Sujet Précédent Sujet Suivant

Cheval de troie N039_jpg.zip

Résolu/Fermé
jess7001 - 14 oct. 2007 à 16:51
 sherine07 - 27 sept. 2009 à 15:45
Bonjour, j'ai repéré un virus sur mon PC. j'ai donc appliquer la méthode de désinfection préliminaire conseillé sur CCM: je vous envoie donc les rapports comme indiquer afin que vous me dissiez ce que vous en pensez: merci d'avance.
Sinon depuis que j'ai utiliser CCleaner comme demandé, je ne peux plus accéder à mes messageries ( msn, laposte,..) J'ai essayer de me créer des nouvelles adresses sur différents sites (Aol, yahoo,..) mais a chaque fois que j'essaie de m'inscrire cela m'affiche page internet introuvable. Je pense que j'ai du effacer qhelquechose qu'il ne fallait pas avec ccleaner.
Qu'en pensez vous, que puis je faire pour remedier à ce problème?

mes rapports d'analyse:

AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 12:49:19 13/10/2007

+ Résultat de l'analyse:



HKU\S-1-5-21-517680529-3760736333-1762269477-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} -> Adware.2020Search : Ignoré.
HKU\S-1-5-21-517680529-3760736333-1762269477-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} -> Adware.2020Search : Ignoré.
HKLM\SOFTWARE\Classes\CLSID\{74CC49F7-EB32-4A08-B204-948962A6E3DB} -> Adware.RogueSuspect : Ignoré.
C:\Documents and Settings\X\Cookies\x@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\X\Cookies\x@toplist[1].txt -> TrackingCookie.Toplist : Ignoré.
C:\Documents and Settings\X\Cookies\x@m.webtrends[2].txt -> TrackingCookie.Webtrends : Ignoré.


Fin du rapport


BitDefender Online Scanner
Scan report generated at: Sun, Oct 14, 2007 - 15:42:38

Scan path: C:\;D:\;

Statistics
Time 01:13:49
Files 212112
Folders 6269
Boot Sectors 3
Archives 7358
Packed Files 9430

Results
Identified Viruses 3
Infected Files 4
Suspect Files 0
Warnings 0
Disinfected 0
Deleted Files 4

Engines Info
Virus Definitions 826637
Engine build AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins 14
Archive plugins 38
Unpack plugins 7
E-mail plugins 6
System plugins 1

Scan Settings
First Action Disinfect
Second Action Delete
Heuristics Yes
Enable Warnings Yes
Scanned Extensions *;
Exclude Extensions
Scan Emails Yes
Scan Archives Yes
Scan Packed Yes
Scan Files Yes
Scan Boot Yes

Scanned File Status
C:\Documents and Settings\Jessi\Bureau\exe\messengerskinner.exe Detected with: Adware.Navipromo.BYJ
C:\Documents and Settings\Jessi\Bureau\exe\messengerskinner.exe Disinfection failed
C:\Documents and Settings\Jessi\Bureau\exe\messengerskinner.exe Deleted
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP89\A0036966.dll Infected with: Trojan.Downloader.Agent.YPN
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP89\A0036966.dll Deleted
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP99\A0040539.exe Detected with: Adware.Navipromo.BYJ
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP99\A0040539.exe Disinfection failed
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP99\A0040539.exe Deleted
C:\WINDOWS\N039_jpg.zip=>www.N039_jpg-msn.com Infected with: Backdoor.SDBot.DEXM
C:\WINDOWS\N039_jpg.zip=>www.N039_jpg-msn.com Disinfection failed
C:\WINDOWS\N039_jpg.zip=>www.N039_jpg-msn.com Deleted
C:\WINDOWS\N039_jpg.zip Updated



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:07:22, on 14/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0\bin\jucheck.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ad.doubleclick.net/click;h=v8/34d9/14/c5/%2a/z;66435398;0-0;0;15307119;4307-300/250;19562819/19580713/1;;~sscs=%3fhttp://oascentral.videodome.com/RealMedia/ads/click_lx.ads/myvideodaily/miniportal/MusicVideos/1692626292/Frame1/RooMedia/261-DDB-MYVIDEO-ALPHA-Jan_IMU/413445.html/35343635303736313435613930343030?http://www.alphadogmovie.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [b8da2fcc] rundll32.exe "C:\WINDOWS\system32\hujjklot.dll",sitypnow
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: (no name) - http://www.europe2.fr/img/header/logo.gif

22 réponses

  • 1
  • 2
Réponse 1 / 22
nardino Messages postés 1633 Date d'inscription jeudi 20 mai 2004 Statut Membre Dernière intervention 6 mars 2010 119
14 oct. 2007 à 23:01
Bonsoir,

Télécharge :
VundoFix de Atribune: http://www.atribune.org/ccount/click.php?id=4
VirtumondoBegone : http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Double clic sur Vundofix.exe.
Coche la case Run VundoFix as a task
Répond OK au popup qui s'ouvre.
Il va se refermer et réouvrir au bout d'une minute environ.
Quand il est rouvert, clique sur Scan for Vundo
Quand le scan est terminé, clique sur Remove Vundo
Réponds Yes à la demande de suppression des fichiers.
Il te sera demandé de redémarrer ton ordinateur, accepte bien sûr.
Copie/colle le rapport (c:\vundofix.txt) dans ta réponse

Redémarre en mode sans échec et lance VirtumundoBeGone.exe

Pendant le mode sans échec, lance Hijackthis par Scan only et coches :
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://marketingplatform.google.com/about/enterprise/
O4 - HKLM\..\Run: [b8da2fcc] rundll32.exe "C:\WINDOWS\system32\hujjklot.dll",sitypnow

Puis clique sur Fix checked.
Redémarre en mode normal.

Antivir ne semble pas bien désinstallé, il faut le faire ainsi que Symantec.

Procédure pour bien supprimer Norton/Symantec

Tu télécharges cet outil:
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924?Open&src=&docid=20040413131641928&nsf=SUPPORT%5CINTER%5Cnisintl.nsf&view=833aab0c51f1b15a88256da6006a0505&dtype=&prod=&ver=&osv=&osv_lvl=

Dans Démarrer Exécuter tape: services.msc

Tu sélectionnes chacun des services ci-dessous à tour de rôle et tu les arrêtes, en haut à gauche Arrêter le service.
Puis tu double-cliques dessus et dans Type de démarrage tu choisis Désactiver

Symantec Network Proxy
Symantec Settings Manager
Symantec Network Drivers Service
SymWMI Service

Puis tu lances Norton_Removal_Tools.exe
Et tu redémarres.

Tu postes le rapport Vundofix, des infos sur Virtumondobegone, un nouveau log Hijackthis.
1
Réponse 2 / 22
jess7001
15 oct. 2007 à 19:42
Bonjour,
Mon navigateur ne peut pas se connecter a internet alors que je peux surfer : le problème se pose pour les boites mails. Cela m’indique qu’il ya un soucis avec le proxy et les ports principaux. c'est aussi pourquoi je n'arrive pas a télécharger Norton_Removal_Tools.exe: ça m'affiche page introuvable. je vais réessayer et sinon j'essaierai de le télécharger demain sur un autre PC.


Que dire de plus merci .

Voici les rapports
VundoFix V6.5.9

Checking Java version...

Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.

Scan started at 00:31:29 11/10/2007

Listing files found while scanning....

C:\WINDOWS\system32\cbadd.bak1
C:\WINDOWS\system32\cbadd.bak2
C:\WINDOWS\system32\cbadd.ini
C:\WINDOWS\system32\ddabc.dll
C:\WINDOWS\system32\mljhijj.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\cbadd.bak1
C:\WINDOWS\system32\cbadd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbadd.bak2
C:\WINDOWS\system32\cbadd.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbadd.ini
C:\WINDOWS\system32\cbadd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddabc.dll
C:\WINDOWS\system32\ddabc.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\mljhijj.dll
C:\WINDOWS\system32\mljhijj.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

VundoFix V6.5.10

Checking Java version...

Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.

Scan started at 17:37:46 15/10/2007

Listing files found while scanning....

C:\WINDOWS\system32\cbadd.bak2
C:\WINDOWS\system32\cbadd.ini
C:\WINDOWS\system32\ddabc.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\cbadd.bak2
C:\WINDOWS\system32\cbadd.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbadd.ini
C:\WINDOWS\system32\cbadd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddabc.dll
C:\WINDOWS\system32\ddabc.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.10

Checking Java version...

Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.

Scan started at 18:00:34 15/10/2007

Listing files found while scanning....


[10/15/2007, 18:31:28] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Jessi\Bureau\virus a héradiquer\VirtumundoBeGone.exe" )
[10/15/2007, 18:31:43] - Detected System Information:
[10/15/2007, 18:31:43] - Windows Version: 5.1.2600, Service Pack 2
[10/15/2007, 18:31:43] - Current Username: Jessi (Admin)
[10/15/2007, 18:31:43] - Windows is in SAFE mode with Networking.
[10/15/2007, 18:31:43] - Searching for Browser Helper Objects:
[10/15/2007, 18:31:43] - BHO 1: {014DA6C1-189F-421a-88CD-07CFE51CFF10} (My Search BHO)
[10/15/2007, 18:31:43] - BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[10/15/2007, 18:31:43] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[10/15/2007, 18:31:43] - BHO 4: {2d1c8fb1-380b-4361-9c64-5acc5f6271c6} ()
[10/15/2007, 18:31:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/15/2007, 18:31:43] - Checking for HKLM\...\Winlogon\Notify\rtlhknre
[10/15/2007, 18:31:43] - Key not found: HKLM\...\Winlogon\Notify\rtlhknre, continuing.
[10/15/2007, 18:31:43] - BHO 5: {72D882FB-4E66-4F83-9F2F-AEB2F428C37C} ()
[10/15/2007, 18:31:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/15/2007, 18:31:43] - Checking for HKLM\...\Winlogon\Notify\ddabc
[10/15/2007, 18:31:43] - Key not found: HKLM\...\Winlogon\Notify\ddabc, continuing.
[10/15/2007, 18:31:43] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/15/2007, 18:31:43] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[10/15/2007, 18:31:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/15/2007, 18:31:43] - No filename found. Continuing.
[10/15/2007, 18:31:43] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[10/15/2007, 18:31:43] - BHO 9: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
[10/15/2007, 18:31:43] - BHO 10: {b7c0ad3f-0924-485a-a426-11001770312a} ()
[10/15/2007, 18:31:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/15/2007, 18:31:43] - Checking for HKLM\...\Winlogon\Notify\vggraiwn
[10/15/2007, 18:31:43] - Key not found: HKLM\...\Winlogon\Notify\vggraiwn, continuing.
[10/15/2007, 18:31:43] - BHO 11: {bf00e119-21a3-4fd1-b178-3b8537e75c92} (IeMonitorBho Class)
[10/15/2007, 18:31:43] - Finished Searching Browser Helper Objects
[10/15/2007, 18:31:43] - Finishing up...
[10/15/2007, 18:31:43] - Nothing found! Exiting...

