWS\system32\uiwdcgtw.exe trouvé !
C:\WINDOWS\system32\usbhethw.exe trouvé !

3)Recherche Certificats :

Certificat Egroup absent !

*** Analyse Terminé le 29/08/2007 à 18:27:54,26 ***

Merci de ta patience et du temps passé sr mon problème.

Margie
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 16
duflox Messages postés 2014 Statut Membre 43
 
Double clique sur le raccourci Navilog1 présent sur le bureau et laisse-toi guider.
Au menu principal, choisis 2 et valide.

Le fix va t'informer qu'il va alors redémarrer ton PC
Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
Appuie sur une touche comme demandé.
(si ton Pc ne redémarre pas automatiquement, fais le toi même)
Au redémarrage de ton PC, choisis ta session habituelle.

Patiente jusqu'au message :
*** Nettoyage Termine le ..... ***
Le blocnote va s'ouvrir. Copie/colle le rapport sur le forum
Sauvegarde le rapport de manière à le retrouver
Referme le blocnote. Ton bureau va réapparaitre

PS:Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"
Tape explorer et valide. Celà te fera apparaitre ton bureau.

Ferme internet explorer puis Démarrer/panneau de configuration/options internet
- onglet "Contenu" puis onglet "Certificats" et si tu trouves ceci, en particulier dans "éditeurs approuvés", mais regarde ailleurs :
electronic-group
egroup
Montorgueil
VIP
"Sunny Day Design Ltd"
Tu les supprimes.

puis

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4

* Double-clique VundoFix.exe afin de le lancer.
* Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton Remove Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
* Démarre ton PC à nouveau.
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

Note Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
0
Réponse 6 / 16
Margie01 Messages postés 10 Statut Membre
 
Me revoila

Bon alors j'ai fait tt ce que tu m'as demandé et voila le resultat :)

Vfix:

VundoFix V6.5.7

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 19:01:07 29/08/2007

Listing files found while scanning....

C:\windows\system32\afwpsius.dll
C:\windows\system32\ajvtmyxk.ini
C:\windows\system32\asunpxme.dll
C:\windows\system32\bboxlfrf.dll
C:\windows\system32\bdraciik.dll
C:\windows\system32\beekrybx.ini
C:\windows\system32\cbcwrbvs.dll
C:\windows\system32\cbxpcuir.ini
C:\WINDOWS\system32\cccdd.bak1
C:\WINDOWS\system32\cccdd.ini
C:\WINDOWS\system32\cccdd.ini2
C:\WINDOWS\system32\cccdd.tmp
C:\windows\system32\ckkqvpbr.ini
C:\windows\system32\cmvnvxqr.dll
C:\windows\system32\cyrnitdb.dll
C:\WINDOWS\system32\ddccc.dll
C:\windows\system32\dsdpmuiq.ini
C:\windows\system32\dyieuxjq.ini
C:\windows\system32\egadeths.ini
C:\windows\system32\emxpnusa.ini
C:\windows\system32\fcahqyws.ini
C:\windows\system32\frflxobb.ini
C:\windows\system32\fyacvbbx.dll
C:\windows\system32\gcxxduog.ini
C:\WINDOWS\system32\gesosopp.dll
C:\windows\system32\goudxxcg.dll
C:\windows\system32\gvypjyeh.dll
C:\windows\system32\hauinuvj.ini
C:\windows\system32\heyjpyvg.ini
C:\windows\system32\jmaquyvv.dll
C:\windows\system32\jvuniuah.dll
C:\windows\system32\kiicardb.ini
C:\windows\system32\kxymtvja.dll
C:\windows\system32\mfbivfwm.ini
C:\windows\system32\mwfvibfm.dll
C:\windows\system32\nemnxsjb.dll
C:\windows\system32\ofpoyvyq.dll
C:\windows\system32\ojxjdbor.dll
C:\windows\system32\pbcunvsq.dll
C:\windows\system32\qeyjhujv.dll
C:\windows\system32\qhylbuns.ini
C:\windows\system32\qiumpdsd.dll
C:\windows\system32\qjxueiyd.dll
C:\windows\system32\qsvnucbp.ini
C:\WINDOWS\system32\qvvjaglr.dll
C:\windows\system32\qwvteoxw.ini
C:\windows\system32\qyvyopfo.ini
C:\windows\system32\rbpvqkkc.dll
C:\windows\system32\riucpxbc.dll
C:\windows\system32\robdjxjo.ini
C:\windows\system32\rqxvnvmc.ini
C:\windows\system32\shtedage.dll
C:\windows\system32\snublyhq.dll
C:\windows\system32\suispwfa.ini
C:\windows\system32\swqaefcy.dll
C:\windows\system32\swyqhacf.dll
C:\windows\system32\tcqcpsct.dll
C:\windows\system32\tcspcqct.ini
C:\windows\system32\tsluwaju.ini
C:\windows\system32\ujawulst.dll
C:\windows\system32\ulcqjrvy.dll
C:\WINDOWS\system32\uvuximqc.dll
C:\windows\system32\vjuhjyeq.ini
C:\windows\system32\vucarfhw.dll
C:\windows\system32\vvyuqamj.ini
C:\windows\system32\whfracuv.ini
C:\windows\system32\whfracuv.ini2
C:\windows\system32\wxoetvwq.dll
C:\windows\system32\xbbvcayf.ini
C:\windows\system32\xbyrkeeb.dll
C:\windows\system32\xjkvqbxx.ini
C:\windows\system32\xjkvqbxx.ini2
C:\windows\system32\xxbqvkjx.dll
C:\windows\system32\ycfeaqws.ini
C:\windows\system32\yvrjqclu.ini

Beginning removal...

Attempting to delete C:\windows\system32\afwpsius.dll
C:\windows\system32\afwpsius.dll Has been deleted!

Attempting to delete C:\windows\system32\ajvtmyxk.ini
C:\windows\system32\ajvtmyxk.ini Has been deleted!

Attempting to delete C:\windows\system32\asunpxme.dll
C:\windows\system32\asunpxme.dll Has been deleted!

Attempting to delete C:\windows\system32\bboxlfrf.dll
C:\windows\system32\bboxlfrf.dll Has been deleted!

Attempting to delete C:\windows\system32\bdraciik.dll
C:\windows\system32\bdraciik.dll Has been deleted!

Attempting to delete C:\windows\system32\beekrybx.ini
C:\windows\system32\beekrybx.ini Has been deleted!

Attempting to delete C:\windows\system32\cbcwrbvs.dll
C:\windows\system32\cbcwrbvs.dll Has been deleted!

Attempting to delete C:\windows\system32\cbxpcuir.ini
C:\windows\system32\cbxpcuir.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\cccdd.bak1
C:\WINDOWS\system32\cccdd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\cccdd.ini
C:\WINDOWS\system32\cccdd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\cccdd.ini2
C:\WINDOWS\system32\cccdd.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\cccdd.tmp
C:\WINDOWS\system32\cccdd.tmp Has been deleted!

Attempting to delete C:\windows\system32\ckkqvpbr.ini
C:\windows\system32\ckkqvpbr.ini Has been deleted!

Attempting to delete C:\windows\system32\cmvnvxqr.dll
C:\windows\system32\cmvnvxqr.dll Has been deleted!

