Infecté par WIN 32/Agent.BCK cheval de troie - Page 2

Résolu
Précédent
  • 1
  • 2
  1. aleksandar Messages postés 55 Date d'inscription   Statut Membre
     
    LoadLibrary failed for C:\WINDOWS\system32\ssttt.dll
    C:\WINDOWS\system32\ssttt.dll NOT unregistered.
    File move failed. C:\WINDOWS\system32\ssttt.dll scheduled to be moved on reboot.
    File/Folder C:\WINDOWS\system32\pwljvncv.dll not found.

    Created on 10/08/2007 19:14:50
    0
  2. aleksandar Messages postés 55 Date d'inscription   Statut Membre
     
    Logfile of HijackThis v1.99.1
    Scan saved at 19:23:07, on 08/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\LVComS.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=6061228
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=6061228
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ECarteBleueBrowserHelper Class - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: (no name) - {6465F3F2-6709-44C1-AD4F-E64E86F95E67} - C:\WINDOWS\system32\ssttt.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\xxavppew.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\nhsmhapu.dll",sitypnow
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {5308E02B-4ABA-48E4-AA9E-8A7693661473} (GameCtl Class) - http://jeuxenligne.orange.fr/GisActiveX/Ax/GameAx.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.servicesalacarte.orange.fr/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {C9E17F58-564C-41C6-989F-AB0FE0D2C9D1} (PopcapLoader Object) - http://jeuxenligne.orange.fr/orange2.0/OnlineHSS/insaniquarium/Popcap.cab
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    0
  3. nardino Messages postés 1634 Date d'inscription   Statut Membre Dernière intervention   119
     
    Bonsoir,

    Télécharge Combofix de sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    - Ferme toutes les applications.
    - Double-clique sur combofix.exe (ne clique pas sur la fenêtre qui s'ouvre)
    - Appuie sur Y pour lancer le scan
    - A la fin du scan (cela peut prendre du temps), un rapport sera créé.
    - Poste ce rapport dans ton prochain message.
    0
  4. aleksandar Messages postés 55 Date d'inscription   Statut Membre
     