[10/15/2007, 18:32:47] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Jessi\Bureau\virus a héradiquer\VirtumundoBeGone.exe" )
[10/15/2007, 18:32:48] - Detected System Information:
[10/15/2007, 18:32:48] - Windows Version: 5.1.2600, Service Pack 2
[10/15/2007, 18:32:48] - Current Username: Jessi (Admin)
[10/15/2007, 18:32:48] - Windows is in SAFE mode with Networking.
[10/15/2007, 18:32:48] - Searching for Browser Helper Objects:
[10/15/2007, 18:32:48] - BHO 1: {014DA6C1-189F-421a-88CD-07CFE51CFF10} (My Search BHO)
[10/15/2007, 18:32:48] - BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[10/15/2007, 18:32:48] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[10/15/2007, 18:32:48] - BHO 4: {2d1c8fb1-380b-4361-9c64-5acc5f6271c6} ()
[10/15/2007, 18:32:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/15/2007, 18:32:48] - Checking for HKLM\...\Winlogon\Notify\rtlhknre
[10/15/2007, 18:32:48] - Key not found: HKLM\...\Winlogon\Notify\rtlhknre, continuing.
[10/15/2007, 18:32:48] - BHO 5: {72D882FB-4E66-4F83-9F2F-AEB2F428C37C} ()
[10/15/2007, 18:32:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/15/2007, 18:32:48] - Checking for HKLM\...\Winlogon\Notify\ddabc
[10/15/2007, 18:32:48] - Key not found: HKLM\...\Winlogon\Notify\ddabc, continuing.
[10/15/2007, 18:32:48] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/15/2007, 18:32:48] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[10/15/2007, 18:32:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/15/2007, 18:32:48] - No filename found. Continuing.
[10/15/2007, 18:32:48] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[10/15/2007, 18:32:48] - BHO 9: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
[10/15/2007, 18:32:49] - BHO 10: {b7c0ad3f-0924-485a-a426-11001770312a} ()
[10/15/2007, 18:32:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/15/2007, 18:32:49] - Checking for HKLM\...\Winlogon\Notify\vggraiwn
[10/15/2007, 18:32:49] - Key not found: HKLM\...\Winlogon\Notify\vggraiwn, continuing.
[10/15/2007, 18:32:49] - BHO 11: {bf00e119-21a3-4fd1-b178-3b8537e75c92} (IeMonitorBho Class)
[10/15/2007, 18:32:49] - Finished Searching Browser Helper Objects
[10/15/2007, 18:32:49] - Finishing up...
[10/15/2007, 18:32:49] - Nothing found! Exiting...

[10/15/2007, 18:54:50] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Jessi\Bureau\virus a héradiquer\VirtumundoBeGone.exe" )
[10/15/2007, 18:54:53] - Detected System Information:
[10/15/2007, 18:54:53] - Windows Version: 5.1.2600, Service Pack 2
[10/15/2007, 18:54:53] - Current Username: Jessi (Admin)
[10/15/2007, 18:54:53] - Windows is in SAFE mode with Networking.
[10/15/2007, 18:54:53] - Searching for Browser Helper Objects:
[10/15/2007, 18:54:53] - BHO 1: {014DA6C1-189F-421a-88CD-07CFE51CFF10} (My Search BHO)
[10/15/2007, 18:54:53] - BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[10/15/2007, 18:54:53] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[10/15/2007, 18:54:53] - BHO 4: {2d1c8fb1-380b-4361-9c64-5acc5f6271c6} ()
[10/15/2007, 18:54:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/15/2007, 18:54:53] - Checking for HKLM\...\Winlogon\Notify\rtlhknre
[10/15/2007, 18:54:53] - Key not found: HKLM\...\Winlogon\Notify\rtlhknre, continuing.
[10/15/2007, 18:54:53] - BHO 5: {72D882FB-4E66-4F83-9F2F-AEB2F428C37C} ()
[10/15/2007, 18:54:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/15/2007, 18:54:53] - Checking for HKLM\...\Winlogon\Notify\ddabc
[10/15/2007, 18:54:53] - Key not found: HKLM\...\Winlogon\Notify\ddabc, continuing.
[10/15/2007, 18:54:53] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/15/2007, 18:54:53] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[10/15/2007, 18:54:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/15/2007, 18:54:53] - No filename found. Continuing.
[10/15/2007, 18:54:53] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[10/15/2007, 18:54:53] - BHO 9: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
[10/15/2007, 18:54:53] - BHO 10: {b7c0ad3f-0924-485a-a426-11001770312a} ()
[10/15/2007, 18:54:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/15/2007, 18:54:53] - Checking for HKLM\...\Winlogon\Notify\vggraiwn
[10/15/2007, 18:54:53] - Key not found: HKLM\...\Winlogon\Notify\vggraiwn, continuing.
[10/15/2007, 18:54:53] - BHO 11: {bf00e119-21a3-4fd1-b178-3b8537e75c92} (IeMonitorBho Class)
[10/15/2007, 18:54:53] - Finished Searching Browser Helper Objects
[10/15/2007, 18:54:53] - Finishing up...
[10/15/2007, 18:54:53] - Nothing found! Exiting...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:34:48, on 15/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0\bin\jucheck.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2d1c8fb1-380b-4361-9c64-5acc5f6271c6} - C:\WINDOWS\system32\rtlhknre.dll
O2 - BHO: (no name) - {72D882FB-4E66-4F83-9F2F-AEB2F428C37C} - C:\WINDOWS\system32\ddabc.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: {a2130771-0011-624a-a584-4290f3da0c7b} - {b7c0ad3f-0924-485a-a426-11001770312a} - C:\WINDOWS\system32\vggraiwn.dll
O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: awtqq - C:\WINDOWS\system32\awtqq.dll
O20 - Winlogon Notify: awtqr - C:\WINDOWS\system32\awtqr.dll
O20 - Winlogon Notify: awtsr - C:\WINDOWS\system32\awtsr.dll
O20 - Winlogon Notify: awvts - C:\WINDOWS\system32\awvts.dll
O20 - Winlogon Notify: awvtu - C:\WINDOWS\system32\awvtu.dll
O20 - Winlogon Notify: mljjg - C:\WINDOWS\system32\mljjg.dll
O20 - Winlogon Notify: mllmj - C:\WINDOWS\system32\mllmj.dll
O20 - Winlogon Notify: pmkhg - C:\WINDOWS\system32\pmkhg.dll
O20 - Winlogon Notify: pmnnl - C:\WINDOWS\system32\pmnnl.dll
O20 - Winlogon Notify: pmnno - C:\WINDOWS\system32\pmnno.dll
O20 - Winlogon Notify: ssttu - C:\WINDOWS\system32\ssttu.dll
O20 - Winlogon Notify: vtsqo - C:\WINDOWS\system32\vtsqo.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: (no name) - http://www.europe2.fr/img/header/logo.gif
1
Réponse 3 / 22
nardino Messages postés 1633 Date d'inscription jeudi 20 mai 2004 Statut Membre Dernière intervention 6 mars 2010 119
14 oct. 2007 à 17:11
Bonjour.

Passe ces deux outils:
Conseil : Toujours télécharger avant utilisation pour profiter des dernières mises à jour.

Télécharge Navifix de Il-Mafioso sur ton bureau:
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

Installe-le en cliquant sur le fichier Navilog1.exe

Double-clique sur le raccourci créé sur le bureau.
Au menu principal suivant, choisis 1 et valide par Entrée.
[b]Ne fais pas le choix 2,3 ou 4 sans mon avis.[/b]
Patiente jusqu'au message : *** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Sauvegarde le blocnote qui s'ouvre sur le bureau sous cleanavi.txt

Et

Télécharge: http://siri.urz.free.fr/Fix/SmitfraudFix.exe de S!Ri Balltrap et Moe
Toujours charger avant l'utilisation pour profiter des dernières mises à jour.
Lance-le en cliquant sur Smitfraud.exe

Dans la fenêtre bleue, choisis l'option 1] et Entrée
Fais un copier coller du rapport qui s'ouvre dans ta prochaine réponse.
Ce rapport sera enregistré comme suit : C:\rapport.txt
Renomme-le rapport1.txt, très important.

Tu posteras aussi un nouveau rapport Hijackthis
0
sherine07
27 sept. 2009 à 15:45
bonjour j'ai eu le meme probleme msn ne s'ouvre pas ni internet explorer ...j'ai suivi la methode nardino
voila le résultat de digno......merci nardino




SmitFraudFix v2.424

Rapport fait à 15:38:35,95, 27/09/2009
Executé à partir de C:\Documents and Settings\virginie bruyere\Mes documents\Downloads\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Wistron\AVManager\AVManager.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Documents and Settings\virginie bruyere\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\virginie bruyere\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\virginie bruyere\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\virginie bruyere\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\virginie bruyere


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\VIRGIN~1\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\virginie bruyere\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\VIRGIN~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""




»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom 440x 10/100 Integrated Controller
DNS Server Search Order: 212.27.40.240
DNS Server Search Order: 212.27.40.241

HKLM\SYSTEM\CCS\Services\Tcpip\..\{D9698E7E-CE7B-45B1-BBD0-614D1B4B5A2F}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D9698E7E-CE7B-45B1-BBD0-614D1B4B5A2F}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D9698E7E-CE7B-45B1-BBD0-614D1B4B5A2F}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 4 / 22
jess7001
14 oct. 2007 à 21:51
coucou, déja un grand merci pour le temps que tu m'accorde

si j'ai bien compris ce que tu m'a dit: il ne faut pas que j'enregistre le exe du logiciel mais jute l'exécuter pour avoir les mises a jour?

voici les derniers rapports:
Search Navipromo version 3.2.1 commencé le 14/10/2007 à 21:03:08,15

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 09.10.2007 a 18h00 by IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11


*** Recherche Programmes installes ***




*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\Jessi\Application Data ***


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1 ***


*** Recherche avec Catchme-rootkit/stealth malware detector by gmer ***
pour + d'infos : http://www.gmer.net

Aucun fichier trouvé dans :

- C:\WINDOWS\system32
- C:\DOCUME~1\Jessi\LOCALS~1\APPLIC~1



*** Recherche avec GenericNaviSearch ***
!!! Tous Ces résultats peuvent révéler des fichiers légitimes !!!
!!! A verifier impérativement avant toute suppression manuelle !!!

