Sujet Précédent Sujet Suivant

ULTIMATE FIXER

Résolu/Fermé
max611 Messages postés 25 Date d'inscription samedi 15 septembre 2007 Statut Membre Dernière intervention 31 juillet 2008 - 15 sept. 2007 à 19:29
afideg Messages postés 10517 Date d'inscription lundi 10 octobre 2005 Statut Contributeur sécurité Dernière intervention 12 avril 2022 - 17 sept. 2007 à 13:26
Depuis quelque temps jai une petite icone qui aparait pi je suis tanné jai tout essayer alors aider moi sil vous plait voici mon log hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:28:03, on 2007-09-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\SecCenter\scprot4.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\DOCUME~1\MAX~1\LOCALS~1\Temp\Rar$EX00.813\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {28019A84-D5CD-4EDB-9C74-4B9BCEFA0B19} - C:\WINDOWS\system32\vturo.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {64B94229-7967-860A-A0C2-034C02BA876B} - C:\Program Files\Ujpxccpo\tqrggsld.dll (file missing)
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {733E9132-53CA-4C97-9AC9-145C4502FA20} - C:\WINDOWS\system32\yayvwus.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {DEC06934-4AEC-40F9-B33A-E5980A9C4461} - C:\WINDOWS\system32\vturo.dll (file missing)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [lsrglipi] rundll32.exe "C:\Program Files\wzifsruh\wrodylyf.dll",Init
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [fetuxsrg] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\fetuxsrg.dll"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O9 - Extra button: (no name) - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: vturo - C:\WINDOWS\system32\vturo.dll (file missing)
O20 - Winlogon Notify: winpsa32 - C:\WINDOWS\SYSTEM32\winpsa32.dll
O20 - Winlogon Notify: yayvwus - C:\WINDOWS\SYSTEM32\yayvwus.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbycoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
A voir également:

21 réponses

  • 1
  • 2
Réponse 1 / 21
max611 Messages postés 25 Date d'inscription samedi 15 septembre 2007 Statut Membre Dernière intervention 31 juillet 2008 3
15 sept. 2007 à 19:30
cest ultimate fixer jai oublier de preciser
0
Réponse 2 / 21
talo
15 sept. 2007 à 19:41
bonjour
voila une solution, commencer par smitfraud fix si c 'est pas suffisant faire tout.


Suppression Ultimate FixerTéléchargez FixWareout LonnyRJones à partir l'une de ces adresses :
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe
Lancez le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
Il vous sera demandé de redémarrer votre ordinateur, redémarrez-le.
Votre système mettra un peu plus de temps au démarrage, c'est normal.
Téléchargez et lancez HijackThis
Cochez toutes les lignes de type : O17 - HKLM\System\CCS\Services\Tcpip\..\{14AFD67D-EAA0-4F1C-9E2F-BD4D70C98EF5}: NameServer = 85.255.113.206,85.255.112.76
Cliquez sur Fix Checked
Téléchargez SmitFraudFix et dézipez le sur le bureau.
Téléchargez et installez AVG AntiSpyware : anti-malware recommandé
Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
Executez le SmitFraudFix et lancez le fichier SmitfraudFix.cmd
Choisissez l'option 2 et appuie sur Entrée
Répondez o (Oui) aux deux questions suivantes si elles sont posées
Afin de supprimer toutes traces du spyware et d'autres élements qu'il aurait pu installer, scannez votre ordinateur avec :
AVG Antispyware : anti-malware recommandé
Redémarrez l'ordinateur
Je vous conseil aussi de scanner votre ordinateur avec un antivirus à jour, si vous êtes infecté, il y a des chances que vous n'en aillez pas, utilisez alors un antivirus en ligne :
Scan par Secuser
Scan par Symantec
Scan par Panda
Nettoyez votre base de registre à l'aide de l'utilitaire regFixer
Nettoyez les fichiers temporaires/caches etc.. avec CFixer
Si vous rencontrez toujours des problèmes, générez un log à l'aide HijackThis - mode d'emploi et venez le poster sur le forum du site
Redémarrez votre ordinateur en mode normal, si le spyware est encore là, rescannez votre ordinateur avec SpyBot et Ad-Aware.
0
Réponse 3 / 21
max611 Messages postés 25 Date d'inscription samedi 15 septembre 2007 Statut Membre Dernière intervention 31 juillet 2008 3
15 sept. 2007 à 19:42
jai deja essayer et ceci ne ma pas aider
0
Réponse 4 / 21
max611 Messages postés 25 Date d'inscription samedi 15 septembre 2007 Statut Membre Dernière intervention 31 juillet 2008 3
15 sept. 2007 à 19:43
deja en partant sa dit de cocher le fichier 017 dans le hijack mais il nest pas la
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 21
talo
15 sept. 2007 à 19:45
http://siri.urz.free.fr/Fix/SmitfraudFix.php

j avais oublie le lien.
0
Réponse 6 / 21
max611 Messages postés 25 Date d'inscription samedi 15 septembre 2007 Statut Membre Dernière intervention 31 juillet 2008 3
15 sept. 2007 à 19:48
jai deja essayer ce ke tu a dit et sa pas marcher
0
Réponse 7 / 21
talo
15 sept. 2007 à 19:52
malheusement j 'ai pas d'autres solutions , désolé.
0
Réponse 8 / 21
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
15 sept. 2007 à 23:25
Salut

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4

Double-clique VundoFix.exe afin de le lancer.
Clique sur le bouton Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
Démarre ton PC à nouveau.
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

A+
0
Réponse 9 / 21
max611
16 sept. 2007 à 00:59
Le rapport vundo


C:\windows\system32\drvmukr.dll
C:\WINDOWS\system32\orutv.bak1
C:\WINDOWS\system32\orutv.bak2
C:\WINDOWS\system32\orutv.ini
C:\WINDOWS\system32\orutv.ini2
C:\WINDOWS\system32\orutv.tmp
C:\WINDOWS\system32\vturo.dll

Voici le log de hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:56:44, on 2007-09-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\.Max\Bureau\Antivirus\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {28019A84-D5CD-4EDB-9C74-4B9BCEFA0B19} - C:\WINDOWS\system32\vturo.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {64B94229-7967-860A-A0C2-034C02BA876B} - C:\Program Files\Ujpxccpo\tqrggsld.dll (file missing)
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {733E9132-53CA-4C97-9AC9-145C4502FA20} - C:\WINDOWS\system32\yayvwus.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {DEC06934-4AEC-40F9-B33A-E5980A9C4461} - C:\WINDOWS\system32\vturo.dll (file missing)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [lsrglipi] rundll32.exe "C:\Program Files\wzifsruh\wrodylyf.dll",Init
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [fetuxsrg] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\fetuxsrg.dll"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O9 - Extra button: (no name) - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: vturo - C:\WINDOWS\system32\vturo.dll (file missing)
O20 - Winlogon Notify: winpsa32 - C:\WINDOWS\SYSTEM32\winpsa32.dll
O20 - Winlogon Notify: yayvwus - C:\WINDOWS\SYSTEM32\yayvwus.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbycoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
0
Réponse 10 / 21
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
16 sept. 2007 à 11:15
Non c'est pas terminé.

Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
0
Réponse 11 / 21
max611
16 sept. 2007 à 13:53
Voici ce que sa donne

ComboFix 07-09-14.2 - ".Max" 2007-09-16 7:31:31.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.52 [GMT -4:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\crosof~1.net
C:\Program Files\crosof~1.net\??crosoft.NET\
C:\Program Files\klqjavyn
C:\Program Files\klqjavyn\qtirohel.dll
C:\Program Files\SecCenter
C:\Program Files\SecCenter\scprot4.exe.bak
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\evnfvnecul.dat
C:\WINDOWS\system32\evnfvnecul_nav.dat
C:\WINDOWS\system32\evnfvnecul_navps.dat
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\opnmmkj.dll
C:\WINDOWS\system32\winpsa32.dll
C:\WINDOWS\system32\xxyvsro.dll
C:\WINDOWS\system32\yayvwus.dll

.
((((((((((((((((((((((((( Files Created from 2007-08-16 to 2007-09-16 )))))))))))))))))))))))))))))))
.

2007-09-16 07:32 15,360 --a------ C:\WINDOWS\system32\drvsusr.dll
2007-09-16 07:32 104,448 --a------ C:\WINDOWS\system32\drvsus.dll
2007-09-16 07:28 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-15 19:53 15,360 --a------ C:\WINDOWS\system32\drvxasr.dll
2007-09-15 19:53 104,448 --a------ C:\WINDOWS\system32\drvxas.dll
2007-09-15 19:36 36,864 --a------ C:\WINDOWS\system32\EGameEncrypt.dll
2007-09-15 19:36 <REP> d-------- C:\Program Files\e-Games
2007-09-15 18:41 <REP> d-------- C:\VundoFix Backups
2007-09-15 13:51 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-15 13:51 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-09-15 13:21 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-09-15 13:08 <REP> d-------- C:\Program Files\True Sword 4
2007-09-15 12:41 <REP> d-------- C:\WINDOWS\system32\okqipwgf
2007-09-15 11:08 <REP> d-------- C:\Program Files\Lavasoft
2007-09-15 11:08 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-15 10:41 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-15 10:39 <REP> d-------- C:\Program Files\Yahoo!
2007-09-15 10:37 <REP> d-------- C:\Program Files\RogueRemover FREE
2007-09-15 10:22 <REP> d-------- C:\WINDOWS\system32\;;;
2007-09-15 10:15 1,184 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-14 22:42 <REP> d-------- C:\Program Files\Joost
2007-09-14 21:37 <REP> d-------- C:\Program Files\Crazy Browser
2007-09-14 21:29 <REP> d-------- C:\Program Files\Windows Media Connect 2
2007-09-14 18:22 <REP> d-------- C:\Program Files\Ujpxccpo
2007-09-13 19:05 <REP> d-------- C:\Program Files\DVD Shrink
2007-09-13 19:05 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2007-09-13 18:19 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-09-13 06:40 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-13 06:40 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-13 06:40 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-13 06:39 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-09-13 06:39 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-13 06:39 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-13 06:39 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-09-13 06:39 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-09-13 06:38 <REP> d-------- C:\Program Files\Alwil Software
2007-09-13 06:19 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-12 16:56 109,600 --a------ C:\WINDOWS\system32\sptll.dll
2007-09-12 07:58 6,414 ---hs---- C:\WINDOWS\system32\jlnmp.bak1
2007-09-12 06:45 <REP> d-------- C:\Program Files\wzifsruh
2007-09-11 21:54 <REP> d-------- C:\Program Files\AusLogics BoostSpeed
2007-09-11 18:04 <REP> d-------- C:\Program Files\JoWooD
2007-09-09 21:14 <REP> d-------- C:\Program Files\PopCap Games
2007-09-09 21:11 31 --a------ C:\WINDOWS\popcinfo.dat
2007-09-09 20:16 <REP> d-------- C:\Program Files\RealArcade
2007-09-09 16:25 <REP> d-------- C:\Program Files\MC2
2007-09-07 17:10 4 --a------ C:\WINDOWS\win32t4.dll
2007-09-03 16:20 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\vsosdk
2007-09-02 09:26 182,272 --a------ C:\WINDOWS\patchw32.dll
2007-09-02 09:25 <REP> d-------- C:\Program Files\ubi.com
2007-09-02 09:25 <REP> d-------- C:\Program Files\Fichiers communs\PocketSoft
2007-09-02 09:18 <REP> d-------- C:\Program Files\Red Storm Entertainment
2007-09-01 12:53 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-09-01 11:28 4,096 --a------ C:\WINDOWS\d3dx.dat
2007-08-30 17:29 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-08-30 17:22 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-08-30 16:48 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-08-30 16:47 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2007-08-30 16:47 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2007-08-30 16:47 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2007-08-30 16:47 <REP> d-------- C:\Program Files\VSO
2007-08-28 17:12 <REP> d-------- C:\Program Files\Viewpoint
2007-08-28 10:51 <REP> d-------- C:\Program Files\Opera
2007-08-28 09:58 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-08-28 09:55 <REP> d-------- C:\WINDOWS\Internet Logs
2007-08-27 18:41 <REP> d-------- C:\WINDOWS\system32\Resource
2007-08-27 18:40 <REP> d-------- C:\Program Files\Citrix
2007-08-27 18:25 <REP> d-------- C:\Program Files\OpenOffice.org 2.2
2007-08-27 17:32 <REP> d-------- C:\Program Files\Druide
2007-08-27 13:49 76,415 --a------ C:\WINDOWS\War3Unin.dat
2007-08-27 13:49 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-08-27 13:49 139,264 --a------ C:\WINDOWS\War3Unin.exe
2007-08-26 15:26 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\STOPzilla!
2007-08-26 13:54 <REP> d-------- C:\Program Files\CCleaner
2007-08-25 09:28 <REP> d-------- C:\audiograbber
2007-08-24 19:19 42,672 --------- C:\WINDOWS\system32\wbsys.dll
2007-08-23 16:00 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
2007-08-23 15:59 <REP> d-------- C:\Program Files\Fichiers communs\BOONTY Shared
2007-08-23 08:38 <REP> d-------- C:\Program Files\Maxis
2007-08-21 21:28 <REP> d-------- C:\Program Files\TechSmith
2007-08-21 21:28 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TechSmith
2007-08-21 21:27 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-08-20 01:08 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-08-18 15:30 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-15 19:36 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-14 19:34 --------- d-------- C:\Program Files\WinAVI Video Converter
2007-09-13 18:39 1024 --a------ C:\WINDOWS\system32\drivers\30389ECC-2679-4F7F-8031-DCB4F57DD916.cxv