Attempting to delete C:\windows\system32\cyrnitdb.dll
C:\windows\system32\cyrnitdb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddccc.dll
C:\WINDOWS\system32\ddccc.dll Has been deleted!

Attempting to delete C:\windows\system32\dsdpmuiq.ini
C:\windows\system32\dsdpmuiq.ini Has been deleted!

Attempting to delete C:\windows\system32\dyieuxjq.ini
C:\windows\system32\dyieuxjq.ini Has been deleted!

Attempting to delete C:\windows\system32\egadeths.ini
C:\windows\system32\egadeths.ini Has been deleted!

Attempting to delete C:\windows\system32\emxpnusa.ini
C:\windows\system32\emxpnusa.ini Has been deleted!

Attempting to delete C:\windows\system32\fcahqyws.ini
C:\windows\system32\fcahqyws.ini Has been deleted!

Attempting to delete C:\windows\system32\frflxobb.ini
C:\windows\system32\frflxobb.ini Has been deleted!

Attempting to delete C:\windows\system32\fyacvbbx.dll
C:\windows\system32\fyacvbbx.dll Has been deleted!

Attempting to delete C:\windows\system32\gcxxduog.ini
C:\windows\system32\gcxxduog.ini Has been deleted!

Attempting to delete C:\windows\system32\goudxxcg.dll
C:\windows\system32\goudxxcg.dll Has been deleted!

Attempting to delete C:\windows\system32\gvypjyeh.dll
C:\windows\system32\gvypjyeh.dll Has been deleted!

Attempting to delete C:\windows\system32\hauinuvj.ini
C:\windows\system32\hauinuvj.ini Has been deleted!

Attempting to delete C:\windows\system32\heyjpyvg.ini
C:\windows\system32\heyjpyvg.ini Has been deleted!

Attempting to delete C:\windows\system32\jmaquyvv.dll
C:\windows\system32\jmaquyvv.dll Has been deleted!

Attempting to delete C:\windows\system32\jvuniuah.dll
C:\windows\system32\jvuniuah.dll Has been deleted!

Attempting to delete C:\windows\system32\kiicardb.ini
C:\windows\system32\kiicardb.ini Has been deleted!

Attempting to delete C:\windows\system32\kxymtvja.dll
C:\windows\system32\kxymtvja.dll Has been deleted!

Attempting to delete C:\windows\system32\mfbivfwm.ini
C:\windows\system32\mfbivfwm.ini Has been deleted!

Attempting to delete C:\windows\system32\mwfvibfm.dll
C:\windows\system32\mwfvibfm.dll Has been deleted!

Attempting to delete C:\windows\system32\nemnxsjb.dll
C:\windows\system32\nemnxsjb.dll Has been deleted!

Attempting to delete C:\windows\system32\ofpoyvyq.dll
C:\windows\system32\ofpoyvyq.dll Has been deleted!

Attempting to delete C:\windows\system32\ojxjdbor.dll
C:\windows\system32\ojxjdbor.dll Has been deleted!

Attempting to delete C:\windows\system32\pbcunvsq.dll
C:\windows\system32\pbcunvsq.dll Has been deleted!

Attempting to delete C:\windows\system32\qeyjhujv.dll
C:\windows\system32\qeyjhujv.dll Has been deleted!

Attempting to delete C:\windows\system32\qhylbuns.ini
C:\windows\system32\qhylbuns.ini Has been deleted!

Attempting to delete C:\windows\system32\qiumpdsd.dll
C:\windows\system32\qiumpdsd.dll Has been deleted!

Attempting to delete C:\windows\system32\qjxueiyd.dll
C:\windows\system32\qjxueiyd.dll Has been deleted!

Attempting to delete C:\windows\system32\qsvnucbp.ini
C:\windows\system32\qsvnucbp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\qvvjaglr.dll
C:\WINDOWS\system32\qvvjaglr.dll Has been deleted!

Attempting to delete C:\windows\system32\qwvteoxw.ini
C:\windows\system32\qwvteoxw.ini Has been deleted!

Attempting to delete C:\windows\system32\qyvyopfo.ini
C:\windows\system32\qyvyopfo.ini Has been deleted!

Attempting to delete C:\windows\system32\rbpvqkkc.dll
C:\windows\system32\rbpvqkkc.dll Has been deleted!

Attempting to delete C:\windows\system32\riucpxbc.dll
C:\windows\system32\riucpxbc.dll Has been deleted!

Attempting to delete C:\windows\system32\robdjxjo.ini
C:\windows\system32\robdjxjo.ini Has been deleted!

Attempting to delete C:\windows\system32\rqxvnvmc.ini
C:\windows\system32\rqxvnvmc.ini Has been deleted!

Attempting to delete C:\windows\system32\shtedage.dll
C:\windows\system32\shtedage.dll Has been deleted!

Attempting to delete C:\windows\system32\snublyhq.dll
C:\windows\system32\snublyhq.dll Has been deleted!

Attempting to delete C:\windows\system32\suispwfa.ini
C:\windows\system32\suispwfa.ini Has been deleted!

Attempting to delete C:\windows\system32\swqaefcy.dll
C:\windows\system32\swqaefcy.dll Has been deleted!

Attempting to delete C:\windows\system32\swyqhacf.dll
C:\windows\system32\swyqhacf.dll Has been deleted!

Attempting to delete C:\windows\system32\tcqcpsct.dll
C:\windows\system32\tcqcpsct.dll Has been deleted!

Attempting to delete C:\windows\system32\tcspcqct.ini
C:\windows\system32\tcspcqct.ini Has been deleted!

Attempting to delete C:\windows\system32\tsluwaju.ini
C:\windows\system32\tsluwaju.ini Has been deleted!

Attempting to delete C:\windows\system32\ujawulst.dll
C:\windows\system32\ujawulst.dll Has been deleted!

Attempting to delete C:\windows\system32\ulcqjrvy.dll
C:\windows\system32\ulcqjrvy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\uvuximqc.dll
C:\WINDOWS\system32\uvuximqc.dll Has been deleted!

Attempting to delete C:\windows\system32\vjuhjyeq.ini
C:\windows\system32\vjuhjyeq.ini Has been deleted!

Attempting to delete C:\windows\system32\vucarfhw.dll
C:\windows\system32\vucarfhw.dll Has been deleted!

Attempting to delete C:\windows\system32\vvyuqamj.ini
C:\windows\system32\vvyuqamj.ini Has been deleted!

Attempting to delete C:\windows\system32\whfracuv.ini
C:\windows\system32\whfracuv.ini Has been deleted!

Attempting to delete C:\windows\system32\whfracuv.ini2
C:\windows\system32\whfracuv.ini2 Has been deleted!

Attempting to delete C:\windows\system32\wxoetvwq.dll
C:\windows\system32\wxoetvwq.dll Has been deleted!

Attempting to delete C:\windows\system32\xbbvcayf.ini
C:\windows\system32\xbbvcayf.ini Has been deleted!

Attempting to delete C:\windows\system32\xbyrkeeb.dll
C:\windows\system32\xbyrkeeb.dll Has been deleted!

Attempting to delete C:\windows\system32\xjkvqbxx.ini
C:\windows\system32\xjkvqbxx.ini Has been deleted!