    ComboFix 07-10-07.2 - ivana 2007-10-08 20:15:15.1 - NTFSx86 MINIMAL
    Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.828 [GMT 2:00]
    Running from: C:\Documents and Settings\ivana\Bureau\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\check_LSA7.txt
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\system32\ahkehggg.dll
    C:\WINDOWS\system32\axahoupq.ini
    C:\WINDOWS\system32\bguwgxou.dll
    C:\WINDOWS\system32\caqtnwcn.dll
    C:\WINDOWS\system32\cnitlomn.dll
    C:\WINDOWS\system32\deaclvnq.ini
    C:\WINDOWS\system32\dyumnrae.dll
    C:\WINDOWS\system32\earnmuyd.ini
    C:\WINDOWS\system32\efuctyjt.ini
    C:\WINDOWS\system32\eoywjqot.dll
    C:\WINDOWS\system32\etcyrlgx.dll
    C:\WINDOWS\system32\ggghekha.ini
    C:\WINDOWS\system32\gnyqsvvt.dll
    C:\WINDOWS\system32\grwhkwjn.dll
    C:\WINDOWS\system32\ibdjthlr.ini
    C:\WINDOWS\system32\idbnxeii.dll
    C:\WINDOWS\system32\idivsfor.dll
    C:\WINDOWS\system32\iiexnbdi.ini
    C:\WINDOWS\system32\iqhjcwpw.dll
    C:\WINDOWS\system32\jdcvraon.ini
    C:\WINDOWS\system32\jdrydksm.dll
    C:\WINDOWS\system32\kbjdhwxy.dll
    C:\WINDOWS\system32\kviseqtp.ini
    C:\WINDOWS\system32\lkfyteop.dll
    C:\WINDOWS\system32\mmkdyepr.ini
    C:\WINDOWS\system32\mskdyrdj.ini
    C:\WINDOWS\system32\ndbteiey.dll
    C:\WINDOWS\system32\neceybes.ini
    C:\WINDOWS\system32\nhsmhapu.dll
    C:\WINDOWS\system32\njwkhwrg.ini
    C:\WINDOWS\system32\nmoltinc.ini
    C:\WINDOWS\system32\noarvcdj.dll
    C:\WINDOWS\system32\nqqueoun.ini
    C:\WINDOWS\system32\nuoeuqqn.dll
    C:\WINDOWS\system32\poetyfkl.ini
    C:\WINDOWS\system32\pqxojtmr.dll
    C:\WINDOWS\system32\ptqesivk.dll
    C:\WINDOWS\system32\qgarcqov.dll
    C:\WINDOWS\system32\qmswqtvt.dll
    C:\WINDOWS\system32\qnvlcaed.dll
    C:\WINDOWS\system32\qpuohaxa.dll
    C:\WINDOWS\system32\rlhtjdbi.dll
    C:\WINDOWS\system32\rmtjoxqp.ini
    C:\WINDOWS\system32\rofsvidi.ini
    C:\WINDOWS\system32\rpeydkmm.dll
    C:\WINDOWS\system32\sebyecen.dll
    C:\WINDOWS\system32\sfbvfptw.dll
    C:\WINDOWS\system32\smsmgmcw.ini
    C:\WINDOWS\system32\ssttt.dll
    C:\WINDOWS\system32\tjytcufe.dll
    C:\WINDOWS\system32\tnbvtwew.dll
    C:\WINDOWS\system32\toqjwyoe.ini
    C:\WINDOWS\system32\trtudjbr.dll
    C:\WINDOWS\system32\tttss.bak1
    C:\WINDOWS\system32\tttss.bak1
    C:\WINDOWS\system32\tttss.bak1
    C:\WINDOWS\system32\tttss.bak2
    C:\WINDOWS\system32\tttss.bak2
    C:\WINDOWS\system32\tttss.bak2
    C:\WINDOWS\system32\tttss.ini
    C:\WINDOWS\system32\tttss.ini
    C:\WINDOWS\system32\tttss.ini
    C:\WINDOWS\system32\tttss.ini2
    C:\WINDOWS\system32\tttss.ini2
    C:\WINDOWS\system32\tttss.ini2
    C:\WINDOWS\system32\tttss.tmp
    C:\WINDOWS\system32\tttss.tmp
    C:\WINDOWS\system32\tttss.tmp
    C:\WINDOWS\system32\tvtqwsmq.ini
    C:\WINDOWS\system32\tvvsqyng.ini
    C:\WINDOWS\system32\uoxgwugb.ini
    C:\WINDOWS\system32\upahmshn.ini
    C:\WINDOWS\system32\vaqcnxvv.ini
    C:\WINDOWS\system32\vdtyebda.dll
    C:\WINDOWS\system32\voqcragq.ini
    C:\WINDOWS\system32\vsqncdry.dll
    C:\WINDOWS\system32\vvvupyhx.ini
    C:\WINDOWS\system32\vvxncqav.dll
    C:\WINDOWS\system32\wbkouleb.dll
    C:\WINDOWS\system32\wcmgmsms.dll
    C:\WINDOWS\system32\wewtvbnt.ini
    C:\WINDOWS\system32\wpwcjhqi.ini
    C:\WINDOWS\system32\wtpfvbfs.ini
    C:\WINDOWS\system32\xglrycte.ini
    C:\WINDOWS\system32\xhypuvvv.dll
    C:\WINDOWS\system32\xxavppew.dll
    C:\WINDOWS\system32\yeietbdn.ini
    C:\WINDOWS\system32\ygrnewty.dll
    C:\WINDOWS\system32\yrdcnqsv.ini
    C:\WINDOWS\system32\yxwhdjbk.ini

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2007-09-08 to 2007-10-08 ))))))))))))))))))))))))))))))))))))
    .