2007-09-13 06:55 1024 --a------ C:\WINDOWS\system32\drivers\F056EA29-CB20-4452-8F0D-C0ED81A6AD03.cxv
2007-09-12 16:53 2048 --a------ C:\WINDOWS\system32\drivers\46DF44D0-7CC1-4486-ABAA-633ABA25A68F.cxv
2007-09-12 16:45 3072 --a------ C:\WINDOWS\system32\drivers\4AD6720B-941B-48A9-A940-B8FB93D74244.cxv
2007-09-12 06:42 --------- d-------- C:\Program Files\WinAce
2007-09-12 06:42 --------- d-------- C:\Program Files\DAEMON Tools
2007-09-10 17:11 --------- d-------- C:\Program Files\Azureus
2007-09-04 17:15 --------- d-------- C:\Program Files\Warcraft III
2007-09-03 11:21 --------- d-------- C:\Program Files\NovaLogic
2007-08-30 17:27 --------- d-------- C:\Program Files\Fichiers communs\Ahead
2007-08-26 15:34 4096 --a------ C:\WINDOWS\system32\drivers\DB6A9226-58BA-4E46-B18A-0EE3CE321E41.cxv
2007-08-23 09:09 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-08-15 21:45 --------- d-------- C:\Program Files\Lexmark P910 Series
2007-08-14 12:46 --------- d-------- C:\Program Files\Saitek
2007-08-14 12:19 --------- d-------- C:\Program Files\Microsoft Games
2007-08-13 15:09 --------- d-------- C:\Program Files\Fichiers communs\snpp106
2007-08-13 13:51 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-08-13 02:37 --------- d-------- C:\Program Files\Fichiers communs\AVSMedia
2007-08-13 02:37 --------- d-------- C:\Program Files\AVS4YOU
2007-08-11 10:31 10856 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-08-11 10:29 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
2007-08-10 21:50 --------- d-------- C:\Program Files\DivX
2007-08-10 21:48 --------- d-------- C:\Program Files\Fichiers communs\ArcSoft
2007-08-10 21:48 --------- d-------- C:\Program Files\ArcSoft
2007-08-10 09:32 --------- d-------- C:\Program Files\DScaler5
2007-08-10 09:32 --------- d-------- C:\Program Files\CD Audio Reader Filter
2007-08-10 09:31 --------- d-------- C:\Program Files\RealMedia
2007-08-10 09:31 --------- d-------- C:\Program Files\OpenSource Flash Video Splitter
2007-08-10 09:31 --------- d-------- C:\Program Files\DS-MP3 Source
2007-08-10 09:31 --------- d-------- C:\Program Files\DirectVobSub
2007-08-09 20:57 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-08-09 14:46 --------- d-------- C:\Program Files\Nero
2007-08-09 00:00 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-08-08 16:19 99904 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-08-08 10:12 --------- d-------- C:\Program Files\Fichiers communs\InstallShield
2007-08-08 09:53 66872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-08-08 09:53 22328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-08-07 23:42 --------- d-------- C:\Program Files\Google
2007-08-07 21:54 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Games
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-07 00:32 682232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-08-07 00:25 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-06 15:46 --------- d-------- C:\Program Files\WiFiConnector
2007-08-06 03:27 --------- d-------- C:\Program Files\MSXML 4.0
2007-08-06 01:43 --------- d-------- C:\Program Files\Teamspeak2_RC2
2007-08-05 23:23 --------- d-------- C:\Program Files\Apple Software Update
2007-08-05 23:23 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-08-05 20:46 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
2007-08-05 19:50 --------- d-------- C:\Program Files\MSN Messenger
2007-08-05 16:15 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-08-05 16:15 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-06-27 19:05 972072 --a------ C:\WINDOWS\UNNeroMediaHome.exe
2007-06-26 14:12 972072 --a------ C:\WINDOWS\UNNeroVision.exe
2007-06-26 02:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 09:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28019A84-D5CD-4EDB-9C74-4B9BCEFA0B19}]
C:\WINDOWS\system32\vturo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64B94229-7967-860A-A0C2-034C02BA876B}]
C:\Program Files\Ujpxccpo\tqrggsld.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DEC06934-4AEC-40F9-B33A-E5980A9C4461}]
C:\WINDOWS\system32\vturo.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 04:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 04:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 04:36]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-14 08:34]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 10:09]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nlsf"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
"nlhr"=RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"=1 (0x1)
"SynchronousUserGroupPolicy"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"=0 (0x0)
"NoResolveSearch"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturo]
C:\WINDOWS\system32\vturo.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\pmnlj

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancer l'utilitaire d'enregistrement.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancer l'utilitaire d'enregistrement.lnk
backup=C:\WINDOWS\pss\Lancer l'utilitaire d'enregistrement.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Profiler]
C:\Program Files\Saitek\Software\Profiler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RAMBooster.Net]
C:\Program Files\RAMBooster.Net\RAMBooster.exe -m

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiSmart]
C:\Program Files\Saitek\Software\SaiSmart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\program files\steam\steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NWEReboot"=
"KernelFaultCheck"=
"EoEngine"=
"EoRss"=
"NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

R3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys
S0 szkg;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
S3 SaiH0109;SaiH0109;C:\WINDOWS\system32\DRIVERS\SaiH0109.sys
S3 SaiU0109;SaiU0109;C:\WINDOWS\system32\DRIVERS\SaiU0109.sys
S3 XDva020;XDva020;\??\C:\WINDOWS\system32\XDva020.sys
S3 XDva025;XDva025;\??\C:\WINDOWS\system32\XDva025.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService WebClient LmHosts upnphost SSDPSRV

.
Contents of the 'Scheduled Tasks' folder
"2007-09-16 11:17:03 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-16 07:44:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-16 7:50:11 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-16 07:50
.
--- E O F ---
0
Réponse 12 / 21
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
16 sept. 2007 à 17:36
ok tu es encore bien infecté.