* Scan C:\WINDOWS\system32 *

* Scan C:\DOCUME~1\Jessi\LOCALS~1\APPLIC~1 *



*** Recherche fichiers ***




*** Recherche cles registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:
C:\WINDOWS\system32\ghkmp.bak1 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\gjjlm.bak1 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\jmllm.bak1 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\lnnmp.bak1 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\onnmp.bak1 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\oqstv.bak1 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\qqtwa.bak1 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\rqtwa.bak1 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\rstwa.bak1 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\stvwa.bak1 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\utvwa.bak1 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\cbadd.bak2 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\ghkmp.bak2 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\lnnmp.bak2 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\onnmp.bak2 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\oqstv.bak2 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\rqtwa.bak2 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\rstwa.bak2 trouvé ! infection Vundo possible non traité par cet outil !

2)Recherche Heuristique :



3)Recherche Certificats :

Certificat Egroup absent !


*** Analyse Terminé le 14/10/2007 à 21:04:24,93 ***



SmitFraudFix v2.240

Rapport fait à 21:11:01,00, 14/10/2007
Executé à partir de C:\Documents and Settings\Jessi\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Java\jre1.6.0\bin\jucheck.exe
C:\Program Files\Java\jre1.6.0\bin\javaw.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jessi


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jessi\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Jessi\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://www.europe2.fr/img/header/logo.gif"
"SubscribedURL"="http://www.europe2.fr/img/header/logo.gif"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~3\\GOEC62~1.DLL"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: VIA Rhine II Fast Ethernet Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{63A19C07-64DE-4C29-BDDA-9D77FB9A66A6}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{63A19C07-64DE-4C29-BDDA-9D77FB9A66A6}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{63A19C07-64DE-4C29-BDDA-9D77FB9A66A6}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:26:17, on 14/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Java\jre1.6.0\bin\jucheck.exe
C:\Program Files\Java\jre1.6.0\bin\javaw.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ad.doubleclick.net/click;h=v8/34d9/14/c5/%2a/z;66435398;0-0;0;15307119;4307-300/250;19562819/19580713/1;;~sscs=%3fhttp://oascentral.videodome.com/RealMedia/ads/click_lx.ads/myvideodaily/miniportal/MusicVideos/1692626292/Frame1/RooMedia/261-DDB-MYVIDEO-ALPHA-Jan_IMU/413445.html/35343635303736313435613930343030?http://www.alphadogmovie.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [b8da2fcc] rundll32.exe "C:\WINDOWS\system32\hujjklot.dll",sitypnow
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: (no name) - http://www.europe2.fr/img/header/logo.gif
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 22
jess7001
15 oct. 2007 à 00:40
Bonsoir,
dès demain je mettrais en application tous tes conseils
mais une petite question: pour l'accès à mes messageries ou pour le téléchargement de certains logiciels, on m'indique que j'ai un problème lors de l'accès au serveur, un problème de connexion et de réglage du proxy mais d'après mes options internet j'ai l'impression de ne pas avoir de proxy. alors est ce que ces problèmes viennent aussi du virus ou d'un mauvais réglage?

Sinon j'ai vérifier pour Antivir, je ne trouve aucune trace ni dans dossiers, ni dans suppression des programmes et ni dans démarrer executer "services.msc": les 2 lignes concernant antivir sont déja désactivées.

Demain je m'y remet, alors bonne nuit et encore merci
0
Réponse 6 / 22
jess7001
15 oct. 2007 à 19:43
Bonjour,
Mon navigateur ne peut pas se connecter a internet alors que je peux surfer : le problème se pose pour les boites mails. Cela m’indique qu’il ya un soucis avec le proxy et les ports principaux. c'est aussi pourquoi je n'arrive pas a télécharger Norton_Removal_Tools.exe: ça m'affiche page introuvable. je vais réessayer et sinon j'essaierai de le télécharger demain sur un autre PC.


Que dire de plus merci .

Voici les rapports
VundoFix V6.5.9

Checking Java version...

Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.

Scan started at 00:31:29 11/10/2007

Listing files found while scanning....

C:\WINDOWS\system32\cbadd.bak1
C:\WINDOWS\system32\cbadd.bak2
C:\WINDOWS\system32\cbadd.ini
C:\WINDOWS\system32\ddabc.dll
C:\WINDOWS\system32\mljhijj.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\cbadd.bak1
C:\WINDOWS\system32\cbadd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbadd.bak2
C:\WINDOWS\system32\cbadd.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbadd.ini
C:\WINDOWS\system32\cbadd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddabc.dll
C:\WINDOWS\system32\ddabc.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\mljhijj.dll
C:\WINDOWS\system32\mljhijj.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

VundoFix V6.5.10

Checking Java version...

Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.

Scan started at 17:37:46 15/10/2007

Listing files found while scanning....

C:\WINDOWS\system32\cbadd.bak2
C:\WINDOWS\system32\cbadd.ini
C:\WINDOWS\system32\ddabc.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\cbadd.bak2
C:\WINDOWS\system32\cbadd.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbadd.ini
C:\WINDOWS\system32\cbadd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddabc.dll
C:\WINDOWS\system32\ddabc.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.10

Checking Java version...

Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.

Scan started at 18:00:34 15/10/2007

Listing files found while scanning....


[10/15/2007, 18:31:28] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Jessi\Bureau\virus a héradiquer\VirtumundoBeGone.exe" )
[10/15/2007, 18:31:43] - Detected System Information:
[10/15/2007, 18:31:43] - Windows Version: 5.1.2600, Service Pack 2
[10/15/2007, 18:31:43] - Current Username: Jessi (Admin)
[10/15/2007, 18:31:43] - Windows is in SAFE mode with Networking.
[10/15/2007, 18:31:43] - Searching for Browser Helper Objects:
[10/15/2007, 18:31:43] - BHO 1: {014DA6C1-189F-421a-88CD-07CFE51CFF10} (My Search BHO)
[10/15/2007, 18:31:43] - BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[10/15/2007, 18:31:43] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[10/15/2007, 18:31:43] - BHO 4: {2d1c8fb1-380b-4361-9c64-5acc5f6271c6} ()
[10/15/2007, 18:31:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/15/2007, 18:31:43] - Checking for HKLM\...\Winlogon\Notify\rtlhknre
[10/15/2007, 18:31:43] - Key not found: HKLM\...\Winlogon\Notify\rtlhknre, continuing.
[10/15/2007, 18:31:43] - BHO 5: {72D882FB-4E66-4F83-9F2F-AEB2F428C37C} ()
[10/15/2007, 18:31:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/15/2007, 18:31:43] - Checking for HKLM\...\Winlogon\Notify\ddabc
[10/15/2007, 18:31:43] - Key not found: HKLM\...\Winlogon\Notify\ddabc, continuing.
[10/15/2007, 18:31:43] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/15/2007, 18:31:43] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[10/15/2007, 18:31:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/15/2007, 18:31:43] - No filename found. Continuing.
[10/15/2007, 18:31:43] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[10/15/2007, 18:31:43] - BHO 9: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
[10/15/2007, 18:31:43] - BHO 10: {b7c0ad3f-0924-485a-a426-11001770312a} ()
[10/15/2007, 18:31:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/15/2007, 18:31:43] - Checking for HKLM\...\Winlogon\Notify\vggraiwn
[10/15/2007, 18:31:43] - Key not found: HKLM\...\Winlogon\Notify\vggraiwn, continuing.
[10/15/2007, 18:31:43] - BHO 11: {bf00e119-21a3-4fd1-b178-3b8537e75c92} (IeMonitorBho Class)
[10/15/2007, 18:31:43] - Finished Searching Browser Helper Objects
[10/15/2007, 18:31:43] - Finishing up...
[10/15/2007, 18:31:43] - Nothing found! Exiting...

[10/15/2007, 18:32:47] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Jessi\Bureau\virus a héradiquer\VirtumundoBeGone.exe" )
[10/15/2007, 18:32:48] - Detected System Information:
[10/15/2007, 18:32:48] - Windows Version: 5.1.2600, Service Pack 2
[10/15/2007, 18:32:48] - Current Username: Jessi (Admin)
[10/15/2007, 18:32:48] - Windows is in SAFE mode with Networking.
[10/15/2007, 18:32:48] - Searching for Browser Helper Objects:
[10/15/2007, 18:32:48] - BHO 1: {014DA6C1-189F-421a-88CD-07CFE51CFF10} (My Search BHO)
[10/15/2007, 18:32:48] - BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[10/15/2007, 18:32:48] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[10/15/2007, 18:32:48] - BHO 4: {2d1c8fb1-380b-4361-9c64-5acc5f6271c6} ()
[10/15/2007, 18:32:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/15/2007, 18:32:48] - Checking for HKLM\...\Winlogon\Notify\rtlhknre
[10/15/2007, 18:32:48] - Key not found: HKLM\...\Winlogon\Notify\rtlhknre, continuing.
[10/15/2007, 18:32:48] - BHO 5: {72D882FB-4E66-4F83-9F2F-AEB2F428C37C} ()
[10/15/2007, 18:32:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/15/2007, 18:32:48] - Checking for HKLM\...\Winlogon\Notify\ddabc
[10/15/2007, 18:32:48] - Key not found: HKLM\...\Winlogon\Notify\ddabc, continuing.
[10/15/2007, 18:32:48] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/15/2007, 18:32:48] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[10/15/2007, 18:32:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/15/2007, 18:32:48] - No filename found. Continuing.
[10/15/2007, 18:32:48] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[10/15/2007, 18:32:48] - BHO 9: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
[10/15/2007, 18:32:49] - BHO 10: {b7c0ad3f-0924-485a-a426-11001770312a} ()
[10/15/2007, 18:32:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/15/2007, 18:32:49] - Checking for HKLM\...\Winlogon\Notify\vggraiwn
[10/15/2007, 18:32:49] - Key not found: HKLM\...\Winlogon\Notify\vggraiwn, continuing.
[10/15/2007, 18:32:49] - BHO 11: {bf00e119-21a3-4fd1-b178-3b8537e75c92} (IeMonitorBho Class)
[10/15/2007, 18:32:49] - Finished Searching Browser Helper Objects
[10/15/2007, 18:32:49] - Finishing up...
[10/15/2007, 18:32:49] - Nothing found! Exiting...