    2007-10-08 20:14 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-07 19:09 <REP> d-------- C:\Program Files\iPod
    2007-10-07 19:08 30,336 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
    2007-10-06 17:59 19 --a------ C:\WINDOWS\popcinfo.dat
    2007-10-06 17:36 <REP> d-------- C:\Documents and Settings\ivana\Application Data\Zylom
    2007-10-06 17:35 <REP> d-------- C:\Program Files\Zylom Games
    2007-10-05 23:10 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
    2007-10-05 23:10 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
    2007-10-05 23:10 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
    2007-10-05 23:10 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
    2007-10-05 23:10 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2007-10-05 23:10 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
    2007-10-05 23:10 <REP> d--h----- C:\Documents and Settings\Administrateur\Application Data\Gtek
    2007-10-05 23:10 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2007-10-05 23:10 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ATI
    2007-10-05 22:58 <REP> d-------- C:\VundoFix Backups
    2007-10-05 22:41 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
    2007-10-05 21:29 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-10-05 21:02 <REP> d-------- C:\Program Files\Yahoo!
    2007-10-05 21:02 <REP> d-------- C:\Program Files\CCleaner
    2007-09-28 22:45 502,208 --a------ C:\WINDOWS\system32\drivers\amon.sys
    2007-09-28 22:45 270,336 --a------ C:\WINDOWS\system32\imon.dll
    2007-09-26 17:50 <REP> d-------- C:\WINDOWS\ERUNT
    2007-09-24 18:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-09-24 18:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-09-24 15:16 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2007-09-23 19:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2007-09-23 17:05 86,094 --a------ C:\WINDOWS\BPMNT.dll
    2007-09-23 17:05 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
    2007-09-23 17:05 <REP> d-------- C:\WINDOWS\AU_Backup
    2007-09-23 17:04 <REP> d-------- C:\WINDOWS\AU_Temp
    2007-09-23 17:02 69,689 --a------ C:\WINDOWS\UNZIP.DLL
    2007-09-23 17:02 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
    2007-09-23 17:02 286,720 --a------ C:\WINDOWS\PATCH.EXE
    2007-09-23 17:02 <REP> d-------- C:\WINDOWS\AU_Log
    2007-09-22 06:29 33,792 --a------ C:\WINDOWS\system32\yayayvw.dll.vir

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-07 19:12 --------- d-------- C:\Program Files\Apple Software Update
    2007-10-07 19:10 --------- d-------- C:\Program Files\iTunes
    2007-10-07 13:08 --------- d-------- C:\Program Files\Google
    2007-10-07 13:08 --------- d-------- C:\Documents and Settings\All Users\Application Data\Google
    2007-09-27 18:05 --------- d-------- C:\Program Files\PokerChamps
    2007-09-27 18:01 --------- d-------- C:\Program Files\IKEA HomePlanner
    2007-09-22 14:14 --------- d-------- C:\Program Files\eMule
    2007-08-24 23:48 --------- d-------- C:\Program Files\QuickTime
    2007-08-24 23:47 --------- d-------- C:\Program Files\Fichiers communs\Apple
    2007-08-24 23:47 --------- d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2007-08-16 21:14 --------- d-------- C:\Program Files\MSXML 4.0
    1995-09-20 15:16 456976 --a------ C:\Program Files\Fichiers communs\dao3032.dll
    --------- C:\Program Files\Hijackthis Version Française
    2007-06-09 13:13:41 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
    2007-02-16 19:56:23 168 --sh--r C:\WINDOWS\system32\A95D9052E3.sys
    2007-02-16 19:56:34 7,670 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 09:15]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 19:41]
    "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 07:20]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 18:50]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 18:50]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 17:00 C:\WINDOWS\stsystra.exe]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 17:57]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-12 17:59]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-09-28 22:44]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-07 13:08]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Dell Network Assistant.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Dell Network Assistant.lnk
    backup=C:\WINDOWS\pss\Dell Network Assistant.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    "C:\Program Files\Dell Support\DSAgnt.exe" /startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eCarteBleue-CLEO]
    "C:\Program Files\e-Carte Bleue\LCL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe" /dontopenmycards

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]
    "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
    "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe

    R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt.sys
    R2 wsppkt;Wireless Security Protocol;C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys
    R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-10-07 17:05:45 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-08 20:19:33
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-10-08 20:20:43 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-10-08 20:20
    .
    --- E O F ---
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. nardino Messages postés 1634 Date d'inscription   Statut Membre Dernière intervention   119
     
    Bonsoir.