Fais un clic droit sur ce lien :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
0
Réponse 13 / 21
max611
16 sept. 2007 à 19:13
Voila!

Search Navipromo version 3.0.4 commencé le 2007-09-16 à 12:58:37,43

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 16.09.2007 a 13h00 by IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180


*** Recherche Programmes installes ***




*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\.Max\Application Data ***


*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
https://www.f-secure.com/en


F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================

Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of October, 2007.
Version information: 2.2.1064.

[+] Started on 09/16/07 at 12:58:43.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items ...........................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 09/16/07 at 13:03:42 (return code = 0).


*** Recherche avec GenericNaviSearch ***
!!! Tous Ces résultats peuvent révéler des fichiers légitimes !!!
!!! A verifier impérativement avant toute suppression manuelle !!!

* Scan C:\WINDOWS\system32 *

Fichiers trouvés :

Aucun Fichier trouvé !

Fichiers suspects :

Aucun Fichier suspect trouvé !



*** Recherche fichiers ***




*** Recherche cles registre ***



*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:
C:\WINDOWS\system32\jlnmp.bak1 trouvé ! infection Vundo possible non traité par cet outil !

2)Recherche Heuristique :






3)Recherche Certificats :

Certificat Egroup absent !


*** Analyse Terminé le 2007-09-16 à 13:05:30,43 ***
0
Réponse 14 / 21
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
16 sept. 2007 à 19:36
ok

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4

Double-clique VundoFix.exe afin de le lancer.
Clique sur le bouton Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
Démarre ton PC à nouveau.
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
0
Réponse 15 / 21
max611
16 sept. 2007 à 20:45
Voici le log de Vundo

VundoFix V6.5.8

Checking Java version...

Scan started at 14:26:52 2007-09-16

Listing files found while scanning....

C:\windows\system32\drvsusr.dll
C:\windows\system32\drvxasr.dll
C:\WINDOWS\system32\vturo.dll

Beginning removal...

Attempting to delete C:\windows\system32\drvsusr.dll
C:\windows\system32\drvsusr.dll Has been deleted!

Attempting to delete C:\windows\system32\drvxasr.dll
C:\windows\system32\drvxasr.dll Has been deleted!

Performing Repairs to the registry.
Done!





Voila lui de hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:43:33, on 2007-09-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\.Max\Bureau\Antivirus\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {28019A84-D5CD-4EDB-9C74-4B9BCEFA0B19} - C:\WINDOWS\system32\vturo.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {64B94229-7967-860A-A0C2-034C02BA876B} - C:\Program Files\Ujpxccpo\tqrggsld.dll (file missing)
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {DEC06934-4AEC-40F9-B33A-E5980A9C4461} - C:\WINDOWS\system32\vturo.dll (file missing)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O9 - Extra button: (no name) - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.family.my/c/online-e-games
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: vturo - C:\WINDOWS\system32\vturo.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbycoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
0
Réponse 16 / 21
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
16 sept. 2007 à 23:11
Impec.

Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
0
Réponse 17 / 21
afideg Messages postés 10517 Date d'inscription lundi 10 octobre 2005 Statut Contributeur sécurité Dernière intervention 12 avril 2022 602
16 sept. 2007 à 23:23
Bravo Régis59,

C:\WINDOWS\system32\jlnmp.bak1 = VirtumundoBegone ?
Simple question pour pouvoir suivre cette résolution intéressante.
Merci.
à+..
Al
0
Réponse 18 / 21
max611
16 sept. 2007 à 23:25
Voila



ComboFix 07-09-14.2 - ".Max" 2007-09-16 17:14:02.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.48 [GMT -4:00]
.

((((((((((((((((((((((((((((( Fichiers créés 2007-08-16 to 2007-09-16 ))))))))))))))))))))))))))))))))))))
.