Attempting to delete C:\windows\system32\xjkvqbxx.ini2
C:\windows\system32\xjkvqbxx.ini2 Has been deleted!

Attempting to delete C:\windows\system32\xxbqvkjx.dll
C:\windows\system32\xxbqvkjx.dll Has been deleted!

Attempting to delete C:\windows\system32\ycfeaqws.ini
C:\windows\system32\ycfeaqws.ini Has been deleted!

Attempting to delete C:\windows\system32\yvrjqclu.ini
C:\windows\system32\yvrjqclu.ini Has been deleted!

Performing Repairs to the registry.
Done!

et hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:09:19, on 29/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Razer\razerhid.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Mcafee\MWL\MWLGui.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\usbhethw.exe
C:\Program Files\Razer\razerofa.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Mcafee\MWL\MwlSvc.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {0115AEBB-E675-4D91-8A1F-A759F5FAC6E8} - C:\WINDOWS\system32\ddccc.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {92D698E9-0048-42A9-BF74-FAE12F3C6BEA} - (no file)
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\Pepso\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ARC] "C:\Program Files\McAfee\McAfee QuickClean\Uni.exe" /ARC:McAfee Personal Firewall Plus
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by129fd.bay129.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} (Pegasus ImagN' 32-bit (Windowed) ActiveX Control v4.00) - http://www.internationalbeerparty.com/video/NetCam.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/hardwaredetection.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15016/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: ssqrs - C:\WINDOWS\system32\ssqrs.dll (file missing)
O20 - Winlogon Notify: winzzd32 - winzzd32.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: DomainService - - C:\WINDOWS\system32\usbhethw.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
0
Réponse 7 / 16
duflox Messages postés 2014 Statut Membre 43
 
il reste encore certain truc pas clair!!par contre tu ne pas envoyé le rapport de navilog option 2

Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu

puis

telecharge http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double-clic sur combofix il vas te demander une question repond oui touche y puis attends que combofix soit fini il vas generer un rapport

Poste le sur le forum dans ta reponse
0
Réponse 8 / 16
Margie01 Messages postés 10 Statut Membre
 
J'ai fait ce que tu m'avais demandé et voila le resultat:

ComboFix 07-08-29.3 - "Pepso" 2007-08-29 20:02:01.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1426 [GMT 2:00]
* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\usbhethw.exe
C:\WINDOWS\system32\winsys.exe

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_DOMAINSERVICE
-------\DomainService
-------\nm

((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-29 )))))))))))))))))))))))))))))))

2007-08-29 19:59 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-29 19:01 <REP> d-------- C:\VundoFix Backups
2007-08-29 18:36 41,472 --a------ C:\WINDOWS\system32\efcyvts.exe
2007-08-29 18:04 <REP> d-------- C:\Program Files\Navilog1
2007-08-29 17:38 <REP> d-------- C:\Hijack
2007-08-29 17:03 37,376 --a------ C:\WINDOWS\system32\fccdbxu.exe
2007-08-29 16:59 40,960 --a------ C:\WINDOWS\system32\opnnlki.exe
2007-08-29 10:36 33,792 --a------ C:\WINDOWS\system32\pmnoomj.exe
2007-08-28 10:09 33,792 --a------ C:\WINDOWS\system32\efcdddb.exe
2007-08-27 09:30 34,816 --a------ C:\WINDOWS\system32\mljjgde.exe
2007-08-26 09:45 34,816 --a------ C:\WINDOWS\system32\khfeeeb.exe
2007-08-25 10:22 33,792 --a------ C:\WINDOWS\system32\qomlljg.exe
2007-08-24 20:17 <REP> d-------- C:\Program Files\a-squared Free
2007-08-24 11:10 38,400 --a------ C:\WINDOWS\system32\ssqpppn.exe
2007-08-21 15:06 30,720 --a------ C:\WINDOWS\system32\vtuutst.exe
2007-08-21 11:10 38,400 --a------ C:\WINDOWS\system32\jkkkkli.exe
2007-08-05 20:18 <REP> d-------- C:\Program Files\iTunes
2007-08-05 20:18 <REP> d-------- C:\Program Files\iPod

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-29 16:57 --------- d-------- C:\Program Files\McAfee
2007-08-26 12:56 --------- d-------- C:\DOCUME~1\Pepso\APPLIC~1\Azureus
2007-08-26 09:48 --------- d-------- C:\Program Files\Azureus
2007-08-24 00:00 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor
2007-08-22 13:50 --------- d-------- C:\DOCUME~1\Pepso\APPLIC~1\teamspeak2
2007-08-17 12:33 --------- d-------- C:\Program Files\Opera
2007-08-14 21:22 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-08-04 10:06 --------- d-------- C:\Program Files\WowCartographe
2007-07-31 09:27 --------- d-------- C:\DOCUME~1\Pepso\APPLIC~1\SiteAdvisor
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-15 20:27 --------- d-------- C:\Program Files\QuickTime
2007-07-15 20:18 --------- d-------- C:\Program Files\Fichiers communs\Apple
2007-07-15 20:18 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-12 13:16 1030643 --------- C:\WINDOWS\system32\srqss.bak1
2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 15:22 1037312 --a------ C:\WINDOWS\explorer.exe
2007-05-31 08:45 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-05-31 08:44 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 08:44 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 08:44 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 08:44 740442 --a------ C:\WINDOWS\system32\DivX.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0115AEBB-E675-4D91-8A1F-A759F5FAC6E8}]
C:\WINDOWS\system32\ddccc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{92D698E9-0048-42A9-BF74-FAE12F3C6BEA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe" [2005-07-15 14:48]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 23:25 C:\WINDOWS\KHALMNPR.Exe]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 09:33]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Norton Ghost 9.0"="C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-11-22 17:20]
"nwiz"="nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32\nwiz.exe]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 09:18]
"CTHelper"="CTHELPER.EXE" [2003-10-06 14:57 C:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" [2005-07-21 08:21]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-06 13:44 C:\WINDOWS\RTHDCPL.exe]
"razer"="C:\Program Files\Razer\razerhid.exe" [2005-05-17 18:21]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 14:23]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" []
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 16:30]
"MWLExe"="C:\Program Files\Mcafee\MWL\MWLGui.exe" [2007-03-12 11:40]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2006-07-24 22:28]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"Steam"="" []
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-27 02:31]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"Octoshape Streaming Services"="C:\Program Files\Octoshape Streaming Services\Pepso\OctoshapeClient.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ARC"="C:\Program Files\McAfee\McAfee QuickClean\Uni.exe" /ARC:McAfee Personal Firewall Plus

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqrs]
C:\WINDOWS\system32\ssqrs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzzd32]
winzzd32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bootvis.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Bootvis.lnk
backup=C:\WINDOWS\pss\Bootvis.lnkCommon Startup