    Sur ce site: https://virusscan.jotti.org/
    = Virusscan.jotti-maxi 15mb

    C:\WINDOWS\popcinfo.dat
    C:\WINDOWS\system32\imon.dll
    C:\WINDOWS\vsapi32.dll
    C:\WINDOWS\AU_Temp
    C:\WINDOWS\system32\yayayvw.dll.vir


    Tu fais analyser les fichiers suivant et tu enregistres les rapports que tu postes dans la prochaine réponse.
    Nous allons en venir à bout.
    0
  7. aleksandar Messages postés 55 Date d'inscription   Statut Membre
     
    pour ce fichier:C:\WINDOWS\system32\yayayvw.dll.vir le rapport et le suivant

    Service load: 0% 100%

    File: yayayvw.dll.vir_
    Status: INFECTED/MALWARE
    MD5: fbbcda5777dc2f69750e4a4e73909d77
    Packers detected: -
    Bit9 reports: File not found

    Scanner results
    Scan taken on 08 Oct 2007 20:36:21 (GMT)
    A-Squared Found Adware.Win32.Virtumonde.vq
    AntiVir Found TR/Vundo.DNG
    ArcaVir Found nothing
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found Trojan.Vundo.DNG
    ClamAV Found Adware.Virtumonde-141
    CPsecure Found nothing
    Dr.Web Found nothing
    F-Prot Antivirus Found nothing
    F-Secure Anti-Virus Found nothing
    Fortinet Found nothing
    Kaspersky Anti-Virus Found Trojan.Win32.Pakes.ei
    NOD32 Found nothing
    Norman Virus Control Found W32/Vundo.T
    Panda Antivirus Found nothing
    Rising Antivirus Found nothing
    Sophos Antivirus Found nothing
    VirusBuster Found nothing
    VBA32 Found nothing
    0
  8. aleksandar Messages postés 55 Date d'inscription   Statut Membre
     
    j ai fait fichier par chier et c est le seul qui a un virus
    0
  9. aleksandar Messages postés 55 Date d'inscription   Statut Membre
     
    Et pour ce fichier C:\WINDOWS\AU_Temp le site ne le scanne pas il me dit:The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file
    0
  10. aleksandar Messages postés 55 Date d'inscription   Statut Membre
     
    MERCI D AVANCE POUR TOUT LE TEMP PASSE AVEC MOI
    0
  11. aleksandar Messages postés 55 Date d'inscription   Statut Membre
     