2007-09-16 14:53 <REP> d-------- C:\WINDOWS\ShellNew
2007-09-16 12:54 <REP> d-------- C:\Program Files\Navilog1
2007-09-16 11:45 249,856 --------- C:\WINDOWS\Setup1.exe
2007-09-16 11:45 <REP> d-------- C:\Program Files\statistik
2007-09-16 11:44 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-09-16 10:55 <REP> d-------- C:\Program Files\Pcsx2
2007-09-16 07:32 104,448 --a------ C:\WINDOWS\system32\drvsus.dll
2007-09-16 07:28 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-15 19:53 104,448 --a------ C:\WINDOWS\system32\drvxas.dll
2007-09-15 19:36 36,864 --a------ C:\WINDOWS\system32\EGameEncrypt.dll
2007-09-15 18:41 <REP> d-------- C:\VundoFix Backups
2007-09-15 13:51 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-15 13:51 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-09-15 13:21 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-09-15 12:41 <REP> d-------- C:\WINDOWS\system32\okqipwgf
2007-09-15 11:08 <REP> d-------- C:\Program Files\Lavasoft
2007-09-15 11:08 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-15 10:41 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-15 10:39 <REP> d-------- C:\Program Files\Yahoo!
2007-09-15 10:37 <REP> d-------- C:\Program Files\RogueRemover FREE
2007-09-15 10:22 <REP> d-------- C:\WINDOWS\system32\;;;
2007-09-15 10:15 1,184 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-14 22:42 <REP> d-------- C:\Program Files\Joost
2007-09-14 21:37 <REP> d-------- C:\Program Files\Crazy Browser
2007-09-14 21:29 <REP> d-------- C:\Program Files\Windows Media Connect 2
2007-09-13 19:05 <REP> d-------- C:\Program Files\DVD Shrink
2007-09-13 19:05 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2007-09-13 18:19 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-09-13 06:40 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-13 06:40 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-13 06:40 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-13 06:39 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-09-13 06:39 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-13 06:39 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-13 06:39 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-09-13 06:39 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-09-13 06:38 <REP> d-------- C:\Program Files\Alwil Software
2007-09-13 06:19 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-12 16:56 109,600 --a------ C:\WINDOWS\system32\sptll.dll
2007-09-12 07:58 6,414 --------- C:\WINDOWS\system32\jlnmp.bak1
2007-09-11 18:04 <REP> d-------- C:\Program Files\JoWooD
2007-09-09 21:14 <REP> d-------- C:\Program Files\PopCap Games
2007-09-09 21:11 31 --a------ C:\WINDOWS\popcinfo.dat
2007-09-09 20:16 <REP> d-------- C:\Program Files\RealArcade
2007-09-09 16:25 <REP> d-------- C:\Program Files\MC2
2007-09-07 17:10 4 --a------ C:\WINDOWS\win32t4.dll
2007-09-03 16:20 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\vsosdk
2007-09-02 09:26 182,272 --a------ C:\WINDOWS\patchw32.dll
2007-09-02 09:25 <REP> d-------- C:\Program Files\ubi.com
2007-09-02 09:25 <REP> d-------- C:\Program Files\Fichiers communs\PocketSoft
2007-09-01 12:53 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-09-01 11:28 4,096 --a------ C:\WINDOWS\d3dx.dat
2007-08-30 17:29 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-08-30 17:22 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-08-30 16:48 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-08-30 16:47 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2007-08-30 16:47 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2007-08-30 16:47 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2007-08-30 16:47 <REP> d-------- C:\Program Files\VSO
2007-08-28 17:12 <REP> d-------- C:\Program Files\Viewpoint
2007-08-28 10:51 <REP> d-------- C:\Program Files\Opera
2007-08-28 09:58 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-08-28 09:55 <REP> d-------- C:\WINDOWS\Internet Logs
2007-08-27 18:41 <REP> d-------- C:\WINDOWS\system32\Resource
2007-08-27 18:40 <REP> d-------- C:\Program Files\Citrix
2007-08-27 18:25 <REP> d-------- C:\Program Files\OpenOffice.org 2.2
2007-08-27 17:32 <REP> d-------- C:\Program Files\Druide
2007-08-27 13:49 76,415 --a------ C:\WINDOWS\War3Unin.dat
2007-08-27 13:49 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-08-27 13:49 139,264 --a------ C:\WINDOWS\War3Unin.exe
2007-08-26 15:26 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\STOPzilla!
2007-08-26 13:54 <REP> d-------- C:\Program Files\CCleaner
2007-08-25 09:28 <REP> d-------- C:\audiograbber
2007-08-24 19:19 42,672 --------- C:\WINDOWS\system32\wbsys.dll
2007-08-23 16:00 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
2007-08-23 15:59 <REP> d-------- C:\Program Files\Fichiers communs\BOONTY Shared
2007-08-23 08:38 <REP> d-------- C:\Program Files\Maxis
2007-08-21 21:28 <REP> d-------- C:\Program Files\TechSmith
2007-08-21 21:28 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TechSmith
2007-08-21 21:27 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-08-20 01:08 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-08-18 15:30 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-15 19:36 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-14 19:34 --------- d-------- C:\Program Files\WinAVI Video Converter
2007-09-13 18:39 1024 --a------ C:\WINDOWS\system32\drivers\30389ECC-2679-4F7F-8031-DCB4F57DD916.cxv
2007-09-13 06:55 1024 --a------ C:\WINDOWS\system32\drivers\F056EA29-CB20-4452-8F0D-C0ED81A6AD03.cxv
2007-09-12 16:53 2048 --a------ C:\WINDOWS\system32\drivers\46DF44D0-7CC1-4486-ABAA-633ABA25A68F.cxv
2007-09-12 16:45 3072 --a------ C:\WINDOWS\system32\drivers\4AD6720B-941B-48A9-A940-B8FB93D74244.cxv
2007-09-12 06:42 --------- d-------- C:\Program Files\WinAce
2007-09-12 06:42 --------- d-------- C:\Program Files\DAEMON Tools
2007-09-10 17:11 --------- d-------- C:\Program Files\Azureus
2007-09-04 17:15 --------- d-------- C:\Program Files\Warcraft III
2007-09-03 11:21 --------- d-------- C:\Program Files\NovaLogic
2007-08-30 17:27 --------- d-------- C:\Program Files\Fichiers communs\Ahead
2007-08-26 15:34 4096 --a------ C:\WINDOWS\system32\drivers\DB6A9226-58BA-4E46-B18A-0EE3CE321E41.cxv
2007-08-23 09:09 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-08-15 21:45 --------- d-------- C:\Program Files\Lexmark P910 Series
2007-08-14 12:46 --------- d-------- C:\Program Files\Saitek
2007-08-14 12:19 --------- d-------- C:\Program Files\Microsoft Games
2007-08-13 15:09 --------- d-------- C:\Program Files\Fichiers communs\snpp106
2007-08-13 13:51 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-08-13 02:37 --------- d-------- C:\Program Files\Fichiers communs\AVSMedia
2007-08-13 02:37 --------- d-------- C:\Program Files\AVS4YOU
2007-08-11 10:31 10856 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-08-11 10:29 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
2007-08-10 21:50 --------- d-------- C:\Program Files\DivX
2007-08-10 21:48 --------- d-------- C:\Program Files\Fichiers communs\ArcSoft
2007-08-10 21:48 --------- d-------- C:\Program Files\ArcSoft
2007-08-10 09:32 --------- d-------- C:\Program Files\DScaler5
2007-08-10 09:32 --------- d-------- C:\Program Files\CD Audio Reader Filter
2007-08-10 09:31 --------- d-------- C:\Program Files\RealMedia
2007-08-10 09:31 --------- d-------- C:\Program Files\OpenSource Flash Video Splitter
2007-08-10 09:31 --------- d-------- C:\Program Files\DS-MP3 Source
2007-08-10 09:31 --------- d-------- C:\Program Files\DirectVobSub
2007-08-09 20:57 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-08-09 14:46 --------- d-------- C:\Program Files\Nero
2007-08-09 00:00 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-08-08 16:19 99904 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-08-08 10:12 --------- d-------- C:\Program Files\Fichiers communs\InstallShield
2007-08-08 09:53 66872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-08-08 09:53 22328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-08-07 23:42 --------- d-------- C:\Program Files\Google
2007-08-07 21:54 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Games
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-07 00:32 682232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-08-07 00:25 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-06 15:46 --------- d-------- C:\Program Files\WiFiConnector
2007-08-06 03:27 --------- d-------- C:\Program Files\MSXML 4.0
2007-08-06 01:43 --------- d-------- C:\Program Files\Teamspeak2_RC2
2007-08-05 23:23 --------- d-------- C:\Program Files\Apple Software Update
2007-08-05 23:23 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-08-05 20:46 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
2007-08-05 19:50 --------- d-------- C:\Program Files\MSN Messenger
2007-08-05 16:15 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-08-05 16:15 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-06-27 19:05 972072 --a------ C:\WINDOWS\UNNeroMediaHome.exe
2007-06-26 14:12 972072 --a------ C:\WINDOWS\UNNeroVision.exe
2007-06-26 02:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 09:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll
.