[10/15/2007, 18:54:50] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Jessi\Bureau\virus a héradiquer\VirtumundoBeGone.exe" )
[10/15/2007, 18:54:53] - Detected System Information:
[10/15/2007, 18:54:53] - Windows Version: 5.1.2600, Service Pack 2
[10/15/2007, 18:54:53] - Current Username: Jessi (Admin)
[10/15/2007, 18:54:53] - Windows is in SAFE mode with Networking.
[10/15/2007, 18:54:53] - Searching for Browser Helper Objects:
[10/15/2007, 18:54:53] - BHO 1: {014DA6C1-189F-421a-88CD-07CFE51CFF10} (My Search BHO)
[10/15/2007, 18:54:53] - BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[10/15/2007, 18:54:53] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[10/15/2007, 18:54:53] - BHO 4: {2d1c8fb1-380b-4361-9c64-5acc5f6271c6} ()
[10/15/2007, 18:54:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/15/2007, 18:54:53] - Checking for HKLM\...\Winlogon\Notify\rtlhknre
[10/15/2007, 18:54:53] - Key not found: HKLM\...\Winlogon\Notify\rtlhknre, continuing.
[10/15/2007, 18:54:53] - BHO 5: {72D882FB-4E66-4F83-9F2F-AEB2F428C37C} ()
[10/15/2007, 18:54:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/15/2007, 18:54:53] - Checking for HKLM\...\Winlogon\Notify\ddabc
[10/15/2007, 18:54:53] - Key not found: HKLM\...\Winlogon\Notify\ddabc, continuing.
[10/15/2007, 18:54:53] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/15/2007, 18:54:53] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[10/15/2007, 18:54:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/15/2007, 18:54:53] - No filename found. Continuing.
[10/15/2007, 18:54:53] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[10/15/2007, 18:54:53] - BHO 9: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
[10/15/2007, 18:54:53] - BHO 10: {b7c0ad3f-0924-485a-a426-11001770312a} ()
[10/15/2007, 18:54:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/15/2007, 18:54:53] - Checking for HKLM\...\Winlogon\Notify\vggraiwn
[10/15/2007, 18:54:53] - Key not found: HKLM\...\Winlogon\Notify\vggraiwn, continuing.
[10/15/2007, 18:54:53] - BHO 11: {bf00e119-21a3-4fd1-b178-3b8537e75c92} (IeMonitorBho Class)
[10/15/2007, 18:54:53] - Finished Searching Browser Helper Objects
[10/15/2007, 18:54:53] - Finishing up...
[10/15/2007, 18:54:53] - Nothing found! Exiting...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:34:48, on 15/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0\bin\jucheck.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2d1c8fb1-380b-4361-9c64-5acc5f6271c6} - C:\WINDOWS\system32\rtlhknre.dll
O2 - BHO: (no name) - {72D882FB-4E66-4F83-9F2F-AEB2F428C37C} - C:\WINDOWS\system32\ddabc.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: {a2130771-0011-624a-a584-4290f3da0c7b} - {b7c0ad3f-0924-485a-a426-11001770312a} - C:\WINDOWS\system32\vggraiwn.dll
O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: awtqq - C:\WINDOWS\system32\awtqq.dll
O20 - Winlogon Notify: awtqr - C:\WINDOWS\system32\awtqr.dll
O20 - Winlogon Notify: awtsr - C:\WINDOWS\system32\awtsr.dll
O20 - Winlogon Notify: awvts - C:\WINDOWS\system32\awvts.dll
O20 - Winlogon Notify: awvtu - C:\WINDOWS\system32\awvtu.dll
O20 - Winlogon Notify: mljjg - C:\WINDOWS\system32\mljjg.dll
O20 - Winlogon Notify: mllmj - C:\WINDOWS\system32\mllmj.dll
O20 - Winlogon Notify: pmkhg - C:\WINDOWS\system32\pmkhg.dll
O20 - Winlogon Notify: pmnnl - C:\WINDOWS\system32\pmnnl.dll
O20 - Winlogon Notify: pmnno - C:\WINDOWS\system32\pmnno.dll
O20 - Winlogon Notify: ssttu - C:\WINDOWS\system32\ssttu.dll
O20 - Winlogon Notify: vtsqo - C:\WINDOWS\system32\vtsqo.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: (no name) - http://www.europe2.fr/img/header/logo.gif
0
Réponse 7 / 22
jess7001
15 oct. 2007 à 19:43
Bonjour,
Mon navigateur ne peut pas se connecter a internet alors que je peux surfer : le problème se pose pour les boites mails. Cela m’indique qu’il ya un soucis avec le proxy et les ports principaux. c'est aussi pourquoi je n'arrive pas a télécharger Norton_Removal_Tools.exe: ça m'affiche page introuvable. je vais réessayer et sinon j'essaierai de le télécharger demain sur un autre PC.


Que dire de plus merci pour tout.

Voici les rapports
VundoFix V6.5.9

Checking Java version...

Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.

Scan started at 00:31:29 11/10/2007

Listing files found while scanning....

C:\WINDOWS\system32\cbadd.bak1
C:\WINDOWS\system32\cbadd.bak2
C:\WINDOWS\system32\cbadd.ini
C:\WINDOWS\system32\ddabc.dll
C:\WINDOWS\system32\mljhijj.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\cbadd.bak1
C:\WINDOWS\system32\cbadd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbadd.bak2
C:\WINDOWS\system32\cbadd.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbadd.ini
C:\WINDOWS\system32\cbadd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddabc.dll
C:\WINDOWS\system32\ddabc.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\mljhijj.dll
C:\WINDOWS\system32\mljhijj.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

VundoFix V6.5.10

Checking Java version...

Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.

Scan started at 17:37:46 15/10/2007

Listing files found while scanning....

C:\WINDOWS\system32\cbadd.bak2
C:\WINDOWS\system32\cbadd.ini
C:\WINDOWS\system32\ddabc.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\cbadd.bak2
C:\WINDOWS\system32\cbadd.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbadd.ini
C:\WINDOWS\system32\cbadd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddabc.dll
C:\WINDOWS\system32\ddabc.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.10

Checking Java version...

Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.

Scan started at 18:00:34 15/10/2007

Listing files found while scanning....


[10/15/2007, 18:31:28] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Jessi\Bureau\virus a héradiquer\VirtumundoBeGone.exe" )
[10/15/2007, 18:31:43] - Detected System Information:
[10/15/2007, 18:31:43] - Windows Version: 5.1.2600, Service Pack 2
[10/15/2007, 18:31:43] - Current Username: Jessi (Admin)
[10/15/2007, 18:31:43] - Windows is in SAFE mode with Networking.
[10/15/2007, 18:31:43] - Searching for Browser Helper Objects:
[10/15/2007, 18:31:43] - BHO 1: {014DA6C1-189F-421a-88CD-07CFE51CFF10} (My Search BHO)
[10/15/2007, 18:31:43] - BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[10/15/2007, 18:31:43] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[10/15/2007, 18:31:43] - BHO 4: {2d1c8fb1-380b-4361-9c64-5acc5f6271c6} ()
[10/15/2007, 18:31:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/15/2007, 18:31:43] - Checking for HKLM\...\Winlogon\Notify\rtlhknre
[10/15/2007, 18:31:43] - Key not found: HKLM\...\Winlogon\Notify\rtlhknre, continuing.
[10/15/2007, 18:31:43] - BHO 5: {72D882FB-4E66-4F83-9F2F-AEB2F428C37C} ()
[10/15/2007, 18:31:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/15/2007, 18:31:43] - Checking for HKLM\...\Winlogon\Notify\ddabc
[10/15/2007, 18:31:43] - Key not found: HKLM\...\Winlogon\Notify\ddabc, continuing.
[10/15/2007, 18:31:43] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/15/2007, 18:31:43] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[10/15/2007, 18:31:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/15/2007, 18:31:43] - No filename found. Continuing.
[10/15/2007, 18:31:43] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[10/15/2007, 18:31:43] - BHO 9: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
[10/15/2007, 18:31:43] - BHO 10: {b7c0ad3f-0924-485a-a426-11001770312a} ()
[10/15/2007, 18:31:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/15/2007, 18:31:43] - Checking for HKLM\...\Winlogon\Notify\vggraiwn
[10/15/2007, 18:31:43] - Key not found: HKLM\...\Winlogon\Notify\vggraiwn, continuing.
[10/15/2007, 18:31:43] - BHO 11: {bf00e119-21a3-4fd1-b178-3b8537e75c92} (IeMonitorBho Class)
[10/15/2007, 18:31:43] - Finished Searching Browser Helper Objects
[10/15/2007, 18:31:43] - Finishing up...
[10/15/2007, 18:31:43] - Nothing found! Exiting...

[10/15/2007, 18:32:47] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Jessi\Bureau\virus a héradiquer\VirtumundoBeGone.exe" )
[10/15/2007, 18:32:48] - Detected System Information:
[10/15/2007, 18:32:48] - Windows Version: 5.1.2600, Service Pack 2
[10/15/2007, 18:32:48] - Current Username: Jessi (Admin)
[10/15/2007, 18:32:48] - Windows is in SAFE mode with Networking.
[10/15/2007, 18:32:48] - Searching for Browser Helper Objects:
[10/15/2007, 18:32:48] - BHO 1: {014DA6C1-189F-421a-88CD-07CFE51CFF10} (My Search BHO)
[10/15/2007, 18:32:48] - BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[10/15/2007, 18:32:48] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[10/15/2007, 18:32:48] - BHO 4: {2d1c8fb1-380b-4361-9c64-5acc5f6271c6} ()
[10/15/2007, 18:32:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/15/2007, 18:32:48] - Checking for HKLM\...\Winlogon\Notify\rtlhknre
[10/15/2007, 18:32:48] - Key not found: HKLM\...\Winlogon\Notify\rtlhknre, continuing.
[10/15/2007, 18:32:48] - BHO 5: {72D882FB-4E66-4F83-9F2F-AEB2F428C37C} ()
[10/15/2007, 18:32:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/15/2007, 18:32:48] - Checking for HKLM\...\Winlogon\Notify\ddabc
[10/15/2007, 18:32:48] - Key not found: HKLM\...\Winlogon\Notify\ddabc, continuing.
[10/15/2007, 18:32:48] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/15/2007, 18:32:48] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[10/15/2007, 18:32:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/15/2007, 18:32:48] - No filename found. Continuing.
[10/15/2007, 18:32:48] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[10/15/2007, 18:32:48] - BHO 9: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
[10/15/2007, 18:32:49] - BHO 10: {b7c0ad3f-0924-485a-a426-11001770312a} ()
[10/15/2007, 18:32:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/15/2007, 18:32:49] - Checking for HKLM\...\Winlogon\Notify\vggraiwn
[10/15/2007, 18:32:49] - Key not found: HKLM\...\Winlogon\Notify\vggraiwn, continuing.
[10/15/2007, 18:32:49] - BHO 11: {bf00e119-21a3-4fd1-b178-3b8537e75c92} (IeMonitorBho Class)
[10/15/2007, 18:32:49] - Finished Searching Browser Helper Objects
[10/15/2007, 18:32:49] - Finishing up...
[10/15/2007, 18:32:49] - Nothing found! Exiting...