R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys
R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIMount.sys
R2 ROB_A;Pinnacle WDM PCTV Audio Capture;C:\WINDOWS\system32\DRIVERS\rob_a.sys
R2 ROB_V;Pinnacle WDM PCTV Video Capture;C:\WINDOWS\system32\drivers\rob_v.sys
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys
R3 ctgame;Game Port;C:\WINDOWS\system32\DRIVERS\ctgame.sys
R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\drivers\lccfltr.sys
R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvbi.sys
R3 Razerlow;Razerlow USB Filter Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S3 C-Dilla;C-Dilla;\??\C:\WINDOWS\system32\drivers\CDANT.SYS
S3 driverhardwarev2;driverhardwarev2;\??\C:\Program Files\HardwareDetection\driverhardwarev2.sys
S3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\system32\DRIVERS\itchfltr.sys
S3 VICHW00;VICHW00;\??\C:\WINDOWS\SYSTEM32\DRIVERS\VICHW00.SYS
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28111c16-5d1a-11da-a74f-00e018998877}]
AutoRun\command- H:\.pspware\PSPWareLauncher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2de71806-8df9-11da-a7bd-00e018998877}]
AutoRun\command- I:\.pspware\PSPWareLauncher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{987e4354-7073-11da-a782-00e018998877}]
AutoRun\command- K:\.pspware\PSPWareLauncher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed7b2f4d-cd4a-11d9-8556-806d6172696f}]
AutoRun\command- F:\Bin\Assetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed7b2f4e-cd4a-11d9-8556-806d6172696f}]
AutoRun\command- G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f03ce8cf-2358-11da-8e41-00e018998877}]
AutoRun\command- H:\.pspware\PSPWareLauncher.exe

Contents of the 'Scheduled Tasks' folder
2007-08-26 18:13:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-08-14 23:02:00 C:\WINDOWS\Tasks\McDefragTask.job - C:\WINDOWS\system32\defrag.exe
2007-07-31 23:00:39 C:\WINDOWS\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-29 20:05:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
ARC = "C:\Program Files\McAfee\McAfee QuickClean\Uni.exe" /ARC:McAfee Personal Firewall Plus????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????M?????2??|????????????Pw????M???????M????|8??|????2??|???|???????? ?M?b??w???????????w????????????????????????????????????????????????????????????????????????p?M?????2??|??????????????????M?????2??|????? ??????????d?M????|???|???|??????M????|??M?"??|???w?#?????w????l?????????????????????????????????????????????????/M????????????????0?M???M???M???????????M?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-29 20:08:48 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-29 20:08

--- E O F ---

[08/29/2007, 19:58:04] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Pepso\Bureau\VirtumundoBeGone.exe" )
[08/29/2007, 19:58:13] - Detected System Information:
[08/29/2007, 19:58:13] - Windows Version: 5.1.2600, Service Pack 2
[08/29/2007, 19:58:13] - Current Username: Pepso (Admin)
[08/29/2007, 19:58:13] - Windows is in NORMAL mode.
[08/29/2007, 19:58:13] - Searching for Browser Helper Objects:
[08/29/2007, 19:58:13] - BHO 1: {0115AEBB-E675-4D91-8A1F-A759F5FAC6E8} ()
[08/29/2007, 19:58:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/29/2007, 19:58:13] - Checking for HKLM\...\Winlogon\Notify\ddccc
[08/29/2007, 19:58:13] - Key not found: HKLM\...\Winlogon\Notify\ddccc, continuing.
[08/29/2007, 19:58:13] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[08/29/2007, 19:58:13] - BHO 3: {089FD14D-132B-48FC-8861-0048AE113215} ()
[08/29/2007, 19:58:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/29/2007, 19:58:13] - Checking for HKLM\...\Winlogon\Notify\SiteAdv
[08/29/2007, 19:58:13] - Key not found: HKLM\...\Winlogon\Notify\SiteAdv, continuing.
[08/29/2007, 19:58:13] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[08/29/2007, 19:58:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/29/2007, 19:58:13] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[08/29/2007, 19:58:13] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[08/29/2007, 19:58:13] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/29/2007, 19:58:13] - BHO 6: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
[08/29/2007, 19:58:13] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[08/29/2007, 19:58:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/29/2007, 19:58:13] - No filename found. Continuing.
[08/29/2007, 19:58:13] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[08/29/2007, 19:58:13] - BHO 9: {92D698E9-0048-42A9-BF74-FAE12F3C6BEA} ()
[08/29/2007, 19:58:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/29/2007, 19:58:13] - No filename found. Continuing.
[08/29/2007, 19:58:13] - BHO 10: {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} (CPub Object)
[08/29/2007, 19:58:13] - Finished Searching Browser Helper Objects
[08/29/2007, 19:58:13] - Finishing up...
[08/29/2007, 19:58:13] - Nothing found! Exiting...

Et le log hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:38:40, on 29/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Razer\razerhid.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Mcafee\MWL\MWLGui.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\Rainlendar\Rainlendar.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\Program Files\Razer\razerofa.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mcafee\MWL\MwlSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Opera\Opera.exe
C:\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {0115AEBB-E675-4D91-8A1F-A759F5FAC6E8} - C:\WINDOWS\system32\ddccc.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {92D698E9-0048-42A9-BF74-FAE12F3C6BEA} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\Pepso\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ARC] "C:\Program Files\McAfee\McAfee QuickClean\Uni.exe" /ARC:McAfee Personal Firewall Plus
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by129fd.bay129.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} (Pegasus ImagN' 32-bit (Windowed) ActiveX Control v4.00) - http://www.internationalbeerparty.com/video/NetCam.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/hardwaredetection.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15016/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: ssqrs - C:\WINDOWS\system32\ssqrs.dll (file missing)
O20 - Winlogon Notify: winzzd32 - winzzd32.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
0
Réponse 9 / 16
duflox Messages postés 2014 Statut Membre 43
 
tres bien alors:

1)Télécharge « clean.zip »
http://www.malekal.com/download/clean.zip
•- Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier dénommé "clean ".

•- Redémarre en mode sans échec. ( note bien ce que tu as à faire ).
•- Ouvre le dossier « clean » qui se trouve sur ton bureau.
•- Double-clic sur « clean.cmd ».
Une fenêtre noire va apparaître, choisis l’option 2.

Clean va travailler.
•- Redémarre normalement
•- Poste qui se trouve ici C:\rapport_clean.txt.

(- Où est le rapport clean ? : « Poste de travail » / double clic sur disque « C / » double-clic sur « rapport_clean.txt » et « copier/coller le contenu » sur le forum. )

2)fait un scan ici
https://www.bitdefender.fr/
et copie colle le résultat ici
* En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
* Dans la nouvelle fenêtre, clique sur I agree
* La fenêtre change encore, clique sur Click here to scan
* Les signatures se chargent, etc.

copie/colle le rapport sur le forum

3) refais moi un rapport hijackthis

a+
0
Réponse 10 / 16
Margie01 Messages postés 10 Statut Membre
 
Je suis de retour j'ai lancé le scna bitdefender pdt la nuit. Voila les rapports demandé:

Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 30/08/2007 a 0:54:32,28

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:

*** Suppression des fichiers dans C:\WINDOWS\

*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\mcrh.tmp
tentative de suppression de C:\WINDOWS\system32\msiuins.exe

*** Suppression des fichiers dans C:\Program Files

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !

BitDefender Online Scanner

Rapport d'analyse généré à: Thu, Aug 30, 2007 - 02:42:48

Voie d'analyse: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;X:\;

Statistiques

Temps
01:20:23

Fichiers
411429

Directoires
9674

Secteurs de boot
5

Archives
4760

Paquets programmes
15386

Résultats

Virus identifiés
12

Fichiers infectés
144

Fichiers suspects
0

Avertissements
0

Désinfectés
0

Fichiers effacés
144

Info sur les moteurs

Définition virus
750455

Version des moteurs
AVCORE v1.0 (build 2411) (i386) (Jul 9 2007 12:10:22)

Analyse des plugins
14

Archive des plugins
38

Unpack des plugins
6

E-mail plugins
6

Système plugins
1

Paramètres d'analyse

Première action
Désinfecté

Seconde Action
Supprimé

Heuristique
Oui

Acceptez les avertissements
Oui

Extensions analysées
*;

Excludez les extensions

Analyse d'emails
Oui

Analyse des Archives
Oui

Analyser paquets programmes
Oui

Analyse des fichiers
Oui

Analyse de boot
Oui

Fichier analysé
Statut

C:\Program Files\Navilog1\Backupnavi\lmcwonuq.exe
Infecté par: Trojan.Fotomoto.E

C:\Program Files\Navilog1\Backupnavi\lmcwonuq.exe
Echec de la désinfection

C:\Program Files\Navilog1\Backupnavi\lmcwonuq.exe
Supprimé

C:\Program Files\Navilog1\Backupnavi\qmfvxnqg.exe
Infecté par: Trojan.Fotomoto.E

C:\Program Files\Navilog1\Backupnavi\qmfvxnqg.exe
Echec de la désinfection

C:\Program Files\Navilog1\Backupnavi\qmfvxnqg.exe
Supprimé

C:\Program Files\Navilog1\Backupnavi\usbhethw.exe
Infecté par: Trojan.Fotomoto.E

C:\Program Files\Navilog1\Backupnavi\usbhethw.exe
Echec de la désinfection

C:\Program Files\Navilog1\Backupnavi\usbhethw.exe
Supprimé

C:\QooBox\Quarantine\C\WINDOWS\system32\usbhethw.exe.vir
Infecté par: Trojan.Fotomoto.E

C:\QooBox\Quarantine\C\WINDOWS\system32\usbhethw.exe.vir
Echec de la désinfection

C:\QooBox\Quarantine\C\WINDOWS\system32\usbhethw.exe.vir
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP676\A0182526.dll
Infecté par: DeepScan:Generic.Virtumonde.1.A4697C34

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP676\A0182526.dll
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP676\A0182526.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP676\A0182563.dll
Infecté par: Trojan.Vundo.CG

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP676\A0182563.dll
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP676\A0182563.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP677\A0182892.dll
Infecté par: Trojan.Vundo.CG

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP677\A0182892.dll
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP677\A0182892.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP677\A0182966.dll
Infecté par: Trojan.Vundo.CG

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP677\A0182966.dll
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP677\A0182966.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP678\A0183163.dll
Infecté par: Trojan.Vundo.CG

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP678\A0183163.dll
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP678\A0183163.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP678\A0183270.dll
Infecté par: Trojan.Vundo.CG

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP678\A0183270.dll
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP678\A0183270.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP678\A0183312.dll
Infecté par: Trojan.Vundo.CG

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP678\A0183312.dll
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP678\A0183312.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP695\A0187048.dll
Infecté par: Trojan.Vundo.DMP

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP695\A0187048.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP695\A0187049.dll
Infecté par: Trojan.Vundo.DMP

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP695\A0187049.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP696\A0187124.dll
Infecté par: Trojan.Vundo.DMP

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP696\A0187124.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187247.dll
Infecté par: Trojan.Vundo.DMP

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187247.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187248.dll
Infecté par: Trojan.Vundo.DMP

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187248.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187249.exe
Infecté par: Trojan.Fotomoto.A

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187249.exe
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187250.exe
Infecté par: Trojan.Fotomoto.A

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187250.exe
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187251.exe
Infecté par: Trojan.Fotomoto.A

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187251.exe
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187252.exe
Infecté par: Trojan.Fotomoto.A

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187252.exe
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187253.exe
Infecté par: Trojan.Fotomoto.A

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187253.exe
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187254.exe
Infecté par: Trojan.Fotomoto.A

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187254.exe
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187255.exe
Infecté par: Trojan.Fotomoto.A

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187255.exe
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187256.exe
Infecté par: Trojan.Fotomoto.A

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187256.exe
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187259.dll
Infecté par: Trojan.Vundo.DMP

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187259.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187260.dll
Infecté par: Trojan.Vundo.DMP

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187260.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187261.dll
Infecté par: Trojan.Vundo.DMP

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187261.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187263.dll
Infecté par: Trojan.Vundo.DMJ

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187263.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187265.dll
Infecté par: Trojan.Vundo.DMP

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187265.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187266.dll
Infecté par: Trojan.Vundo.DMP

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187266.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187268.dll
Infecté par: Trojan.Vundo.CG

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187268.dll
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187268.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187269.dll
Infecté par: Trojan.Vundo.CG

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187269.dll
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187269.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187270.dll
Infecté par: Trojan.Vundo.CG

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187270.dll
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187270.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187271.dll
Infecté par: Trojan.Vundo.CG

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187271.dll
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187271.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187272.dll
Infecté par: Trojan.Vundo.CG

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187272.dll
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187272.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187273.exe
Infecté par: Trojan.Agent.AAOA

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187273.exe
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187273.exe
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187274.exe
Infecté par: Trojan.Agent.AAOA

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187274.exe
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187274.exe
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187275.exe
Infecté par: Trojan.Agent.AAOA

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187275.exe
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187275.exe
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187276.exe
Infecté par: Trojan.Agent.AAOA

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187276.exe
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187276.exe
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187277.exe
Infecté par: Trojan.Agent.AAOA

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187277.exe
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187277.exe
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187278.exe
Infecté par: Trojan.Agent.AAOA

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187278.exe
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187278.exe
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187279.exe
Infecté par: Trojan.Agent.AAOA

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187279.exe
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187279.exe
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187280.exe
Infecté par: Trojan.Agent.AAOA

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187280.exe
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187280.exe
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187281.exe
Infecté par: Trojan.Agent.AAOA

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187281.exe
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187281.exe
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187282.exe
Infecté par: Trojan.Agent.AAOA

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187282.exe
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187282.exe
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187283.exe
Infecté par: Trojan.Agent.AAOA

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187283.exe
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187283.exe
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187284.exe
Infecté par: Trojan.Agent.AAOA

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187284.exe
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187284.exe
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187285.exe
Infecté par: Trojan.Agent.AAOA

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187285.exe
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187285.exe
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187286.exe
Infecté par: Trojan.Agent.AAOA

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187286.exe
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187286.exe
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187287.exe
Infecté par: Trojan.Agent.AAOA

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187287.exe
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187287.exe
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187288.exe
Infecté par: Trojan.Agent.AAOA

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187288.exe
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187288.exe
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187289.exe
Infecté par: Trojan.Agent.AAOA

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187289.exe
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187289.exe
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187290.exe
Infecté par: Trojan.Agent.AAOA

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187290.exe
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187290.exe
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187291.exe
Infecté par: Trojan.Agent.AAOA