((((((((((((((((((((((((((((( snapshot_2007-09-16_ 74623.23 )))))))))))))))))))))))))))))))))))))))))
.
----a-r 167,936 2007-09-16 18:56:53 C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\accicons.exe
----a-r 81,920 2007-09-16 18:56:53 C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\fpicon.exe
----a-r 34,304 2007-09-16 18:56:53 C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\misc.exe
----a-r 8,192 2007-09-16 18:56:53 C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\mspicons.exe
----a-r 3,584 2007-09-16 18:56:53 C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\opwicon.exe
----a-r 114,688 2007-09-16 18:56:53 C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\outicon.exe
----a-r 16,384 2007-09-16 18:56:53 C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\PEicons.exe
----a-r 30,720 2007-09-16 18:56:53 C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\pptico.exe
----a-r 22,528 2007-09-16 18:56:53 C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\unbndico.exe
----a-r 45,056 2007-09-16 18:56:52 C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\wordicon.exe
----a-r 90,112 2007-09-16 18:56:52 C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\xlicons.exe
----a-w 32,768 2001-01-22 07:25:24 C:\WINDOWS\system32\ATHPRXY.DLL
----a-w 1,129,232 1999-10-18 07:01:42 C:\WINDOWS\system32\FM20.DLL
----a-w 29,456 2001-02-21 15:02:06 C:\WINDOWS\system32\FM20FRA.DLL
----a-w 523,840 1999-04-06 16:43:40 C:\WINDOWS\system32\MAPI.DLL
----a-w 38,672 1999-04-06 16:45:30 C:\WINDOWS\system32\MAPISRVR.EXE
----a-w 57,344 1999-03-15 15:52:52 C:\WINDOWS\system32\MFC42FRA.DLL
----a-w 7,680 1999-04-06 20:06:14 C:\WINDOWS\system32\MSPRPFR.DLL
----a-w 397,312 2000-05-11 17:06:20 C:\WINDOWS\system32\MSRDO20.DLL
----a-w 118,784 2000-04-04 00:05:58 C:\WINDOWS\system32\msstdfmt.dll
----a-w 94,208 2000-04-03 21:52:52 C:\WINDOWS\system32\msstkprp.dll
----a-w 212,480 1998-12-09 06:53:58 C:\WINDOWS\system32\PCDLIB32.DLL
----a-w 151,552 2000-04-03 21:52:54 C:\WINDOWS\system32\RDOCURS.DLL
----a-w 15,872 1998-03-25 08:54:08 C:\WINDOWS\system32\SCP32.DLL
----a-w 101,888 1999-03-26 10:00:00 C:\WINDOWS\system32\VB6STKIT.DLL
----a-w 40,960 1999-11-25 05:40:50 C:\WINDOWS\system32\VBAME.DLL
----a-r 190,696 2007-06-11 17:04:38 C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe
----atw 16,384 2007-09-16 18:34:31 C:\WINDOWS\Temp\Perflib_Perfdata_638.dat
.
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28019A84-D5CD-4EDB-9C74-4B9BCEFA0B19}]
C:\WINDOWS\system32\vturo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64B94229-7967-860A-A0C2-034C02BA876B}]
C:\Program Files\Ujpxccpo\tqrggsld.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DEC06934-4AEC-40F9-B33A-E5980A9C4461}]
C:\WINDOWS\system32\vturo.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 04:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 04:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 04:36]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-14 08:34]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 10:09]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nlsf"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
"nlhr"=RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"=1 (0x1)
"SynchronousUserGroupPolicy"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"=0 (0x0)
"NoResolveSearch"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturo]
C:\WINDOWS\system32\vturo.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\pmnlj

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancer l'utilitaire d'enregistrement.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancer l'utilitaire d'enregistrement.lnk
backup=C:\WINDOWS\pss\Lancer l'utilitaire d'enregistrement.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Profiler]
C:\Program Files\Saitek\Software\Profiler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RAMBooster.Net]
C:\Program Files\RAMBooster.Net\RAMBooster.exe -m

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiSmart]
C:\Program Files\Saitek\Software\SaiSmart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\program files\steam\steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NWEReboot"=
"KernelFaultCheck"=
"EoEngine"=
"EoRss"=
"NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

R3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys
S0 szkg;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
S3 SaiH0109;SaiH0109;C:\WINDOWS\system32\DRIVERS\SaiH0109.sys
S3 SaiU0109;SaiU0109;C:\WINDOWS\system32\DRIVERS\SaiU0109.sys
S3 XDva020;XDva020;\??\C:\WINDOWS\system32\XDva020.sys
S3 XDva025;XDva025;\??\C:\WINDOWS\system32\XDva025.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService WebClient LmHosts upnphost SSDPSRV

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-09-16 21:17:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-16 17:20:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-09-16 17:23:04
C:\ComboFix-quarantined-files.txt ... 2007-09-16 17:22
C:\ComboFix2.txt ... 2007-09-16 07:50
.
--- E O F ---
0
Réponse 19 / 21
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
17 sept. 2007 à 11:10
Y'a une chose inconnue:
C:\WINDOWS\system32\;;;

Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu.
0
Réponse 20 / 21
max611
17 sept. 2007 à 12:13
Voila lui de virtumundo