[10/15/2007, 18:54:50] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Jessi\Bureau\virus a héradiquer\VirtumundoBeGone.exe" )
[10/15/2007, 18:54:53] - Detected System Information:
[10/15/2007, 18:54:53] - Windows Version: 5.1.2600, Service Pack 2
[10/15/2007, 18:54:53] - Current Username: Jessi (Admin)
[10/15/2007, 18:54:53] - Windows is in SAFE mode with Networking.
[10/15/2007, 18:54:53] - Searching for Browser Helper Objects:
[10/15/2007, 18:54:53] - BHO 1: {014DA6C1-189F-421a-88CD-07CFE51CFF10} (My Search BHO)
[10/15/2007, 18:54:53] - BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[10/15/2007, 18:54:53] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[10/15/2007, 18:54:53] - BHO 4: {2d1c8fb1-380b-4361-9c64-5acc5f6271c6} ()
[10/15/2007, 18:54:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/15/2007, 18:54:53] - Checking for HKLM\...\Winlogon\Notify\rtlhknre
[10/15/2007, 18:54:53] - Key not found: HKLM\...\Winlogon\Notify\rtlhknre, continuing.
[10/15/2007, 18:54:53] - BHO 5: {72D882FB-4E66-4F83-9F2F-AEB2F428C37C} ()
[10/15/2007, 18:54:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/15/2007, 18:54:53] - Checking for HKLM\...\Winlogon\Notify\ddabc
[10/15/2007, 18:54:53] - Key not found: HKLM\...\Winlogon\Notify\ddabc, continuing.
[10/15/2007, 18:54:53] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/15/2007, 18:54:53] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[10/15/2007, 18:54:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/15/2007, 18:54:53] - No filename found. Continuing.
[10/15/2007, 18:54:53] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[10/15/2007, 18:54:53] - BHO 9: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
[10/15/2007, 18:54:53] - BHO 10: {b7c0ad3f-0924-485a-a426-11001770312a} ()
[10/15/2007, 18:54:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/15/2007, 18:54:53] - Checking for HKLM\...\Winlogon\Notify\vggraiwn
[10/15/2007, 18:54:53] - Key not found: HKLM\...\Winlogon\Notify\vggraiwn, continuing.
[10/15/2007, 18:54:53] - BHO 11: {bf00e119-21a3-4fd1-b178-3b8537e75c92} (IeMonitorBho Class)
[10/15/2007, 18:54:53] - Finished Searching Browser Helper Objects
[10/15/2007, 18:54:53] - Finishing up...
[10/15/2007, 18:54:53] - Nothing found! Exiting...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:34:48, on 15/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0\bin\jucheck.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2d1c8fb1-380b-4361-9c64-5acc5f6271c6} - C:\WINDOWS\system32\rtlhknre.dll
O2 - BHO: (no name) - {72D882FB-4E66-4F83-9F2F-AEB2F428C37C} - C:\WINDOWS\system32\ddabc.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: {a2130771-0011-624a-a584-4290f3da0c7b} - {b7c0ad3f-0924-485a-a426-11001770312a} - C:\WINDOWS\system32\vggraiwn.dll
O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: awtqq - C:\WINDOWS\system32\awtqq.dll
O20 - Winlogon Notify: awtqr - C:\WINDOWS\system32\awtqr.dll
O20 - Winlogon Notify: awtsr - C:\WINDOWS\system32\awtsr.dll
O20 - Winlogon Notify: awvts - C:\WINDOWS\system32\awvts.dll
O20 - Winlogon Notify: awvtu - C:\WINDOWS\system32\awvtu.dll
O20 - Winlogon Notify: mljjg - C:\WINDOWS\system32\mljjg.dll
O20 - Winlogon Notify: mllmj - C:\WINDOWS\system32\mllmj.dll
O20 - Winlogon Notify: pmkhg - C:\WINDOWS\system32\pmkhg.dll
O20 - Winlogon Notify: pmnnl - C:\WINDOWS\system32\pmnnl.dll
O20 - Winlogon Notify: pmnno - C:\WINDOWS\system32\pmnno.dll
O20 - Winlogon Notify: ssttu - C:\WINDOWS\system32\ssttu.dll
O20 - Winlogon Notify: vtsqo - C:\WINDOWS\system32\vtsqo.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: (no name) - http://www.europe2.fr/img/header/logo.gif
0
Réponse 8 / 22
nardino Messages postés 1633 Date d'inscription jeudi 20 mai 2004 Statut Membre Dernière intervention 6 mars 2010 119
15 oct. 2007 à 20:57
Bonsoir.

Tant que tu auras trois antivirus en même temps sur ton pc on ne parviendra à rien de bon.
Désinstalles Avast et Symantec.
Pour Symantec tu as le lien, pour Avast voic:
https://www.avast.com/fr-fr/uninstall-utility
Avast désinstalleur

Télécharge Combofix de sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Ces deux programmes supprimés et après avoir redémarré en mode sans échec, tu repasses Vundofix , Virtumondobegone et Combofix.
- Ferme toutes les fenêtres
- Double-clique sur combofix.exe (ne clique pas sur la fenêtre qui s'ouvre)
- Appuie sur Y pour lancer le scan
- A la fin du scan (cela peut prendre du temps), un rapport sera créé.
- Poste ce rapport dans ton prochain message.
Tu redémarres en mode normal et tu postes les trois rapports et un nouveau rapport Hijackthis
0
Réponse 9 / 22
jess7001
16 oct. 2007 à 15:11
coucou nardino,
grâce à tous tes conseils j'ai l'impression d'être beaucoup moins infectée car je ne trouve presque plus de virus sur les outils de détection mais j'ai tjrs des fenètre de pub qui souvre sur msn.
Mai bon je sui deséspérée car malgré tou sa , depui hier j'ai plu internet.
j' ai trouver a autre ordi ou je v télécharger les désinstalleur et appliquer tes conseils mai com je ni ai pa accé svt sa va etre dur de communiker mai je te poste le plu rapidemen possibles mes rappor.

Par contre si sa ne se résou pa biento, surtou mes problème de connection internet ( proxy, port principaux, https) est il judicieux de faire une restauration avant le momen ou g u mon virus ? ( car je pense ke c t débu octobre sur msn virus n039_jpg.zip)

Merci pour tou et a biento

jess


Heure de la dernière exécution du diagnostic : 10/15/07 20:04:02
Diagnostic de la carte réseau
Détection de l'emplacement réseau

info Utilisation d'une connexion Internet à domicile
Identification de la carte réseau

info Connexion réseau : Nom=Connexion réseau sans fil, périphérique=NB 802.11g Wireless Network PCI Adapter(1130), type de support=Réseau local, sous-type de support=SANS FIL
info Connexion réseau : Nom=Connexion au réseau local, périphérique=VIA Rhine II Fast Ethernet Adapter, type de support=Réseau local, sous-type de support=Réseau local
info Connexion réseau : Nom=Connexion au réseau local 2, périphérique=Bluetooth PAN Network Adapter, type de support=Réseau local, sous-type de support=Réseau local
warn Cet ordinateur possède plusieurs adaptateurs Ethernet ou sans fil
info Redirection de l'utilisateur vers l'appel d'aide

Diagnostic HTTP, HTTPS, FTP
Connectivité HTTP, HTTPS, FTP

warn HTTPS: Erreur 12029 lors de la connexion à www.microsoft.com : A connection with the server could not be established
warn HTTPS: Erreur 12029 lors de la connexion à www.passport.net : A connection with the server could not be established
info HTTP: Connexion réussie à www.microsoft.com.
info FTP (passif): Connexion réussie à ftp.microsoft.com.
error Impossible d'établir une connexion HTTPS.


Heure de la dernière exécution du diagnostic : 10/15/07 21:47:24
Diagnostic de la carte réseau
Détection de l'emplacement réseau

info Utilisation d'une connexion Internet à domicile
Identification de la carte réseau

info Connexion réseau : Nom=Connexion réseau sans fil, périphérique=NB 802.11g Wireless Network PCI Adapter(1130), type de support=Réseau local, sous-type de support=SANS FIL
info Connexion réseau : Nom=Connexion au réseau local, périphérique=VIA Rhine II Fast Ethernet Adapter, type de support=Réseau local, sous-type de support=Réseau local
info Connexion réseau : Nom=Connexion au réseau local 2, périphérique=Bluetooth PAN Network Adapter, type de support=Réseau local, sous-type de support=Réseau local
warn Cet ordinateur possède plusieurs adaptateurs Ethernet ou sans fil
info Redirection de l'utilisateur vers l'appel d'aide

Diagnostic HTTP, HTTPS, FTP
Connectivité HTTP, HTTPS, FTP

warn HTTPS: Erreur 12029 lors de la connexion à www.microsoft.com : A connection with the server could not be established
warn HTTPS: Erreur 12029 lors de la connexion à www.passport.net : A connection with the server could not be established
info HTTP: Connexion réussie à www.microsoft.com.
info FTP (passif): Connexion réussie à ftp.microsoft.com.
error Impossible d'établir une connexion HTTPS.
0
Réponse 10 / 22
nardino Messages postés 1633 Date d'inscription jeudi 20 mai 2004 Statut Membre Dernière intervention 6 mars 2010 119
16 oct. 2007 à 22:24
Bonsoir.

As-tu désinstaller les antivirus comme demandé ?
Pour réparer ta connexion, télécharge :
https://www.snapfiles.com/downloads/winsockxpfix/dlwinsockxpfix.html
WinSock XP Fix

Et tu le lances.
Il te faudra redémarrer.


0
Réponse 11 / 22
jess7001
19 oct. 2007 à 21:24
bonsoir nardino,
oui j'ai désinstallé norton et avast et du cou comme par magie j'ai retrouver ma connexion internet lol, donc mille merci
du cou j'ai réinstallé avast et un pare feu zone alarm pour me protégé. car apré une période de calme, pas de symptome d'infection, avast essaie de bloquer des attaque s féquente "dcom exploit". Est ce grave?

sinon voici les log demandés:

pas d'infection d'aprés vundofix


[10/19/2007, 17:39:41] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Jessi\Bureau\Copie de virus a héradiquer\VirtumundoBeGone.exe" )
[10/19/2007, 17:40:00] - User choose NOT to continue. Exiting...

[10/19/2007, 17:40:37] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Jessi\Bureau\Copie de virus a héradiquer\VirtumundoBeGone.exe" )
[10/19/2007, 17:40:39] - Detected System Information:
[10/19/2007, 17:40:39] - Windows Version: 5.1.2600, Service Pack 2
[10/19/2007, 17:40:39] - Current Username: Jessi (Admin)
[10/19/2007, 17:40:39] - Windows is in SAFE mode with Networking.
[10/19/2007, 17:40:39] - Searching for Browser Helper Objects:
[10/19/2007, 17:40:39] - BHO 1: {014DA6C1-189F-421a-88CD-07CFE51CFF10} (My Search BHO)
[10/19/2007, 17:40:39] - BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[10/19/2007, 17:40:39] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[10/19/2007, 17:40:39] - BHO 4: {2d1c8fb1-380b-4361-9c64-5acc5f6271c6} ()
[10/19/2007, 17:40:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/19/2007, 17:40:39] - Checking for HKLM\...\Winlogon\Notify\rtlhknre
[10/19/2007, 17:40:39] - Key not found: HKLM\...\Winlogon\Notify\rtlhknre, continuing.
[10/19/2007, 17:40:39] - BHO 5: {72D882FB-4E66-4F83-9F2F-AEB2F428C37C} ()
[10/19/2007, 17:40:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/19/2007, 17:40:39] - No filename found. Continuing.
[10/19/2007, 17:40:39] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/19/2007, 17:40:39] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[10/19/2007, 17:40:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/19/2007, 17:40:39] - No filename found. Continuing.
[10/19/2007, 17:40:39] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[10/19/2007, 17:40:39] - BHO 9: {b7c0ad3f-0924-485a-a426-11001770312a} ()
[10/19/2007, 17:40:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/19/2007, 17:40:39] - Checking for HKLM\...\Winlogon\Notify\vggraiwn
[10/19/2007, 17:40:39] - Key not found: HKLM\...\Winlogon\Notify\vggraiwn, continuing.
[10/19/2007, 17:40:39] - BHO 10: {bf00e119-21a3-4fd1-b178-3b8537e75c92} (IeMonitorBho Class)
[10/19/2007, 17:40:40] - Finished Searching Browser Helper Objects
[10/19/2007, 17:40:40] - Finishing up...
[10/19/2007, 17:40:40] - Nothing found! Exiting...


ComboFix 07-10-16.1 - Jessi 2007-10-19 17:46:02.1 - NTFSx86 MINIMAL
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.245 [GMT 2:00]
Running from: C:\Documents and Settings\Jessi\Bureau\Copie de virus a h‚radiquer\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\awtsr.dll
C:\WINDOWS\system32\awvts.dll
C:\WINDOWS\system32\awvtu.dll
C:\WINDOWS\system32\daedonly.dll
C:\WINDOWS\system32\elxwpkby.dll
C:\WINDOWS\system32\etentgus.dll
C:\WINDOWS\system32\fjqunywb.dll
C:\WINDOWS\system32\fpdcugdg.dll
C:\WINDOWS\system32\fsdbjrua.dll
C:\WINDOWS\system32\ghkmp.bak1
C:\WINDOWS\system32\ghkmp.bak1
C:\WINDOWS\system32\ghkmp.bak2
C:\WINDOWS\system32\ghkmp.bak2
C:\WINDOWS\system32\ghkmp.ini
C:\WINDOWS\system32\ghkmp.ini
C:\WINDOWS\system32\gjjlm.bak1
C:\WINDOWS\system32\gjjlm.bak1
C:\WINDOWS\system32\gjjlm.ini
C:\WINDOWS\system32\gjjlm.ini
C:\WINDOWS\system32\hyvxyytj.dll
C:\WINDOWS\system32\jjmwewrf.dll
C:\WINDOWS\system32\jmllm.bak1
C:\WINDOWS\system32\jmllm.bak1
C:\WINDOWS\system32\jmllm.ini
C:\WINDOWS\system32\jmllm.ini
C:\WINDOWS\system32\lnnmp.bak1
C:\WINDOWS\system32\lnnmp.bak1
C:\WINDOWS\system32\lnnmp.bak2
C:\WINDOWS\system32\lnnmp.bak2
C:\WINDOWS\system32\lnnmp.ini
C:\WINDOWS\system32\lnnmp.ini
C:\WINDOWS\system32\mljjg.dll
C:\WINDOWS\system32\mllmj.dll
C:\WINDOWS\system32\nloghygl.dll
C:\WINDOWS\system32\npdjuxug.dll
C:\WINDOWS\system32\ojntilnc.dll
C:\WINDOWS\system32\onnmp.bak1
C:\WINDOWS\system32\onnmp.bak1
C:\WINDOWS\system32\onnmp.bak2
C:\WINDOWS\system32\onnmp.bak2
C:\WINDOWS\system32\onnmp.ini
C:\WINDOWS\system32\onnmp.ini
C:\WINDOWS\system32\oqstv.bak1
C:\WINDOWS\system32\oqstv.bak1
C:\WINDOWS\system32\oqstv.bak2
C:\WINDOWS\system32\oqstv.bak2
C:\WINDOWS\system32\oqstv.ini
C:\WINDOWS\system32\oqstv.ini
C:\WINDOWS\system32\pmkhg.dll
C:\WINDOWS\system32\pmnnl.dll
C:\WINDOWS\system32\pmnno.dll
C:\WINDOWS\system32\ppieaejw.dll
C:\WINDOWS\system32\qqtwa.bak1
C:\WINDOWS\system32\qqtwa.ini
C:\WINDOWS\system32\quwstkbx.dll
C:\WINDOWS\system32\rbhxnfms.dll
C:\WINDOWS\system32\rqtwa.bak1
C:\WINDOWS\system32\rqtwa.bak2
C:\WINDOWS\system32\rqtwa.ini
C:\WINDOWS\system32\rstwa.bak1
C:\WINDOWS\system32\rstwa.bak1
C:\WINDOWS\system32\rstwa.bak2
C:\WINDOWS\system32\rstwa.bak2
C:\WINDOWS\system32\rstwa.ini
C:\WINDOWS\system32\rstwa.ini
C:\WINDOWS\system32\rtlhknre.dll
C:\WINDOWS\system32\rtqvmljc.dll
C:\WINDOWS\system32\ssttu.dll
C:\WINDOWS\system32\stvwa.bak1
C:\WINDOWS\system32\stvwa.bak1
C:\WINDOWS\system32\stvwa.ini
C:\WINDOWS\system32\stvwa.ini
C:\WINDOWS\system32\ubhhixsu.dll
C:\WINDOWS\system32\uttss.ini
C:\WINDOWS\system32\utvwa.bak1
C:\WINDOWS\system32\utvwa.bak1
C:\WINDOWS\system32\utvwa.ini
C:\WINDOWS\system32\utvwa.ini
C:\WINDOWS\system32\vggraiwn.dll
C:\WINDOWS\system32\vrgrjcae.dll
C:\WINDOWS\system32\vssnojea.dll
C:\WINDOWS\system32\vtsqo.dll
C:\WINDOWS\system32\winspool.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-19 to 2007-10-19 ))))))))))))))))))))))))))))))))))))
.

2007-10-19 17:41 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-18 22:08 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-10-18 22:08 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-18 22:08 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-18 22:08 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-18 22:08 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-18 22:08 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-18 22:07 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-10-17 01:04 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-10-15 18:25 <REP> d-------- C:\WINDOWS\pss
2007-10-15 17:37 <REP> d-------- C:\VundoFix Backups
2007-10-15 17:23 83,008 --a------ C:\WINDOWS\system32\wriugplm.dll
2007-10-14 22:56 <REP> d-------- C:\Program Files\Webroot
2007-10-14 22:56 <REP> d-------- C:\Documents and Settings\Jessi\Application Data\Webroot
2007-10-14 22:56 427,520 --a------ C:\WINDOWS\WRServices.dll
2007-10-14 22:56 102,912 --a------ C:\WINDOWS\system32\islzma.dll
2007-10-14 21:12 4,476 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-14 21:10 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-14 21:10 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-14 21:09 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-14 21:09 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-14 20:58 <REP> d-------- C:\Program Files\Navilog1
2007-10-14 16:04 <REP> d-------- C:\Program Files\Trend Micro
2007-10-14 14:26 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-10-13 09:20 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-10-13 09:20 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-10-13 04:00 <REP> d-------- C:\Documents and Settings\Jessi\Application Data\Grisoft
2007-10-13 03:59 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-13 03:50 <REP> d-------- C:\Program Files\MSN Messenger
2007-10-13 02:38 <REP> d-------- C:\Program Files\Windows Live
2007-10-13 02:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-10-12 17:06 46,208 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2007-10-12 17:05 <REP> d-------- C:\Documents and Settings\X\Application Data\Grisoft
2007-10-12 00:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-12 00:10 <REP> d-------- C:\Program Files\Yahoo!
2007-10-12 00:10 <REP> d-------- C:\Program Files\CCleaner
2007-10-10 18:22 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 21:02 <REP> d-------- C:\Program Files\DivX
2007-10-09 18:32 83,008 --a------ C:\WINDOWS\system32\bfyyrooa.dll
2007-10-08 23:36 <REP> d-------- C:\Program Files\Toshiba
2007-10-01 20:51 83,008 --a------ C:\WINDOWS\system32\gyklsmbg.dll
2007-09-29 13:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ConeXware
2007-09-25 21:48 22 --a------ C:\WINDOWS\N039_jpg.zip
2007-09-20 19:20 <REP> d-------- C:\Program Files\iPod
2007-09-20 19:19 <REP> d-------- C:\Program Files\iTunes
2007-09-20 19:18 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-09-20 19:15 <REP> d-------- C:\Program Files\Apple Software Update
2007-09-20 19:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-16 13:36 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-10-16 12:23 --------- d-----w C:\Program Files\PowerArchiver
2007-10-15 19:54 --------- d-----w C:\Program Files\Megaupload
2007-10-14 20:00 --------- d-----w C:\Documents and Settings\Jessi\Application Data\Azureus
2007-10-12 15:29 --------- d-----w C:\Program Files\Lavasoft
2007-10-12 15:29 --------- d-----w C:\Documents and Settings\Jessi\Application Data\Lavasoft
2007-10-08 21:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-27 09:55 --------- d-----w C:\Program Files\Winamp
2007-08-26 23:25 --------- d-----w C:\Documents and Settings\Jessi\Application Data\dvdcss
2007-08-19 20:00 --------- d-----w C:\Program Files\MySearch
2007-08-19 20:00 --------- d-----w C:\Program Files\FreeRIP3
2007-02-25 15:14 2,131,397 ----a-w C:\Program Files\superconverter.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72D882FB-4E66-4F83-9F2F-AEB2F428C37C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 14:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-08-12 15:13]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-08-12 15:12]
"VTTimer"="VTTimer.exe" [2005-03-08 03:33 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-01-11 07:33 C:\WINDOWS\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 11:01 C:\WINDOWS\SOUNDMAN.EXE]
"NWEReboot"="" []
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-08-31 17:13]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-05 14:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
"PowerArchiver Tray"="C:\Program Files\PowerArchiver\PASTARTER.EXE" [2007-06-11 18:32]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqq]
C:\WINDOWS\system32\awtqq.dll 2007-09-18 10:57 283232 C:\WINDOWS\system32\awtqq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqr]
C:\WINDOWS\system32\awtqr.dll 2007-09-17 00:39 283232 C:\WINDOWS\system32\awtqr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"c:\Apps\Powercinema\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
"C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43c49fbf-20e2-11db-ae10-00038a000015}]
Auto\command - E:\AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed77a6ee-3795-11dc-aeed-00116758be97}]
Auto\command - AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-16 15:25:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-02-05 18:32:49 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-19 17:51:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-19 17:53:58 - machine was rebooted
.
--- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:38:44, on 19/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre1.6.0\bin\jucheck.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {72D882FB-4E66-4F83-9F2F-AEB2F428C37C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: awtqq - C:\WINDOWS\system32\awtqq.dll
O20 - Winlogon Notify: awtqr - C:\WINDOWS\system32\awtqr.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: (no name) - http://www.europe2.fr/img/header/logo.gif
0
Réponse 12 / 22
nardino Messages postés 1633 Date d'inscription jeudi 20 mai 2004 Statut Membre Dernière intervention 6 mars 2010 119
19 oct. 2007 à 23:13
Bonsoir.