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187291.exe
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187291.exe
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187292.exe
Infecté par: Trojan.Agent.AAOA

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187292.exe
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187292.exe
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187293.exe
Infecté par: Trojan.Agent.AAOA

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187293.exe
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187293.exe
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187294.exe
Infecté par: Trojan.Agent.AAOA

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187294.exe
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187294.exe
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187295.exe
Infecté par: Trojan.Agent.AAOA

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187295.exe
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187295.exe
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187296.exe
Infecté par: Trojan.Agent.AAOA

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187296.exe
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187296.exe
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187297.exe
Infecté par: Trojan.Agent.AAOA

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187297.exe
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187297.exe
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187298.dll
Infecté par: Trojan.JuanSearch.C

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187298.dll
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187298.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187299.dll
Infecté par: Trojan.JuanSearch.C

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187299.dll
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187299.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187300.dll
Infecté par: Trojan.JuanSearch.C

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187300.dll
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187300.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187301.dll
Infecté par: Trojan.JuanSearch.C

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187301.dll
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187301.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187302.dll
Infecté par: Trojan.JuanSearch.C

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187302.dll
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187302.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187303.dll
Infecté par: Trojan.JuanSearch.C

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187303.dll
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187303.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187304.dll
Infecté par: Trojan.JuanSearch.C

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187304.dll
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187304.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187305.dll
Infecté par: Trojan.JuanSearch.C

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187305.dll
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP697\A0187305.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187604.dll
Infecté par: Trojan.Vundo.DMP

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187604.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187618.exe
Infecté par: Trojan.Fotomoto.E

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187618.exe
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187618.exe
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187623.exe
Infecté par: Trojan.Fotomoto.E

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187623.exe
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187623.exe
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187642.dll
Infecté par: Trojan.Vundo.CG

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187642.dll
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187642.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187644.dll
Infecté par: Trojan.Vundo.DMP

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187644.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187645.dll
Infecté par: Trojan.Vundo.DMP

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187645.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187646.dll
Infecté par: Trojan.Vundo.DMP

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187646.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187648.dll
Infecté par: Trojan.JuanSearch.C

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187648.dll
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187648.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187651.dll
Infecté par: Trojan.Vundo.DMP

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187651.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187652.dll
Infecté par: Trojan.JuanSearch.C

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187652.dll
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187652.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187653.dll
Infecté par: DeepScan:Generic.Virtumonde.1.E50A07F2

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187653.dll
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187653.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187663.dll
Infecté par: Trojan.Vundo.DMP

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187663.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187666.dll
Infecté par: Trojan.Vundo.DMP

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187666.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187667.dll
Infecté par: Trojan.Vundo.CG

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187667.dll
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187667.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187669.dll
Infecté par: Trojan.Vundo.DMP

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187669.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187671.dll
Infecté par: Trojan.Vundo.DMP

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187671.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187672.dll
Infecté par: Trojan.JuanSearch.C

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187672.dll
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187672.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187674.dll
Infecté par: Trojan.Vundo.DMP

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187674.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187675.dll
Infecté par: Trojan.Vundo.DMP

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187675.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187676.dll
Infecté par: Trojan.Vundo.DMP

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187676.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187678.dll
Infecté par: Trojan.Vundo.DMP

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187678.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187679.dll
Infecté par: Trojan.Vundo.DMP

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187679.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187684.dll
Infecté par: Trojan.Vundo.DMP

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187684.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187685.dll
Infecté par: Trojan.Vundo.DMP

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187685.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187688.dll
Infecté par: Trojan.Vundo.DMP

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187688.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187689.dll
Infecté par: Trojan.Vundo.DMP

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187689.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187691.dll
Infecté par: Trojan.Vundo.DMP

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187691.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187692.dll
Infecté par: Trojan.Vundo.DMP

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187692.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187693.dll
Infecté par: Trojan.Vundo.DMP

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187693.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187696.dll
Infecté par: Trojan.Vundo.DMP

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187696.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187697.dll
Infecté par: Trojan.Vundo.DMP

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187697.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187700.dll
Infecté par: Trojan.Vundo.DMP

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187700.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187703.dll
Infecté par: Trojan.Vundo.DMP

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187703.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187705.dll
Infecté par: Trojan.Vundo.DMP

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187705.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187707.dll
Infecté par: Trojan.Vundo.DMP

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP700\A0187707.dll
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP701\A0187744.exe
Infecté par: Trojan.Fotomoto.E

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP701\A0187744.exe
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP701\A0187744.exe
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP701\A0189803.exe
Infecté par: Trojan.Fotomoto.E

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP701\A0189803.exe
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP701\A0189803.exe
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP701\A0189804.exe
Infecté par: Trojan.Fotomoto.E

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP701\A0189804.exe
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP701\A0189804.exe
Supprimé

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP701\A0189805.exe
Infecté par: Trojan.Fotomoto.E

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP701\A0189805.exe
Echec de la désinfection

C:\System Volume Information\_restore{C39DFC29-3402-4429-ADB4-3044AD9647DA}\RP701\A0189805.exe
Supprimé

C:\VundoFix Backups\afwpsius.dll.bad
Infecté par: Trojan.Vundo.CG

C:\VundoFix Backups\afwpsius.dll.bad
Echec de la désinfection

C:\VundoFix Backups\afwpsius.dll.bad
Supprimé

C:\VundoFix Backups\asunpxme.dll.bad
Infecté par: Trojan.Vundo.DMP

C:\VundoFix Backups\asunpxme.dll.bad
Supprimé

C:\VundoFix Backups\bboxlfrf.dll.bad
Infecté par: Trojan.Vundo.DMP

C:\VundoFix Backups\bboxlfrf.dll.bad
Supprimé

C:\VundoFix Backups\bdraciik.dll.bad
Infecté par: Trojan.Vundo.DMP

C:\VundoFix Backups\bdraciik.dll.bad
Supprimé

C:\VundoFix Backups\cbcwrbvs.dll.bad
Infecté par: Trojan.JuanSearch.C

C:\VundoFix Backups\cbcwrbvs.dll.bad
Echec de la désinfection

C:\VundoFix Backups\cbcwrbvs.dll.bad
Supprimé

C:\VundoFix Backups\cmvnvxqr.dll.bad
Infecté par: Trojan.Vundo.DMP

C:\VundoFix Backups\cmvnvxqr.dll.bad
Supprimé

C:\VundoFix Backups\cyrnitdb.dll.bad
Infecté par: Trojan.JuanSearch.C

C:\VundoFix Backups\cyrnitdb.dll.bad
Echec de la désinfection

C:\VundoFix Backups\cyrnitdb.dll.bad
Supprimé

C:\VundoFix Backups\ddccc.dll.bad
Infecté par: DeepScan:Generic.Virtumonde.1.E50A07F2