[09/17/2007, 6:00:49] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\.Max\Bureau\VirtumundoBeGone.exe" )
[09/17/2007, 6:00:58] - Detected System Information:
[09/17/2007, 6:00:58] - Windows Version: 5.1.2600, Service Pack 2
[09/17/2007, 6:00:58] - Current Username: .Max (Admin)
[09/17/2007, 6:00:58] - Windows is in NORMAL mode.
[09/17/2007, 6:00:58] - Searching for Browser Helper Objects:
[09/17/2007, 6:00:58] - BHO 1: {00C6482D-C502-44C8-8409-FCE54AD9C208} ()
[09/17/2007, 6:00:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/17/2007, 6:00:58] - No filename found. Continuing.
[09/17/2007, 6:00:58] - BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[09/17/2007, 6:00:58] - BHO 3: {28019A84-D5CD-4EDB-9C74-4B9BCEFA0B19} ()
[09/17/2007, 6:00:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/17/2007, 6:00:58] - Checking for HKLM\...\Winlogon\Notify\vturo
[09/17/2007, 6:00:58] - Found: HKLM\...\Winlogon\Notify\vturo - This is probably Virtumundo.
[09/17/2007, 6:00:58] - Assigning {28019A84-D5CD-4EDB-9C74-4B9BCEFA0B19} MSEvents Object
[09/17/2007, 6:00:58] - BHO list has been changed! Starting over...
[09/17/2007, 6:00:58] - BHO 1: {00C6482D-C502-44C8-8409-FCE54AD9C208} ()
[09/17/2007, 6:00:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/17/2007, 6:00:58] - No filename found. Continuing.
[09/17/2007, 6:00:58] - BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[09/17/2007, 6:00:58] - BHO 3: {28019A84-D5CD-4EDB-9C74-4B9BCEFA0B19} (MSEvents Object)
[09/17/2007, 6:00:58] - ALERT: Found MSEvents Object!
[09/17/2007, 6:00:58] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[09/17/2007, 6:00:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/17/2007, 6:00:59] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[09/17/2007, 6:00:59] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[09/17/2007, 6:00:59] - BHO 5: {64B94229-7967-860A-A0C2-034C02BA876B} ()
[09/17/2007, 6:00:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/17/2007, 6:00:59] - Checking for HKLM\...\Winlogon\Notify\tqrggsld
[09/17/2007, 6:00:59] - Key not found: HKLM\...\Winlogon\Notify\tqrggsld, continuing.
[09/17/2007, 6:00:59] - BHO 6: {64F56FC1-1272-44CD-BA6E-39723696E350} ()
[09/17/2007, 6:00:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/17/2007, 6:00:59] - No filename found. Continuing.
[09/17/2007, 6:00:59] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/17/2007, 6:00:59] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[09/17/2007, 6:00:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/17/2007, 6:00:59] - No filename found. Continuing.
[09/17/2007, 6:00:59] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[09/17/2007, 6:00:59] - BHO 10: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} ()
[09/17/2007, 6:00:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/17/2007, 6:00:59] - No filename found. Continuing.
[09/17/2007, 6:00:59] - BHO 11: {DEC06934-4AEC-40F9-B33A-E5980A9C4461} ()
[09/17/2007, 6:00:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/17/2007, 6:00:59] - Checking for HKLM\...\Winlogon\Notify\vturo
[09/17/2007, 6:00:59] - Found: HKLM\...\Winlogon\Notify\vturo - This is probably Virtumundo.
[09/17/2007, 6:00:59] - Assigning {DEC06934-4AEC-40F9-B33A-E5980A9C4461} MSEvents Object
[09/17/2007, 6:00:59] - BHO list has been changed! Starting over...
[09/17/2007, 6:00:59] - BHO 1: {00C6482D-C502-44C8-8409-FCE54AD9C208} ()
[09/17/2007, 6:00:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/17/2007, 6:00:59] - No filename found. Continuing.
[09/17/2007, 6:00:59] - BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[09/17/2007, 6:00:59] - BHO 3: {28019A84-D5CD-4EDB-9C74-4B9BCEFA0B19} (MSEvents Object)
[09/17/2007, 6:00:59] - ALERT: Found MSEvents Object!
[09/17/2007, 6:00:59] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[09/17/2007, 6:00:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/17/2007, 6:00:59] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[09/17/2007, 6:00:59] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[09/17/2007, 6:00:59] - BHO 5: {64B94229-7967-860A-A0C2-034C02BA876B} ()
[09/17/2007, 6:00:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/17/2007, 6:00:59] - Checking for HKLM\...\Winlogon\Notify\tqrggsld
[09/17/2007, 6:00:59] - Key not found: HKLM\...\Winlogon\Notify\tqrggsld, continuing.
[09/17/2007, 6:00:59] - BHO 6: {64F56FC1-1272-44CD-BA6E-39723696E350} ()
[09/17/2007, 6:00:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/17/2007, 6:00:59] - No filename found. Continuing.
[09/17/2007, 6:00:59] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/17/2007, 6:00:59] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[09/17/2007, 6:00:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/17/2007, 6:00:59] - No filename found. Continuing.
[09/17/2007, 6:00:59] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[09/17/2007, 6:00:59] - BHO 10: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} ()
[09/17/2007, 6:00:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/17/2007, 6:00:59] - No filename found. Continuing.
[09/17/2007, 6:00:59] - BHO 11: {DEC06934-4AEC-40F9-B33A-E5980A9C4461} (MSEvents Object)
[09/17/2007, 6:01:00] - ALERT: Found MSEvents Object!
[09/17/2007, 6:01:00] - Finished Searching Browser Helper Objects
[09/17/2007, 6:01:00] - *** Detected MSEvents Object
[09/17/2007, 6:01:00] - Trying to remove MSEvents Object...
[09/17/2007, 6:01:01] - Terminating Process: IEXPLORE.EXE
[09/17/2007, 6:01:02] - Terminating Process: RUNDLL32.EXE
[09/17/2007, 6:01:03] - Disabling Automatic Shell Restart
[09/17/2007, 6:01:03] - Terminating Process: EXPLORER.EXE
[09/17/2007, 6:01:03] - Suspending the NT Session Manager System Service
[09/17/2007, 6:01:03] - Terminating Windows NT Logon/Logoff Manager
[09/17/2007, 6:01:04] - Re-enabling Automatic Shell Restart
[09/17/2007, 6:01:04] - File to disable: C:\WINDOWS\system32\vturo.dll
[09/17/2007, 6:01:04] - Removing HKLM\...\Browser Helper Objects\{28019A84-D5CD-4EDB-9C74-4B9BCEFA0B19}
[09/17/2007, 6:01:05] - Removing HKCR\CLSID\{28019A84-D5CD-4EDB-9C74-4B9BCEFA0B19}
[09/17/2007, 6:01:05] - Adding Kill Bit for ActiveX for GUID: {28019A84-D5CD-4EDB-9C74-4B9BCEFA0B19}
[09/17/2007, 6:01:06] - Deleting ATLEvents/MSEvents Registry entries
[09/17/2007, 6:01:06] - Removing HKLM\...\Winlogon\Notify\vturo
[09/17/2007, 6:01:06] - Searching for Browser Helper Objects:
[09/17/2007, 6:01:06] - BHO 1: {00C6482D-C502-44C8-8409-FCE54AD9C208} ()
[09/17/2007, 6:01:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/17/2007, 6:01:06] - No filename found. Continuing.
[09/17/2007, 6:01:06] - BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[09/17/2007, 6:01:06] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[09/17/2007, 6:01:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/17/2007, 6:01:06] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[09/17/2007, 6:01:06] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[09/17/2007, 6:01:06] - BHO 4: {64B94229-7967-860A-A0C2-034C02BA876B} ()
[09/17/2007, 6:01:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/17/2007, 6:01:06] - Checking for HKLM\...\Winlogon\Notify\tqrggsld
[09/17/2007, 6:01:06] - Key not found: HKLM\...\Winlogon\Notify\tqrggsld, continuing.
[09/17/2007, 6:01:06] - BHO 5: {64F56FC1-1272-44CD-BA6E-39723696E350} ()
[09/17/2007, 6:01:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/17/2007, 6:01:06] - No filename found. Continuing.
[09/17/2007, 6:01:06] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/17/2007, 6:01:06] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[09/17/2007, 6:01:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/17/2007, 6:01:07] - No filename found. Continuing.
[09/17/2007, 6:01:07] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[09/17/2007, 6:01:07] - BHO 9: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} ()
[09/17/2007, 6:01:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/17/2007, 6:01:07] - No filename found. Continuing.
[09/17/2007, 6:01:07] - BHO 10: {DEC06934-4AEC-40F9-B33A-E5980A9C4461} (MSEvents Object)
[09/17/2007, 6:01:07] - ALERT: Found MSEvents Object!
[09/17/2007, 6:01:07] - Finished Searching Browser Helper Objects
[09/17/2007, 6:01:07] - *** Detected MSEvents Object
[09/17/2007, 6:01:07] - Trying to remove MSEvents Object...
[09/17/2007, 6:01:08] - Terminating Process: IEXPLORE.EXE
[09/17/2007, 6:01:08] - Terminating Process: RUNDLL32.EXE
[09/17/2007, 6:01:08] - Disabling Automatic Shell Restart
[09/17/2007, 6:01:08] - Terminating Process: EXPLORER.EXE
[09/17/2007, 6:01:08] - Suspending the NT Session Manager System Service
[09/17/2007, 6:01:08] - Terminating Windows NT Logon/Logoff Manager
[09/17/2007, 6:01:08] - Re-enabling Automatic Shell Restart
[09/17/2007, 6:01:08] - File to disable: C:\WINDOWS\system32\vturo.dll
[09/17/2007, 6:01:08] - Removing HKLM\...\Browser Helper Objects\{DEC06934-4AEC-40F9-B33A-E5980A9C4461}
[09/17/2007, 6:01:08] - Removing HKCR\CLSID\{DEC06934-4AEC-40F9-B33A-E5980A9C4461}
[09/17/2007, 6:01:08] - Adding Kill Bit for ActiveX for GUID: {DEC06934-4AEC-40F9-B33A-E5980A9C4461}
[09/17/2007, 6:01:09] - Deleting ATLEvents/MSEvents Registry entries
[09/17/2007, 6:01:09] - Removing HKLM\...\Winlogon\Notify\vturo
[09/17/2007, 6:01:09] - Searching for Browser Helper Objects:
[09/17/2007, 6:01:09] - BHO 1: {00C6482D-C502-44C8-8409-FCE54AD9C208} ()
[09/17/2007, 6:01:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/17/2007, 6:01:09] - No filename found. Continuing.
[09/17/2007, 6:01:09] - BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[09/17/2007, 6:01:09] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[09/17/2007, 6:01:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/17/2007, 6:01:09] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[09/17/2007, 6:01:09] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[09/17/2007, 6:01:09] - BHO 4: {64B94229-7967-860A-A0C2-034C02BA876B} ()
[09/17/2007, 6:01:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/17/2007, 6:01:09] - Checking for HKLM\...\Winlogon\Notify\tqrggsld
[09/17/2007, 6:01:09] - Key not found: HKLM\...\Winlogon\Notify\tqrggsld, continuing.
[09/17/2007, 6:01:09] - BHO 5: {64F56FC1-1272-44CD-BA6E-39723696E350} ()
[09/17/2007, 6:01:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/17/2007, 6:01:09] - No filename found. Continuing.
[09/17/2007, 6:01:09] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/17/2007, 6:01:09] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[09/17/2007, 6:01:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/17/2007, 6:01:09] - No filename found. Continuing.
[09/17/2007, 6:01:09] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[09/17/2007, 6:01:09] - BHO 9: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} ()
[09/17/2007, 6:01:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/17/2007, 6:01:09] - No filename found. Continuing.
[09/17/2007, 6:01:09] - Finished Searching Browser Helper Objects
[09/17/2007, 6:01:09] - Finishing up...
[09/17/2007, 6:01:09] - A restart is needed.
[09/17/2007, 6:01:09] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[09/17/2007, 6:01:22] - Attempting to Restart via STOP error (Blue Screen!)



Et lui de hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:12:23, on 2007-09-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\.Max\Bureau\Antivirus\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {64B94229-7967-860A-A0C2-034C02BA876B} - C:\Program Files\Ujpxccpo\tqrggsld.dll (file missing)
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.family.my/c/online-e-games
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbycoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
0