    JE T ENVOI CE RAPPORT JE NE C EST PAS SI JE TE L AI DEJA ENVOYER
    [code]
    2007-09-22 06:35 310880 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ssttt.dll.vir
    2007-09-22 19:24 812525 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tttss.bak1.vir
    2007-09-24 14:30 86080 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\rpeydkmm.dll.vir
    2007-09-25 07:30 693988 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mmkdyepr.ini.vir
    2007-09-25 07:40 820451 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tttss.ini.vir
    2007-09-25 13:39 820511 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tttss.tmp.vir
    2007-09-26 14:50 84032 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\eoywjqot.dll.vir
    2007-09-26 15:42 693679 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\toqjwyoe.ini.vir
    2007-09-26 15:51 84032 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\qmswqtvt.dll.vir
    2007-09-26 16:06 693421 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tvtqwsmq.ini.vir
    2007-09-26 18:06 693661 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\earnmuyd.ini.vir
    2007-09-26 18:06 84032 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\dyumnrae.dll.vir
    2007-09-26 21:11 84032 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\etcyrlgx.dll.vir
    2007-09-26 21:17 693439 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\xglrycte.ini.vir
    2007-09-26 21:19 84032 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\lkfyteop.dll.vir
    2007-09-26 21:20 693421 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\poetyfkl.ini.vir
    2007-09-26 22:23 693541 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wewtvbnt.ini.vir
    2007-09-26 22:23 84032 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tnbvtwew.dll.vir
    2007-09-28 14:26 85056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wcmgmsms.dll.vir
    2007-09-28 15:53 693559 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\smsmgmcw.ini.vir
    2007-09-28 21:22 85056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\qnvlcaed.dll.vir
    2007-09-28 21:26 693472 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\deaclvnq.ini.vir
    2007-09-28 22:45 85056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ygrnewty.dll.vir
    2007-09-29 00:02 85056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\gnyqsvvt.dll.vir
    2007-09-29 00:08 694321 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tvvsqyng.ini.vir
    2007-09-29 09:08 84032 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ptqesivk.dll.vir
    2007-09-29 10:15 693679 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\kviseqtp.ini.vir
    2007-09-29 10:19 84032 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\noarvcdj.dll.vir
    2007-09-29 17:15 693551 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\jdcvraon.ini.vir
    2007-10-01 14:13 87104 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\kbjdhwxy.dll.vir
    2007-10-01 14:52 693679 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\yxwhdjbk.ini.vir
    2007-10-01 15:46 87104 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\jdrydksm.dll.vir
    2007-10-01 18:01 693439 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mskdyrdj.ini.vir
    2007-10-01 21:29 87104 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tjytcufe.dll.vir
    2007-10-01 21:56 693439 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\efuctyjt.ini.vir
    2007-10-02 10:35 85056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ndbteiey.dll.vir
    2007-10-02 17:36 693559 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\yeietbdn.ini.vir
    2007-10-02 17:45 77376 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vdtyebda.dll.vir
    2007-10-03 11:15 693661 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wpwcjhqi.ini.vir
    2007-10-03 11:15 86080 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\iqhjcwpw.dll.vir
    2007-10-03 18:08 86080 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vvxncqav.dll.vir
    2007-10-03 18:36 693439 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vaqcnxvv.ini.vir
    2007-10-03 18:41 693421 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ggghekha.ini.vir
    2007-10-03 18:41 86080 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ahkehggg.dll.vir
    2007-10-04 07:14 85056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\sebyecen.dll.vir
    2007-10-04 09:48 693712 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\neceybes.ini.vir
    2007-10-04 15:15 693661 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wtpfvbfs.ini.vir
    2007-10-04 15:15 85056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\sfbvfptw.dll.vir
    2007-10-04 15:49 85056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\idbnxeii.dll.vir
    2007-10-04 18:47 693533 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\iiexnbdi.ini.vir
    2007-10-05 13:41 693661 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\rofsvidi.ini.vir
    2007-10-05 13:41 87104 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\idivsfor.dll.vir
    2007-10-05 14:03 693421 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\axahoupq.ini.vir
    2007-10-05 14:03 87104 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\qpuohaxa.dll.vir
    2007-10-05 14:19 87104 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\bguwgxou.dll.vir
    2007-10-05 22:01 693439 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\uoxgwugb.ini.vir
    2007-10-05 22:07 87104 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\cnitlomn.dll.vir
    2007-10-05 22:39 693533 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\nmoltinc.ini.vir
    2007-10-05 22:45 87104 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\trtudjbr.dll.vir
    2007-10-05 23:40 76352 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wbkouleb.dll.vir
    2007-10-05 23:46 87104 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\caqtnwcn.dll.vir
    2007-10-06 00:14 693421 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\rmtjoxqp.ini.vir
    2007-10-06 00:14 87104 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\pqxojtmr.dll.vir
    2007-10-06 23:45 693421 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ibdjthlr.ini.vir
    2007-10-06 23:45 85056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\rlhtjdbi.dll.vir
    2007-10-06 23:47 77376 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\xxavppew.dll.vir
    2007-10-07 01:05 693421 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\yrdcnqsv.ini.vir
    2007-10-07 01:05 85056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vsqncdry.dll.vir
    2007-10-07 09:19 86080 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\qgarcqov.dll.vir
    2007-10-07 09:20 693661 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\voqcragq.ini.vir
    2007-10-07 16:49 86080 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\nuoeuqqn.dll.vir
    2007-10-07 16:52 693670 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\nqqueoun.ini.vir
    2007-10-08 15:02 693781 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\njwkhwrg.ini.vir
    2007-10-08 15:02 85056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\grwhkwjn.dll.vir
    2007-10-08 15:21 85056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\xhypuvvv.dll.vir
    2007-10-08 15:34 693533 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vvvupyhx.ini.vir
    2007-10-08 19:17 555033 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tttss.bak2.vir
    2007-10-08 19:20 4174 --a------ C:\Qoobox\Quarantine\C\WINDOWS\cookies.ini.vir
    2007-10-08 19:20 693721 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\upahmshn.ini.vir
    2007-10-08 19:20 83520 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\nhsmhapu.dll.vir
    2007-10-08 20:17 560 --a------ C:\Qoobox\Quarantine\catchme.log
    2007-10-08 20:17 820511 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tttss.ini2.vir
    2007-10-08 20:17 845026 --a------ C:\Qoobox\Quarantine\catchme2007-10-08_201911.50.zip
    2007-10-08 20:18 1218 --a------ C:\Qoobox\Quarantine\C\check_LSA7.txt.vir

    Structure du dossier
    Le num‚ro de s‚rie du volume est 78E3-F613
    C:\QOOBOX\QUARANTINE
    | catchme.log
    | catchme2007-10-08_201911.50.zip
    |
    +---C
    | | check_LSA7.txt.vir
    | |
    | \---WINDOWS
    | | cookies.ini.vir
    | |
    | \---system32
    | ahkehggg.dll.vir
    | axahoupq.ini.vir
    | bguwgxou.dll.vir
    | caqtnwcn.dll.vir
    | cnitlomn.dll.vir
    | deaclvnq.ini.vir
    | dyumnrae.dll.vir
    | earnmuyd.ini.vir
    | efuctyjt.ini.vir
    | eoywjqot.dll.vir
    | etcyrlgx.dll.vir
    | ggghekha.ini.vir
    | gnyqsvvt.dll.vir
    | grwhkwjn.dll.vir
    | ibdjthlr.ini.vir
    | idbnxeii.dll.vir
    | idivsfor.dll.vir
    | iiexnbdi.ini.vir
    | iqhjcwpw.dll.vir
    | jdcvraon.ini.vir
    | jdrydksm.dll.vir
    | kbjdhwxy.dll.vir
    | kviseqtp.ini.vir
    | lkfyteop.dll.vir
    | mmkdyepr.ini.vir
    | mskdyrdj.ini.vir
    | ndbteiey.dll.vir
    | neceybes.ini.vir
    | nhsmhapu.dll.vir
    | njwkhwrg.ini.vir
    | nmoltinc.ini.vir
    | noarvcdj.dll.vir
    | nqqueoun.ini.vir
    | nuoeuqqn.dll.vir
    | poetyfkl.ini.vir
    | pqxojtmr.dll.vir
    | ptqesivk.dll.vir
    | qgarcqov.dll.vir
    | qmswqtvt.dll.vir
    | qnvlcaed.dll.vir
    | qpuohaxa.dll.vir
    | rlhtjdbi.dll.vir
    | rmtjoxqp.ini.vir
    | rofsvidi.ini.vir
    | rpeydkmm.dll.vir
    | sebyecen.dll.vir
    | sfbvfptw.dll.vir
    | smsmgmcw.ini.vir
    | ssttt.dll.vir
    | tjytcufe.dll.vir
    | tnbvtwew.dll.vir
    | toqjwyoe.ini.vir
    | trtudjbr.dll.vir
    | tttss.bak1.vir
    | tttss.bak2.vir
    | tttss.ini.vir
    | tttss.ini2.vir
    | tttss.tmp.vir
    | tvtqwsmq.ini.vir
    | tvvsqyng.ini.vir
    | uoxgwugb.ini.vir
    | upahmshn.ini.vir
    | vaqcnxvv.ini.vir
    | vdtyebda.dll.vir
    | voqcragq.ini.vir
    | vsqncdry.dll.vir
    | vvvupyhx.ini.vir
    | vvxncqav.dll.vir
    | wbkouleb.dll.vir
    | wcmgmsms.dll.vir
    | wewtvbnt.ini.vir
    | wpwcjhqi.ini.vir
    | wtpfvbfs.ini.vir
    | xglrycte.ini.vir
    | xhypuvvv.dll.vir
    | xxavppew.dll.vir
    | yeietbdn.ini.vir
    | ygrnewty.dll.vir
    | yrdcnqsv.ini.vir
    | yxwhdjbk.ini.vir
    |
    \---Registry_backups
    [/code]
    0
  12. nardino Messages postés 1634 Date d'inscription   Statut Membre Dernière intervention   119
     
    Bonsoir,

    Script Combofix

    - Ouvre le bloc-note et colles-y les lignes écrites en citation ci-dessous :

    File::
    C:\WINDOWS\system32\ssttt.dll
    C:\WINDOWS\system32\yayayvw.dll.vir

    Folder::
    C:\VundoFix Backups

    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssttt.dll]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SearchIndexer"=-

    - Enregistre-le sous CFScript.txt, sur le bureau
    - Comme sur l'image présentée ici, fais glisser CFScript.txt dans Combofix.exe
    http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
    - Poste le résultat et un nouveau rapport HijackThis !
    0
  13. aleksandar Messages postés 55 Date d'inscription   Statut Membre
     
    ComboFix 07-10-07.2 - ivana 2007-10-08 23:58:51.2 - NTFSx86
    Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.557 [GMT 2:00]
    Running from: C:\Documents and Settings\ivana\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\ivana\Bureau\CFScript.txt
    * Created a new restore point

    FILE::
    C:\WINDOWS\system32\ssttt.dll
    C:\WINDOWS\system32\yayayvw.dll.vir
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\yayayvw.dll.vir

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2007-09-08 to 2007-10-08 ))))))))))))))))))))))))))))))))))))
    .

    2007-10-08 20:14 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-07 19:09 <REP> d-------- C:\Program Files\iPod
    2007-10-07 19:08 30,336 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
    2007-10-06 17:59 19 --a------ C:\WINDOWS\popcinfo.dat
    2007-10-06 17:36 <REP> d-------- C:\Documents and Settings\ivana\Application Data\Zylom
    2007-10-06 17:35 <REP> d-------- C:\Program Files\Zylom Games
    2007-10-05 23:10 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
    2007-10-05 23:10 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
    2007-10-05 23:10 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
    2007-10-05 23:10 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
    2007-10-05 23:10 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2007-10-05 23:10 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
    2007-10-05 23:10 <REP> d--h----- C:\Documents and Settings\Administrateur\Application Data\Gtek
    2007-10-05 23:10 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2007-10-05 23:10 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ATI
    2007-10-05 22:41 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
    2007-10-05 21:29 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-10-05 21:02 <REP> d-------- C:\Program Files\Yahoo!
    2007-10-05 21:02 <REP> d-------- C:\Program Files\CCleaner
    2007-09-28 22:45 502,208 --a------ C:\WINDOWS\system32\drivers\amon.sys
    2007-09-28 22:45 270,336 --a------ C:\WINDOWS\system32\imon.dll
    2007-09-26 17:50 <REP> d-------- C:\WINDOWS\ERUNT
    2007-09-24 18:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-09-24 18:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-09-24 15:16 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2007-09-23 19:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2007-09-23 17:05 86,094 --a------ C:\WINDOWS\BPMNT.dll
    2007-09-23 17:05 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
    2007-09-23 17:05 <REP> d-------- C:\WINDOWS\AU_Backup
    2007-09-23 17:04 <REP> d-------- C:\WINDOWS\AU_Temp
    2007-09-23 17:02 69,689 --a------ C:\WINDOWS\UNZIP.DLL
    2007-09-23 17:02 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
    2007-09-23 17:02 286,720 --a------ C:\WINDOWS\PATCH.EXE
    2007-09-23 17:02 <REP> d-------- C:\WINDOWS\AU_Log

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-07 19:12 --------- d-------- C:\Program Files\Apple Software Update
    2007-10-07 19:10 --------- d-------- C:\Program Files\iTunes
    2007-10-07 13:08 --------- d-------- C:\Program Files\Google
    2007-10-07 13:08 --------- d-------- C:\Documents and Settings\All Users\Application Data\Google
    2007-09-27 18:05 --------- d-------- C:\Program Files\PokerChamps
    2007-09-27 18:01 --------- d-------- C:\Program Files\IKEA HomePlanner
    2007-09-22 14:14 --------- d-------- C:\Program Files\eMule
    2007-08-24 23:48 --------- d-------- C:\Program Files\QuickTime
    2007-08-24 23:47 --------- d-------- C:\Program Files\Fichiers communs\Apple
    2007-08-24 23:47 --------- d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2007-08-16 21:14 --------- d-------- C:\Program Files\MSXML 4.0
    1995-09-20 15:16 456976 --a------ C:\Program Files\Fichiers communs\dao3032.dll
    --------- C:\Program Files\Hijackthis Version Française
    2007-06-09 13:13:41 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
    2007-02-16 19:56:23 168 --sh--r C:\WINDOWS\system32\A95D9052E3.sys
    2007-02-16 19:56:34 7,670 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 09:15]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 19:41]
    "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 07:20]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 18:50]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 18:50]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 17:00 C:\WINDOWS\stsystra.exe]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 17:57]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-12 17:59]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-09-28 22:44]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-07 13:08]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Dell Network Assistant.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Dell Network Assistant.lnk
    backup=C:\WINDOWS\pss\Dell Network Assistant.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    "C:\Program Files\Dell Support\DSAgnt.exe" /startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eCarteBleue-CLEO]
    "C:\Program Files\e-Carte Bleue\LCL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe" /dontopenmycards

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]
    "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
    "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe

    R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt.sys
    R2 wsppkt;Wireless Security Protocol;C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys
    R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-10-07 17:05:45 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-09 00:01:46
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-10-09 0:02:31 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-10-09 00:02
    .
    --- E O F ---
    0
  14. aleksandar Messages postés 55 Date d'inscription   Statut Membre
     
    Logfile of HijackThis v1.99.1
    Scan saved at 00:04:31, on 09/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\LVComS.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=6061228
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ECarteBleueBrowserHelper Class - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {5308E02B-4ABA-48E4-AA9E-8A7693661473} (GameCtl Class) - http://jeuxenligne.orange.fr/GisActiveX/Ax/GameAx.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.servicesalacarte.orange.fr/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {C9E17F58-564C-41C6-989F-AB0FE0D2C9D1} (PopcapLoader Object) - http://jeuxenligne.orange.fr/orange2.0/OnlineHSS/insaniquarium/Popcap.cab
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    0
  15. nardino Messages postés 1634 Date d'inscription   Statut Membre Dernière intervention   119
     
    Bonsoir.

    Ton problème est-il résolu ?
    0
  16. aleksandar Messages postés 55 Date d'inscription   Statut Membre
     
    Je pense que oui tout va bien je n ai plus aucun probleme je te remercie beaucoup sans toi je n y serai jamais arriver merci encore une fois NARDINO.Juste une question les programmes que tu m a fait telecharger je dois en garder certain ou tous les effacé?
    0
  17. nardino Messages postés 1634 Date d'inscription   Statut Membre Dernière intervention   119
     
    Bonsoir,

    Super.
    Tu cliques sur OtMoveIt et puis sur le bouton CleanUp.
    Puis dans le popup [b]Cleanup list download successful. Begin cleanup process ?[/b], accepte par [b]Yes[/b]

    Il va supprimer tout ce qu'il est inutile de conserver et même s'auto-détruire, c'est pas beau çà !
    Tu redémarres et voilà.
    Pour finir, je te conseille l'installation d'un pare-feu:
    http://www.personalfirewall.comodo.com/
    Comodo™ Firewall

    Et puis la navigation avec Firefox et deux trois extensions:
    http://www.mozilla-europe.org/fr/products/firefox/
    Mozilla Firefox 2.0

    https://addons.mozilla.org/fr/firefox/addon/2497
    CookieSafe

    https://www.hugedomains.com/domain_profile.cfm?d=geckozone&e=org
    NoScript

    https://www.hugedomains.com/domain_profile.cfm?d=geckozone&e=org
    Adblock
    0
  18. aleksandar Messages postés 55 Date d'inscription   Statut Membre
     
    ok c fait mais il me reste pas mal de programme comme vundofix fixvundo ccleaner avg antispyware hijack combofix j en fait quoi?
    0
  19. nardino Messages postés 1634 Date d'inscription   Statut Membre Dernière intervention   119
     
    Bonjour.

    Si tu as bien supprimer OtMoveIt, il doit aussi avoir effacé, VundoFix et Combofix.
    Si ce n'est pas le cas fais-le manuellement.
    Tu peux conserver AVGAS, Hijackthis et CCleaner.
    Un petit nettoyage par semaine avec ce dernier n'est pas inutile.
    Tu peux aussi mettre à jour ta version de Adobe Reader:
    -Acrobat Reader 8.1.:
    https://get2.adobe.com/reader/otherversions/
    Décocher Téléchargez également :Adobe Photoshop® Album Édition
    Dans Ajout/Suppression des programmes tu supprimes toutes les autres versions.
    0
Précédent
  • 1
  • 2