C:\VundoFix Backups\ddccc.dll.bad
Echec de la désinfection

C:\VundoFix Backups\ddccc.dll.bad
Supprimé

C:\VundoFix Backups\gvypjyeh.dll.bad
Infecté par: Trojan.Vundo.DMP

C:\VundoFix Backups\gvypjyeh.dll.bad
Supprimé

C:\VundoFix Backups\jmaquyvv.dll.bad
Infecté par: Trojan.Vundo.DMP

C:\VundoFix Backups\jmaquyvv.dll.bad
Supprimé

C:\VundoFix Backups\jvuniuah.dll.bad
Infecté par: Trojan.Vundo.CG

C:\VundoFix Backups\jvuniuah.dll.bad
Echec de la désinfection

C:\VundoFix Backups\jvuniuah.dll.bad
Supprimé

C:\VundoFix Backups\kxymtvja.dll.bad
Infecté par: Trojan.Vundo.DMP

C:\VundoFix Backups\kxymtvja.dll.bad
Supprimé

C:\VundoFix Backups\mwfvibfm.dll.bad
Infecté par: Trojan.Vundo.DMP

C:\VundoFix Backups\mwfvibfm.dll.bad
Supprimé

C:\VundoFix Backups\nemnxsjb.dll.bad
Infecté par: Trojan.JuanSearch.C

C:\VundoFix Backups\nemnxsjb.dll.bad
Echec de la désinfection

C:\VundoFix Backups\nemnxsjb.dll.bad
Supprimé

C:\VundoFix Backups\ojxjdbor.dll.bad
Infecté par: Trojan.Vundo.DMP

C:\VundoFix Backups\ojxjdbor.dll.bad
Supprimé

C:\VundoFix Backups\pbcunvsq.dll.bad
Infecté par: Trojan.Vundo.DMP

C:\VundoFix Backups\pbcunvsq.dll.bad
Supprimé

C:\VundoFix Backups\qeyjhujv.dll.bad
Infecté par: Trojan.Vundo.DMP

C:\VundoFix Backups\qeyjhujv.dll.bad
Supprimé

C:\VundoFix Backups\qiumpdsd.dll.bad
Infecté par: Trojan.Vundo.DMP

C:\VundoFix Backups\qiumpdsd.dll.bad
Supprimé

C:\VundoFix Backups\qjxueiyd.dll.bad
Infecté par: Trojan.Vundo.DMP

C:\VundoFix Backups\qjxueiyd.dll.bad
Supprimé

C:\VundoFix Backups\rbpvqkkc.dll.bad
Infecté par: Trojan.Vundo.DMP

C:\VundoFix Backups\rbpvqkkc.dll.bad
Supprimé

C:\VundoFix Backups\riucpxbc.dll.bad
Infecté par: Trojan.Vundo.DMP

C:\VundoFix Backups\riucpxbc.dll.bad
Supprimé

C:\VundoFix Backups\shtedage.dll.bad
Infecté par: Trojan.Vundo.DMP

C:\VundoFix Backups\shtedage.dll.bad
Supprimé

C:\VundoFix Backups\snublyhq.dll.bad
Infecté par: Trojan.Vundo.DMP

C:\VundoFix Backups\snublyhq.dll.bad
Supprimé

C:\VundoFix Backups\swqaefcy.dll.bad
Infecté par: Trojan.Vundo.DMP

C:\VundoFix Backups\swqaefcy.dll.bad
Supprimé

C:\VundoFix Backups\swyqhacf.dll.bad
Infecté par: Trojan.Vundo.DMP

C:\VundoFix Backups\swyqhacf.dll.bad
Supprimé

C:\VundoFix Backups\tcqcpsct.dll.bad
Infecté par: Trojan.Vundo.DMP

C:\VundoFix Backups\tcqcpsct.dll.bad
Supprimé

C:\VundoFix Backups\ujawulst.dll.bad
Infecté par: Trojan.Vundo.DMP

C:\VundoFix Backups\ujawulst.dll.bad
Supprimé

C:\VundoFix Backups\ulcqjrvy.dll.bad
Infecté par: Trojan.Vundo.DMP

C:\VundoFix Backups\ulcqjrvy.dll.bad
Supprimé

C:\VundoFix Backups\vucarfhw.dll.bad
Infecté par: Trojan.Vundo.DMP

C:\VundoFix Backups\vucarfhw.dll.bad
Supprimé

C:\VundoFix Backups\wxoetvwq.dll.bad
Infecté par: Trojan.Vundo.DMP

C:\VundoFix Backups\wxoetvwq.dll.bad
Supprimé

C:\VundoFix Backups\xbyrkeeb.dll.bad
Infecté par: Trojan.Vundo.DMP

C:\VundoFix Backups\xbyrkeeb.dll.bad
Supprimé

C:\VundoFix Backups\xxbqvkjx.dll.bad
Infecté par: Trojan.Vundo.DMP

C:\VundoFix Backups\xxbqvkjx.dll.bad
Supprimé

E:\System Volume Information\_restore{D6A480F7-AB89-420A-9248-E411E8EE544E}\RP24\A0011841.EXE
Infecté par: Trojan.Downloader.Delf.BR

E:\System Volume Information\_restore{D6A480F7-AB89-420A-9248-E411E8EE544E}\RP24\A0011841.EXE
Echec de la désinfection

E:\System Volume Information\_restore{D6A480F7-AB89-420A-9248-E411E8EE544E}\RP24\A0011841.EXE
Supprimé

E:\System Volume Information\_restore{D6A480F7-AB89-420A-9248-E411E8EE544E}\RP24\A0012285.exe=>(NSIS o)=>lzma_solid_nsis0004
Infecté par: Trojan.Startpage.RR

E:\System Volume Information\_restore{D6A480F7-AB89-420A-9248-E411E8EE544E}\RP24\A0012285.exe=>(NSIS o)=>lzma_solid_nsis0004
Echec de la désinfection

E:\System Volume Information\_restore{D6A480F7-AB89-420A-9248-E411E8EE544E}\RP24\A0012285.exe=>(NSIS o)=>lzma_solid_nsis0004
Supprimé

E:\System Volume Information\_restore{D6A480F7-AB89-420A-9248-E411E8EE544E}\RP24\A0012285.exe=>(NSIS o)
Echec de la mise à jour

E:\System Volume Information\_restore{D6A480F7-AB89-420A-9248-E411E8EE544E}\RP24\A0012288.exe=>(Instyler o)=>(Instyler Module 4)
Infecté par: Trojan.Proxy.Agent.AT

E:\System Volume Information\_restore{D6A480F7-AB89-420A-9248-E411E8EE544E}\RP24\A0012288.exe=>(Instyler o)=>(Instyler Module 4)
Echec de la désinfection

E:\System Volume Information\_restore{D6A480F7-AB89-420A-9248-E411E8EE544E}\RP24\A0012288.exe=>(Instyler o)=>(Instyler Module 4)
Supprimé

E:\System Volume Information\_restore{D6A480F7-AB89-420A-9248-E411E8EE544E}\RP24\A0012288.exe=>(Instyler o)
Echec de la mise à jour

E:\System Volume Information\_restore{D6A480F7-AB89-420A-9248-E411E8EE544E}\RP28\A0012624.EXE
Infecté par: Trojan.Downloader.Delf.BR

E:\System Volume Information\_restore{D6A480F7-AB89-420A-9248-E411E8EE544E}\RP28\A0012624.EXE
Echec de la désinfection

E:\System Volume Information\_restore{D6A480F7-AB89-420A-9248-E411E8EE544E}\RP28\A0012624.EXE
Supprimé