On ne va jamais y arriver si tu fais les choses à moitié !

Télécharge OTMoveIt : http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe Sur ton bureau. Important.

Tu as encore deux antivirus, supprimes-en un des deux.

Mais auparavant fais un scan en mode sans échec avec Antivir et poste le rapport, comme expliqué.
Tu cliques sur l'icône du bureau pour lancer Antivir.
Dans l'onglet Scanner,; tu cliques sur la croix devant Manual Selection et tu coches Poste de travail.
Tu laisses tout coché pour la première analyse.
Tu cliques sur l'icône en forme de loupe en-dessous de Status pour lancer l'analyse qui peut durée une heure.
Il est préférable de ne pas s'éloigner pour répondre aux messages en cas d'alerte.
Tu choisis "Moved to quarantine" pour tout ce qu'il trouve.
Quand le scan est terminé, tu clique sur End et sur Report.
Enregistre le blocnote sur le bureau sous antivir.txt

La suite toujours sans échec
Je t'ai aussi demandé de passer Combofix et de poster son rapport : C:\Combofix.txt
- Ferme toutes les fenêtres
- Double-clique sur combofix.exe (ne clique pas sur la fenêtre qui s'ouvre)
- Appuie sur Y pour lancer le scan
- A la fin du scan (cela peut prendre du temps), un rapport sera créé.
- Poste ce rapport dans ton prochain message.

Relance Hijackthis, toute autre application fermée, par Scan only et coche :

O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: (no name) - {72D882FB-4E66-4F83-9F2F-AEB2F428C37C} - (no file)
O20 - Winlogon Notify: awtqq - C:\WINDOWS\system32\awtqq.dll
O20 - Winlogon Notify: awtqr - C:\WINDOWS\system32\awtqr.dll

Clique sur Fix checked.

Lance OtMoveIt, il ne nécessite pas d'installation.

Tu inscris ou tu colles le chemin du fichier/dossier à supprimer dans la fenêtre de gauche (Paste List of Files/Folders to be moved) et tu cliques sur MoveIt!.
(La case Unregister Dll's and OCX's doit être cochée.)

C:\WINDOWS\system32\awtqq.dll

Le fichier passe alors dans la fenêtre de droite.
Et tu obtiendras à la racine du système un dossier C:\_OTMoveIt
Dans ce dernier il y aura un sous-dossier Moved Files dans lequel il y aura une sauvegarde du/des fichier(s) supprimé(s) et un fichier
de ce type 10192007_******.log (mm/jj/aaaa_hh/mm/ss = date et horaire de la suppression) que tu posteras par copier-coller pour contrôle.

Si un redémarrage est demandé, accepte-le après avoir fermé tes applications en cours et terminé la procédure.

ET TU ME POSTES SANS FAUTES:
-C:\Combofix.txt
-Antivir.txt sur le byreau
-C:\_OtMoveIt\Moved Files\rapport.txt
-Un nouveau rapport Hijackthis
-Des nouvelles de tes problèmes.

MERCI.
0
Réponse 13 / 22
jess7001
21 oct. 2007 à 01:51
Bonsoir Nardino,
Désolé, j'ai vraiment fait ce que tu m'as dit sérieusement mais je ne comprend pas toujours tout
Pour antivir, il été désinstallé des programmes depuis longtemps mais quand tu m'as dit qu'il y avait conflit, j'ai fait une recherche de fichiers antivir. Il y en avait donc sur le pc mais je ne le savais pas, mais je les ai tous supprimés comme tu me l'as demandé avant de faire les scan et de te les envoyer.
Je penser vraiment que je n'avais plus aucun antivirus, c'est pour ça que j'ai réinstallé avast mais comme tu me dis que antivir et toujours là, je vais télécharger antivir (car je ne le trouve pas sur mon pc) et le réinstaller et désinstaller avast méme si je prèfère ce dernier qui est en français.

Sinon la dernière fois, je t'ai envoyé le rapport du combofix. Demain, je fais tout ce que tu m'as demandé et j'espère sans faire d'erreur.

Merci pour tout et notamment de ta patience! lol

Bye à+

Jess
0
Réponse 14 / 22
jess7001
24 oct. 2007 à 00:33
Coucou nardino,
Dsl j'ai du retard dan l'envoi de mes rapports, en plus tu va pa etre content lol : tou ne c'est pa passé comme tu me l'as dit

AntiVir PersonalEdition Classic
Report file date: lundi 22 octobre 2007 20:31

Scanning for 900172 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Jessi
Computer name: JESSICA

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 13:26:55
ANTIVIR2.VDF : 7.0.0.91 687104 Bytes 16/10/2007 17:20:04
ANTIVIR3.VDF : 7.0.0.119 225792 Bytes 22/10/2007 17:20:04
AVEWIN32.DLL : 7.6.0.27 3019264 Bytes 22/10/2007 17:20:04
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive


ComboFix 07-10-16.1 - Jessi 2007-10-23 22:57:41.3 - NTFSx86 MINIMAL
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.265 [GMT 2:00]
Running from: C:\Documents and Settings\Jessi\Bureau\Copie de virus a h‚radiquer\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-09-23 to 2007-10-23 ))))))))))))))))))))))))))))))))))))
.

2007-10-23 22:12 <REP> d-------- C:\Program Files\Sunbelt Software
2007-10-22 19:16 <REP> d-------- C:\Program Files\Avira
2007-10-22 19:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-10-21 02:09 <REP> d-------- C:\WINDOWS\AU_Backup
2007-10-21 02:09 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2007-10-21 02:09 267,845 --a------ C:\WINDOWS\tsc.exe
2007-10-21 02:09 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-10-21 02:09 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2007-10-21 02:08 <REP> d-------- C:\WINDOWS\AU_Temp
2007-10-21 02:08 <REP> d-------- C:\WINDOWS\AU_Log
2007-10-21 02:08 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-10-21 02:08 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-10-21 02:08 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-10-19 21:07 <REP> d-------- C:\Webroot
2007-10-19 18:25 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-10-19 18:21 <REP> d-------- C:\WINDOWS\Internet Logs
2007-10-19 17:41 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-17 01:04 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-10-15 18:25 <REP> d-------- C:\WINDOWS\pss
2007-10-15 17:37 <REP> d-------- C:\VundoFix Backups
2007-10-14 22:56 <REP> d-------- C:\Program Files\Webroot
2007-10-14 22:56 <REP> d-------- C:\Documents and Settings\Jessi\Application Data\Webroot
2007-10-14 22:56 427,520 --a------ C:\WINDOWS\WRServices.dll
2007-10-14 22:56 102,912 --a------ C:\WINDOWS\system32\islzma.dll
2007-10-14 21:12 4,476 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-14 21:10 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-14 21:10 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-14 21:09 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-14 21:09 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-14 20:58 <REP> d-------- C:\Program Files\Navilog1
2007-10-14 16:04 <REP> d-------- C:\Program Files\Trend Micro
2007-10-14 14:26 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-10-13 09:20 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-10-13 09:20 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-10-13 04:00 <REP> d-------- C:\Documents and Settings\Jessi\Application Data\Grisoft
2007-10-13 03:59 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-13 03:50 <REP> d-------- C:\Program Files\MSN Messenger
2007-10-13 02:38 <REP> d-------- C:\Program Files\Windows Live
2007-10-13 02:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-10-12 17:06 46,208 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2007-10-12 17:05 <REP> d-------- C:\Documents and Settings\X\Application Data\Grisoft
2007-10-12 00:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-12 00:10 <REP> d-------- C:\Program Files\Yahoo!
2007-10-12 00:10 <REP> d-------- C:\Program Files\CCleaner
2007-10-10 18:22 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 21:02 <REP> d-------- C:\Program Files\DivX
2007-10-08 23:36 <REP> d-------- C:\Program Files\Toshiba
2007-09-29 13:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ConeXware
2007-09-25 21:48 22 --a------ C:\WINDOWS\N039_jpg.zip

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-23 20:51 167 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-10-19 16:09 --------- d-----w C:\Program Files\adslTV
2007-10-19 16:08 --------- d-----w C:\Program Files\PowerArchiver
2007-10-16 13:36 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-10-15 19:54 --------- d-----w C:\Program Files\Megaupload
2007-10-14 20:00 --------- d-----w C:\Documents and Settings\Jessi\Application Data\Azureus
2007-10-12 15:29 --------- d-----w C:\Program Files\Lavasoft
2007-10-12 15:29 --------- d-----w C:\Documents and Settings\Jessi\Application Data\Lavasoft
2007-10-08 21:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-07 19:02 46,080 ----a-w C:\WINDOWS\system32\ftp.exe
2007-10-07 19:02 17,920 ----a-w C:\WINDOWS\system32\tftp.exe
2007-09-27 09:55 --------- d-----w C:\Program Files\Winamp
2007-09-20 17:20 --------- d-----w C:\Program Files\iTunes
2007-09-20 17:20 --------- d-----w C:\Program Files\iPod
2007-09-20 17:18 --------- d-----w C:\Program Files\Fichiers communs\Apple
2007-09-20 17:15 --------- d-----w C:\Program Files\Apple Software Update
2007-09-20 17:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-09-16 22:34 23,552 ------w C:\WINDOWS\system32\mljhijj.dll
2007-08-26 23:25 --------- d-----w C:\Documents and Settings\Jessi\Application Data\dvdcss
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:17 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 09:59 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 09:59 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 09:59 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 09:59 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 09:59 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 09:59 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 09:59 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 09:59 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 09:59 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 09:59 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 09:59 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 09:59 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 09:59 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-20 09:59 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 09:59 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 09:59 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 09:59 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 09:59 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 09:59 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 09:59 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 09:59 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 09:59 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 09:59 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 10:22 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 10:22 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:22 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-08-17 07:34 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2007-02-25 15:14 2,131,397 ----a-w C:\Program Files\superconverter.exe
.

((((((((((((((((((((((((((((( snapshot@2007-10-19_17.52.48.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-17 01:58:34 71,749 ----a-w C:\WINDOWS\AU_Temp\1\27\hcextoutput.dll
+ 2007-10-17 01:58:34 267,845 ----a-w C:\WINDOWS\AU_Temp\1\27\tsc.exe
+ 2005-11-09 18:05:12 86,094 ----a-w C:\WINDOWS\AU_Temp\2\4\BPMNT.dll
+ 2007-06-12 16:49:28 1,163,344 ----a-w C:\WINDOWS\AU_Temp\2\4\vsapi32.dll
+ 1999-07-23 08:53:20 129,536 ----a-w C:\WINDOWS\AuHCcup1.dll
+ 2007-10-23 20:12:34 18,718 ----a-r C:\WINDOWS\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\ARPPRODUCTICON.exe
+ 2007-10-23 20:12:34 18,718 ----a-r C:\WINDOWS\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\NewShortcut1_E659E0EE10E649B7869660F38D0EB174.exe
+ 2007-10-23 20:12:34 18,718 ----a-r C:\WINDOWS\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\NewShortcut2_8315396A5EA1419DBEC4978284BDF556.exe
+ 2002-10-15 12:29:40 77,824 ----a-w C:\WINDOWS\loadhttp.dll
+ 2001-12-14 11:34:46 164,864 ----a-w C:\WINDOWS\patchw32.dll
+ 2005-11-02 16:07:12 99,328 ----a-w C:\WINDOWS\runtsckl.exe
- 2007-02-27 13:18:30 40,000 -c--a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-08-09 11:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
- 2006-11-22 12:30:31 14,848 -c--a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2007-07-18 12:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
- 2007-03-20 07:55:45 43,584 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-10-22 17:20:04 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-04-26 08:21:30 302,000 ----a-w C:\WINDOWS\system32\drivers\fwdrv.sys
+ 2007-04-26 08:21:34 72,624 ----a-w C:\WINDOWS\system32\drivers\khips.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72D882FB-4E66-4F83-9F2F-AEB2F428C37C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 14:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-08-12 15:13]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-08-12 15:12]
"VTTimer"="VTTimer.exe" [2005-03-08 03:33 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-01-11 07:33 C:\WINDOWS\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 11:01 C:\WINDOWS\SOUNDMAN.EXE]
"NWEReboot"="" []
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-08-31 17:13]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-22 19:20]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2003-12-13 02:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-08-01 00:37]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [2005-06-15 02:17]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-10-08 03:14]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 10:00]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-26 13:01]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-05 14:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59]
"PowerArchiver Tray"="C:\Program Files\PowerArchiver\PASTARTER.EXE" [2007-06-11 18:32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"<NO NAME>"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqq]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
S1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys
S3 suscom;Susteen Serial port driver;C:\WINDOWS\system32\DRIVERS\suscom.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 XG350XP;NB 802.11g XG350 Driver;C:\WINDOWS\system32\DRIVERS\WlanCTG.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43c49fbf-20e2-11db-ae10-00038a000015}]
Auto\command - E:\AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed77a6ee-3795-11dc-aeed-00116758be97}]
Auto\command - AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

*Newly Created Service* - FWDRV
*Newly Created Service* - SPF4
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-16 15:25:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-02-05 18:32:49 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-23 22:59:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"
.
Completion time: 2007-10-23 23:00:29
C:\ComboFix2.txt ... 2007-10-19 17:53
.
--- E O F ---




C:\_OtMoveIt\Moved Files\rapport.txt

File/Folder C:\WINDOWS\system32\awtqq.dll not found.

Created on 10/23/2007 23:10:22

Pour move it , j'ai pas pu faire se que tu ma di




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:08:59, on 23/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: (no name) - http://www.europe2.fr/img/header/logo.gif
0
Réponse 15 / 22
nardino Messages postés 1633 Date d'inscription jeudi 20 mai 2004 Statut Membre Dernière intervention 6 mars 2010 119
24 oct. 2007 à 10:57
Bonjour.

Tu vas dans Antivir, Reports et sur la ligne qui correspond à ton dernier scan, dna sle cas où tu en as plusieur tu ouvres le rapport et tu le postes.
Celui que tu as posté est incomplet.
Télécharge ce fix:
http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe

Il suffit de cliquer sur le fichier .exe pour l'exécuter.
Si ta clé USB n'est pas introduite, il sera demandé de la connecter.

Dans un blocnote ( Tous les programmes-Accessoires) tu copies-colles ce qui suite dans l'encadré.
Dans Format, veille à bien retirer la coche devant Retour à la ligne automatique.
Fais un retour chariot ( Entrée) après la dernière ligne.

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"<NO NAME>"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqq]


Dans Fichier, Enregistrer sous, Tous les fichiers, sur le bureau tu enregistres sous le nom fix.reg
Si le fichier obtenu est appelé fix.reg.txt, tu le renommes en supprimant .txt à la fin

Ensuite tu double-clique sur ce fichier et tu choisis Fusionner et tu acceptes.
Un message t'avertira de la bonne exécution du fix.
L'icône du fichier : https://www.118712.fr/sortir.html

Tu refais un log Hijackthis en mode normal que tu postes avec le rapport Antivir et des infos sur les problèmes restants.
0
Réponse 16 / 22
jess7001
24 oct. 2007 à 23:19
Bonsoir,
désolé d'avoir mal copié mon rapport antivir, le voici complet:


AntiVir PersonalEdition Classic
Report file date: lundi 22 octobre 2007 20:31

Scanning for 900172 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Jessi
Computer name: JESSICA

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 13:26:55
ANTIVIR2.VDF : 7.0.0.91 687104 Bytes 16/10/2007 17:20:04
ANTIVIR3.VDF : 7.0.0.119 225792 Bytes 22/10/2007 17:20:04
AVEWIN32.DLL : 7.6.0.27 3019264 Bytes 22/10/2007 17:20:04
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: lundi 22 octobre 2007 20:31

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'WRSSSDK.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
14 processes with 14 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
C:\WINDOWS\system32\awtqq.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4790ed0c.qua'!
C:\WINDOWS\system32\awtqq.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen

The registry was scanned ( '30' files ).


Starting the file scan:

Begin scan in 'C:\' <HDD>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Navilog1\gnc.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '477ff46f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\daedonly.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '4781f55d.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\elxwpkby.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '4794f56c.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\etentgus.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '4781f577.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\fjqunywb.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '478df571.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\fpdcugdg.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '4780f57a.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\fsdbjrua.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '4780f580.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\hyvxyytj.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '4792f589.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\jjmwewrf.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '4789f57d.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\nloghygl.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '478bf582.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\npdjuxug.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '4780f588.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ojntilnc.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '478af585.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ppieaejw.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '4785f58f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\quwstkbx.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '4793f597.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\rbhxnfms.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '4784f586.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\rtlhknre.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '4788f59b.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\rtqvmljc.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '478df59c.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ubhhixsu.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '4784f58c.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\vggraiwn.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '4783f594.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\vrgrjcae.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '4783f5a1.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\vssnojea.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '478ff5a3.qua'!
C:\WINDOWS\system32\awtqr.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4790fd40.qua'!
C:\WINDOWS\system32\bfyyrooa.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '4795fd32.qua'!
C:\WINDOWS\system32\gyklsmbg.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '4787fd62.qua'!
C:\WINDOWS\system32\wriugplm.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '4785fdb3.qua'!
Begin scan in 'D:\'
Search path D:\ could not be opened!
Le périphérique n'est pas prêt.



End of the scan: lundi 22 octobre 2007 21:44
Used time: 1:13:21 min

The scan has been done completely.

6192 Scanning directories
206798 Files were scanned
26 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
26 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
206772 Files not concerned
6639 Archives were scanned
1 Warnings
0 Notes




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:56:46, on 24/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: (no name) - http://www.europe2.fr/img/header/logo.gif
0
Réponse 17 / 22
nardino Messages postés 1633 Date d'inscription jeudi 20 mai 2004 Statut Membre Dernière intervention 6 mars 2010 119
25 oct. 2007 à 00:26
Bonsoir.
C'est tout bon.
0
Réponse 18 / 22
jess7001
25 oct. 2007 à 22:44
salut nardino,
je suis trop contente! Vraiment merci beaucoup ta trop assuré.
Bises et bonne continuation

Jess
0
Réponse 19 / 22
nardino Messages postés 1633 Date d'inscription jeudi 20 mai 2004 Statut Membre Dernière intervention 6 mars 2010 119
25 oct. 2007 à 23:17
Bonsoir
Il te reste à supprimer tous les programms qui ont servi à la désinfection.
Pour cela tu lances le fichier OTMoveIt.exe et tu cliques sur le bouton Cleanup.
Puis dans le popup [b]Cleanup list download successful. Begin cleanup process ?[/b], accepte par [b]Yes[/b]
Et redémarres.
0
majorie
18 janv. 2009 à 01:50
Bonjour Nardino

Je viens de prendre connaissance de l'aide que tu as procurée à jessxxx, je me trouve dans le même cas.
J'ai déjà réalisé à l'aide d'un autre conseiller très pro à la désinfection, et quelques outils dont tu as mentionné le nom me sont familiers.

Cependant, reste un problème : ERREUR 12029 - connexion internet impossible.
Pourtant, preuve en est par ce message, je parviens à me connecter à Internet.

Ce message me parvient quand je veux télécharger à partir de certains sites (sarbacane entre autres), ou les outils conmmercialisés par AVANQUEST.

Veux-tu m'aider, j'en serais ravie.
Merci d'avance.

A bientôt
0
Réponse 20 / 22
jess7001
27 oct. 2007 à 17:09
Bonjour,
Ok c'est fait: j'apprécie mon pc est vacement plus rapide! lol
Un grand merci, bye

Jess
0

Discussions similaires

L'antivirus ESET NOD32 bloque UPTOBOX ( HTML/ScrInject.B ).
Logan -
Snoopyx -

10 réponses
Présence ou non de cheval de troie ?
hunter55 -
Malekal_morte- -

14 réponses
windows defender cheval de troie
dplonguet -
Faarid.31 -

3 réponses
Cheval de Troie et ordi bloqué!!!
Bouillouck -
Speed-Air -

3 réponses
J'ai recu un message cheval de troie
am -
DeNisCoOl -

1 réponse