E:\System Volume Information\_restore{D6A480F7-AB89-420A-9248-E411E8EE544E}\RP37\A0015001.exe=>(NSIS o)=>lzma_solid_nsis0004
Infecté par: Trojan.Startpage.RR

E:\System Volume Information\_restore{D6A480F7-AB89-420A-9248-E411E8EE544E}\RP37\A0015001.exe=>(NSIS o)=>lzma_solid_nsis0004
Echec de la désinfection

E:\System Volume Information\_restore{D6A480F7-AB89-420A-9248-E411E8EE544E}\RP37\A0015001.exe=>(NSIS o)=>lzma_solid_nsis0004
Supprimé

E:\System Volume Information\_restore{D6A480F7-AB89-420A-9248-E411E8EE544E}\RP37\A0015001.exe=>(NSIS o)
Echec de la mise à jour

et enfin le rapport hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:50:15, on 30/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Razer\razerhid.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mcafee\MWL\MWLGui.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Mcafee\MWL\MwlSvc.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {0115AEBB-E675-4D91-8A1F-A759F5FAC6E8} - C:\WINDOWS\system32\ddccc.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {92D698E9-0048-42A9-BF74-FAE12F3C6BEA} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\Pepso\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ARC] "C:\Program Files\McAfee\McAfee QuickClean\Uni.exe" /ARC:McAfee Personal Firewall Plus
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by129fd.bay129.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} (Pegasus ImagN' 32-bit (Windowed) ActiveX Control v4.00) - http://www.internationalbeerparty.com/video/NetCam.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/hardwaredetection.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15016/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: ssqrs - C:\WINDOWS\system32\ssqrs.dll (file missing)
O20 - Winlogon Notify: winzzd32 - winzzd32.dll (file missing)
O23 - Service: McAfee Application Installer Cleanup (0026961188450433) (0026961188450433mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\002696~1.EXE
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
0
Réponse 11 / 16
Margie01 Messages postés 10 Statut Membre
 
un petit up pour savoir si mon probleme est reglé ou pas :)

Duflox est tu la?^^

Merci de votre aide

Margie
0
Réponse 12 / 16
duflox Messages postés 2014 Statut Membre 43
 
relances hijackthis puis cliques sur "do a system scan only"

apres le scan coches ces lignes et seulement celles ci !!

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: (no name) - {0115AEBB-E675-4D91-8A1F-A759F5FAC6E8} - C:\WINDOWS\system32\ddccc.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {92D698E9-0048-42A9-BF74-FAE12F3C6BEA} - (no file)

O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe

O4 - Global Startup: Pinnacle Scheduler.lnk = ?

O16 - DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} (Pegasus ImagN' 32-bit (Windowed) ActiveX Control v4.00) - http://www.internationalbeerparty.com/video/NetCam.cab

O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O20 - Winlogon Notify: ssqrs - C:\WINDOWS\system32\ssqrs.dll (file missing)

O20 - Winlogon Notify: winzzd32 - winzzd32.dll (file missing)

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

refermes ton navigateur (internet explorer ) puis cliques sur " fix check"

ensuite eteins ton pc, rallumes le, refais un scan et copies colle ici

merci
0
Réponse 13 / 16
Margie01 Messages postés 10 Statut Membre
 
Bonjour duflox et merci de ton suivi.

Voila le rapport demandé:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:42:03, on 30/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Razer\razerhid.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Mcafee\MWL\MWLGui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mcafee\MWL\MwlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\Pepso\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ARC] "C:\Program Files\McAfee\McAfee QuickClean\Uni.exe" /ARC:McAfee Personal Firewall Plus
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by129fd.bay129.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/hardwaredetection.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15016/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
0
Réponse 14 / 16
duflox Messages postés 2014 Statut Membre 43
 
ok !!

c est normal c est moi qui te l ai enlevé du demarrage pour que ton pc aye plus vite quand tu le demarres!!

sinon pour finir:

*Télécharge et installe CCleaner (n'installe pas la barre d'outil Yahoo)
---> http://www.infos-du-net.com/telecharger/CCleaner,0301-1039.html

- Dans la colonne de gauche clic sur "erreurs" coches toutes les cases, puis clic en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs" et tu auras un message pour sauvegarder ta base de registre tu clic "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs.
Les sauvegardes que tu aura faites, tu pourras les supprimer si ton ordinateur n'a plus de problémes.

- Relance Ccleaner, vas dans l'onglet "nettoyeur" présent sur la gauche, decoches la derniere case (Avancé si elle est cochée) puis clic sur "lancer le nettoyage"

Si tu as besoin d'aide avec Ccleaner, regarde ce tutoriel :
https://kerio.probb.fr/

Et suis les instructions donnée dans ce lien :
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm

puis

¤Désactive ta restauration système (uniquement si tu es sous XP):
Clic droit sur poste de travail puis,
propriété, tu cliques sur onglet restauration système
tu coches la case « désactiver la restauration » et applique.

Puis, redemarre

¤Réactive ta restauration système (uniquement si tu es sous XP):
Clic droit sur poste de travail puis,
propriété, tu cliques sur onglet restauration système
tu décoches la case « désactiver la restauration » et applique.
0
Réponse 15 / 16
Margie01 Messages postés 10 Statut Membre
 
Voila c'est fait.

Je crois qu'on peut dire que c'est reglé en tt cas merci bien duflox pour le coup de main. Merci du temps passé sur mon probleme et des solutions apportées.

Bonne continuation

Margie
0
Réponse 16 / 16
duflox Messages postés 2014 Statut Membre 43
 
Supprime tout les programme qu’on a utiliser

Pour finir quelques conseils de base :

* Ne pas télécharger n'importe quoi éviter les programmes gratuit genre smileys ...etc.

* Toujours analyser les fichiers télécharger depuis un peer to peer (émule , kazza ... Etc.) avant de les exécuter

* Ne pas ouvrir les pièces jointes d'un expéditeur inconnu et toujours les analysé avant de les ouvrir

* Toujours analysé les fichiers reçu via MSN ou autre avec ton antivirus

* Ne pas cliqué sur des lien louche dans MSN

* Passe reglierement les antispyware (adaware , spybot , avg .. Etc.) pense a les mettre ajour avant de les lancé c'est très important

* fait un scan en ligne de temps en temps avec bit defender

* Supprime régulièrement les fichiers inutiles (fichiers temporaire , cookies .. Etc.) a l'aide de CCleaner https://www.malekal.com/tutoriel-ccleaner/

* Utiliser le navigateur Mozzilla il est plus sure http://www.mozilla-europe.org/fr/products/firefox/ ( Ne pas supprimer Internet explorer!)

-Maintenant que ton ordinateur est propre je te conseille de créer un point de restauration comme ça en cas de problème (virus , plantage ..etc.) tu pourra tjr revenir en arrière
https://www.malekal.com/la-restauration-du-systeme-sous-windows-xp-2/#mozTocId447452
a+++

Bon surf ;)
0

Discussions similaires

Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
qu'est ce qu'un "trojan agent/gen" ? svp
Saber03 -
jacques.gache -

33 réponses
Comment enlever mon virus trojan:win32/si...
bryanoulet -
juju666 -

58 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses