Spyworn.win32 et bestsellerantivirus
Résolu/Fermé32 réponses
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
11 nov. 2007 à 19:52
11 nov. 2007 à 19:52
slt,
smit fraud fix (colle le rapport)
1/ telecharger :
http://siri.urz.free.fr/Fix/SmitfraudFix.php
2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes. une fois le rapport effectué redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général)
3/ puis refaire comme en 2/ mais sélectionne l'option 2 et appuyer sur entrée pour commencer la désinfection. lorsque le programme demande si tu veut nettoyer le registre mets oui en tapant 0 et entrée
____________________
scan avec vundofix (colle le rapport)
Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4
Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.
Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.
puis :
virtumondebegone (colle le rapport)
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
________________
AVG antispyware
https://www.01net.com/telecharger/
Tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html
->Relance AVG AS -> "Analyse" ->"Paramètres"
Sous la question "Comment réagir ?" :
-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
Si un fichier est infecté en fin d'analyse
->Clique sur "Appliquer toutes les actions "
->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".
->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici
___________________
combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
____________________
ensuite recolle un rapport hijackthis et dis tes pbs
smit fraud fix (colle le rapport)
1/ telecharger :
http://siri.urz.free.fr/Fix/SmitfraudFix.php
2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes. une fois le rapport effectué redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général)
3/ puis refaire comme en 2/ mais sélectionne l'option 2 et appuyer sur entrée pour commencer la désinfection. lorsque le programme demande si tu veut nettoyer le registre mets oui en tapant 0 et entrée
____________________
scan avec vundofix (colle le rapport)
Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4
Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.
Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.
puis :
virtumondebegone (colle le rapport)
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
________________
AVG antispyware
https://www.01net.com/telecharger/
Tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html
->Relance AVG AS -> "Analyse" ->"Paramètres"
Sous la question "Comment réagir ?" :
-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
Si un fichier est infecté en fin d'analyse
->Clique sur "Appliquer toutes les actions "
->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".
->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici
___________________
combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
____________________
ensuite recolle un rapport hijackthis et dis tes pbs
Utilisateur anonyme
12 nov. 2007 à 06:50
12 nov. 2007 à 06:50
[11/12/2007, 6:35:15] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\yves\Local Settings\Temporary Internet Files\Content.IE5\IY2LWP9T\VirtumundoBeGone[1].exe" )
[11/12/2007, 6:35:18] - Detected System Information:
[11/12/2007, 6:35:18] - Windows Version: 5.1.2600, Service Pack 2
[11/12/2007, 6:35:18] - Current Username: yves (Admin)
[11/12/2007, 6:35:18] - Windows is in NORMAL mode.
[11/12/2007, 6:35:18] - Searching for Browser Helper Objects:
[11/12/2007, 6:35:18] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[11/12/2007, 6:35:18] - BHO 2: {14304D95-043D-4994-B6F7-7C145682A2BA} ()
[11/12/2007, 6:35:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 6:35:18] - No filename found. Continuing.
[11/12/2007, 6:35:18] - BHO 3: {25997E08-274A-4217-8F71-C89C754242C1} ()
[11/12/2007, 6:35:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 6:35:18] - Checking for HKLM\...\Winlogon\Notify\mljhede
[11/12/2007, 6:35:18] - Found: HKLM\...\Winlogon\Notify\mljhede - This is probably Virtumundo.
[11/12/2007, 6:35:18] - Assigning {25997E08-274A-4217-8F71-C89C754242C1} MSEvents Object
[11/12/2007, 6:35:18] - BHO list has been changed! Starting over...
[11/12/2007, 6:35:18] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[11/12/2007, 6:35:18] - BHO 2: {14304D95-043D-4994-B6F7-7C145682A2BA} ()
[11/12/2007, 6:35:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 6:35:18] - No filename found. Continuing.
[11/12/2007, 6:35:18] - BHO 3: {25997E08-274A-4217-8F71-C89C754242C1} (MSEvents Object)
[11/12/2007, 6:35:18] - ALERT: Found MSEvents Object!
[11/12/2007, 6:35:18] - BHO 4: {28698DBA-44D1-4AB1-8BC6-1F0F7CE10BDD} ()
[11/12/2007, 6:35:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 6:35:18] - No filename found. Continuing.
[11/12/2007, 6:35:18] - BHO 5: {323D63A5-96A7-49A3-BCE0-C1449B9E8E19} ()
[11/12/2007, 6:35:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 6:35:18] - No filename found. Continuing.
[11/12/2007, 6:35:18] - BHO 6: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[11/12/2007, 6:35:18] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/12/2007, 6:35:18] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/12/2007, 6:35:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 6:35:18] - No filename found. Continuing.
[11/12/2007, 6:35:18] - BHO 9: {9C8A568E-4201-478a-8536-526CF371D2E2} (ads_optimizer)
[11/12/2007, 6:35:18] - BHO 10: {A57F4CFD-97E1-49C7-9580-C923BE27C63D} ()
[11/12/2007, 6:35:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 6:35:18] - Checking for HKLM\...\Winlogon\Notify\ddayv
[11/12/2007, 6:35:18] - Key not found: HKLM\...\Winlogon\Notify\ddayv, continuing.
[11/12/2007, 6:35:18] - BHO 11: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[11/12/2007, 6:35:18] - BHO 12: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[11/12/2007, 6:35:18] - BHO 13: {bc1a2329-4b48-4513-84f5-3eb216da9064} ()
[11/12/2007, 6:35:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 6:35:18] - Checking for HKLM\...\Winlogon\Notify\rbfwokwp
[11/12/2007, 6:35:18] - Key not found: HKLM\...\Winlogon\Notify\rbfwokwp, continuing.
[11/12/2007, 6:35:19] - BHO 14: {FAAD2038-C371-473D-86F1-5B11D39C3775} (IEFW Object)
[11/12/2007, 6:35:19] - Finished Searching Browser Helper Objects
[11/12/2007, 6:35:19] - *** Detected MSEvents Object
[11/12/2007, 6:35:19] - Trying to remove MSEvents Object...
[11/12/2007, 6:35:20] - Terminating Process: IEXPLORE.EXE
[11/12/2007, 6:35:20] - Terminating Process: RUNDLL32.EXE
[11/12/2007, 6:35:20] - Disabling Automatic Shell Restart
[11/12/2007, 6:35:20] - Terminating Process: EXPLORER.EXE
[11/12/2007, 6:35:20] - Suspending the NT Session Manager System Service
[11/12/2007, 6:35:20] - Terminating Windows NT Logon/Logoff Manager
[11/12/2007, 6:35:20] - Re-enabling Automatic Shell Restart
[11/12/2007, 6:35:21] - File to disable: C:\WINDOWS\system32\mljhede.dll
[11/12/2007, 6:35:21] - Renaming C:\WINDOWS\system32\mljhede.dll -> C:\WINDOWS\system32\mljhede.dll.vir
[11/12/2007, 6:35:21] - File successfully renamed!
[11/12/2007, 6:35:21] - Removing HKLM\...\Browser Helper Objects\{25997E08-274A-4217-8F71-C89C754242C1}
[11/12/2007, 6:35:21] - Removing HKCR\CLSID\{25997E08-274A-4217-8F71-C89C754242C1}
[11/12/2007, 6:35:21] - Adding Kill Bit for ActiveX for GUID: {25997E08-274A-4217-8F71-C89C754242C1}
[11/12/2007, 6:35:21] - Deleting ATLEvents/MSEvents Registry entries
[11/12/2007, 6:35:21] - Removing HKLM\...\Winlogon\Notify\mljhede
[11/12/2007, 6:35:21] - Searching for Browser Helper Objects:
[11/12/2007, 6:35:21] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[11/12/2007, 6:35:21] - BHO 2: {14304D95-043D-4994-B6F7-7C145682A2BA} ()
[11/12/2007, 6:35:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 6:35:21] - No filename found. Continuing.
[11/12/2007, 6:35:21] - BHO 3: {28698DBA-44D1-4AB1-8BC6-1F0F7CE10BDD} ()
[11/12/2007, 6:35:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 6:35:21] - No filename found. Continuing.
[11/12/2007, 6:35:21] - BHO 4: {323D63A5-96A7-49A3-BCE0-C1449B9E8E19} ()
[11/12/2007, 6:35:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 6:35:21] - No filename found. Continuing.
[11/12/2007, 6:35:21] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[11/12/2007, 6:35:21] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/12/2007, 6:35:21] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/12/2007, 6:35:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 6:35:22] - No filename found. Continuing.
[11/12/2007, 6:35:22] - BHO 8: {9C8A568E-4201-478a-8536-526CF371D2E2} (ads_optimizer)
[11/12/2007, 6:35:22] - BHO 9: {A57F4CFD-97E1-49C7-9580-C923BE27C63D} ()
[11/12/2007, 6:35:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 6:35:22] - Checking for HKLM\...\Winlogon\Notify\ddayv
[11/12/2007, 6:35:22] - Key not found: HKLM\...\Winlogon\Notify\ddayv, continuing.
[11/12/2007, 6:35:22] - BHO 10: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[11/12/2007, 6:35:22] - BHO 11: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[11/12/2007, 6:35:22] - BHO 12: {bc1a2329-4b48-4513-84f5-3eb216da9064} ()
[11/12/2007, 6:35:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 6:35:22] - Checking for HKLM\...\Winlogon\Notify\rbfwokwp
[11/12/2007, 6:35:22] - Key not found: HKLM\...\Winlogon\Notify\rbfwokwp, continuing.
[11/12/2007, 6:35:22] - BHO 13: {FAAD2038-C371-473D-86F1-5B11D39C3775} (IEFW Object)
[11/12/2007, 6:35:22] - Finished Searching Browser Helper Objects
[11/12/2007, 6:35:22] - Finishing up...
[11/12/2007, 6:35:22] - A restart is needed.
[11/12/2007, 6:35:28] - Attempting to Restart via STOP error (Blue Screen!)
[11/12/2007, 6:35:18] - Detected System Information:
[11/12/2007, 6:35:18] - Windows Version: 5.1.2600, Service Pack 2
[11/12/2007, 6:35:18] - Current Username: yves (Admin)
[11/12/2007, 6:35:18] - Windows is in NORMAL mode.
[11/12/2007, 6:35:18] - Searching for Browser Helper Objects:
[11/12/2007, 6:35:18] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[11/12/2007, 6:35:18] - BHO 2: {14304D95-043D-4994-B6F7-7C145682A2BA} ()
[11/12/2007, 6:35:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 6:35:18] - No filename found. Continuing.
[11/12/2007, 6:35:18] - BHO 3: {25997E08-274A-4217-8F71-C89C754242C1} ()
[11/12/2007, 6:35:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 6:35:18] - Checking for HKLM\...\Winlogon\Notify\mljhede
[11/12/2007, 6:35:18] - Found: HKLM\...\Winlogon\Notify\mljhede - This is probably Virtumundo.
[11/12/2007, 6:35:18] - Assigning {25997E08-274A-4217-8F71-C89C754242C1} MSEvents Object
[11/12/2007, 6:35:18] - BHO list has been changed! Starting over...
[11/12/2007, 6:35:18] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[11/12/2007, 6:35:18] - BHO 2: {14304D95-043D-4994-B6F7-7C145682A2BA} ()
[11/12/2007, 6:35:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 6:35:18] - No filename found. Continuing.
[11/12/2007, 6:35:18] - BHO 3: {25997E08-274A-4217-8F71-C89C754242C1} (MSEvents Object)
[11/12/2007, 6:35:18] - ALERT: Found MSEvents Object!
[11/12/2007, 6:35:18] - BHO 4: {28698DBA-44D1-4AB1-8BC6-1F0F7CE10BDD} ()
[11/12/2007, 6:35:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 6:35:18] - No filename found. Continuing.
[11/12/2007, 6:35:18] - BHO 5: {323D63A5-96A7-49A3-BCE0-C1449B9E8E19} ()
[11/12/2007, 6:35:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 6:35:18] - No filename found. Continuing.
[11/12/2007, 6:35:18] - BHO 6: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[11/12/2007, 6:35:18] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/12/2007, 6:35:18] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/12/2007, 6:35:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 6:35:18] - No filename found. Continuing.
[11/12/2007, 6:35:18] - BHO 9: {9C8A568E-4201-478a-8536-526CF371D2E2} (ads_optimizer)
[11/12/2007, 6:35:18] - BHO 10: {A57F4CFD-97E1-49C7-9580-C923BE27C63D} ()
[11/12/2007, 6:35:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 6:35:18] - Checking for HKLM\...\Winlogon\Notify\ddayv
[11/12/2007, 6:35:18] - Key not found: HKLM\...\Winlogon\Notify\ddayv, continuing.
[11/12/2007, 6:35:18] - BHO 11: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[11/12/2007, 6:35:18] - BHO 12: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[11/12/2007, 6:35:18] - BHO 13: {bc1a2329-4b48-4513-84f5-3eb216da9064} ()
[11/12/2007, 6:35:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 6:35:18] - Checking for HKLM\...\Winlogon\Notify\rbfwokwp
[11/12/2007, 6:35:18] - Key not found: HKLM\...\Winlogon\Notify\rbfwokwp, continuing.
[11/12/2007, 6:35:19] - BHO 14: {FAAD2038-C371-473D-86F1-5B11D39C3775} (IEFW Object)
[11/12/2007, 6:35:19] - Finished Searching Browser Helper Objects
[11/12/2007, 6:35:19] - *** Detected MSEvents Object
[11/12/2007, 6:35:19] - Trying to remove MSEvents Object...
[11/12/2007, 6:35:20] - Terminating Process: IEXPLORE.EXE
[11/12/2007, 6:35:20] - Terminating Process: RUNDLL32.EXE
[11/12/2007, 6:35:20] - Disabling Automatic Shell Restart
[11/12/2007, 6:35:20] - Terminating Process: EXPLORER.EXE
[11/12/2007, 6:35:20] - Suspending the NT Session Manager System Service
[11/12/2007, 6:35:20] - Terminating Windows NT Logon/Logoff Manager
[11/12/2007, 6:35:20] - Re-enabling Automatic Shell Restart
[11/12/2007, 6:35:21] - File to disable: C:\WINDOWS\system32\mljhede.dll
[11/12/2007, 6:35:21] - Renaming C:\WINDOWS\system32\mljhede.dll -> C:\WINDOWS\system32\mljhede.dll.vir
[11/12/2007, 6:35:21] - File successfully renamed!
[11/12/2007, 6:35:21] - Removing HKLM\...\Browser Helper Objects\{25997E08-274A-4217-8F71-C89C754242C1}
[11/12/2007, 6:35:21] - Removing HKCR\CLSID\{25997E08-274A-4217-8F71-C89C754242C1}
[11/12/2007, 6:35:21] - Adding Kill Bit for ActiveX for GUID: {25997E08-274A-4217-8F71-C89C754242C1}
[11/12/2007, 6:35:21] - Deleting ATLEvents/MSEvents Registry entries
[11/12/2007, 6:35:21] - Removing HKLM\...\Winlogon\Notify\mljhede
[11/12/2007, 6:35:21] - Searching for Browser Helper Objects:
[11/12/2007, 6:35:21] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[11/12/2007, 6:35:21] - BHO 2: {14304D95-043D-4994-B6F7-7C145682A2BA} ()
[11/12/2007, 6:35:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 6:35:21] - No filename found. Continuing.
[11/12/2007, 6:35:21] - BHO 3: {28698DBA-44D1-4AB1-8BC6-1F0F7CE10BDD} ()
[11/12/2007, 6:35:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 6:35:21] - No filename found. Continuing.
[11/12/2007, 6:35:21] - BHO 4: {323D63A5-96A7-49A3-BCE0-C1449B9E8E19} ()
[11/12/2007, 6:35:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 6:35:21] - No filename found. Continuing.
[11/12/2007, 6:35:21] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[11/12/2007, 6:35:21] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/12/2007, 6:35:21] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/12/2007, 6:35:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 6:35:22] - No filename found. Continuing.
[11/12/2007, 6:35:22] - BHO 8: {9C8A568E-4201-478a-8536-526CF371D2E2} (ads_optimizer)
[11/12/2007, 6:35:22] - BHO 9: {A57F4CFD-97E1-49C7-9580-C923BE27C63D} ()
[11/12/2007, 6:35:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 6:35:22] - Checking for HKLM\...\Winlogon\Notify\ddayv
[11/12/2007, 6:35:22] - Key not found: HKLM\...\Winlogon\Notify\ddayv, continuing.
[11/12/2007, 6:35:22] - BHO 10: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[11/12/2007, 6:35:22] - BHO 11: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[11/12/2007, 6:35:22] - BHO 12: {bc1a2329-4b48-4513-84f5-3eb216da9064} ()
[11/12/2007, 6:35:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 6:35:22] - Checking for HKLM\...\Winlogon\Notify\rbfwokwp
[11/12/2007, 6:35:22] - Key not found: HKLM\...\Winlogon\Notify\rbfwokwp, continuing.
[11/12/2007, 6:35:22] - BHO 13: {FAAD2038-C371-473D-86F1-5B11D39C3775} (IEFW Object)
[11/12/2007, 6:35:22] - Finished Searching Browser Helper Objects
[11/12/2007, 6:35:22] - Finishing up...
[11/12/2007, 6:35:22] - A restart is needed.
[11/12/2007, 6:35:28] - Attempting to Restart via STOP error (Blue Screen!)
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
12 nov. 2007 à 10:44
12 nov. 2007 à 10:44
fais bien toput et colle les rapport de chauque
a plus
a plus
Utilisateur anonyme
12 nov. 2007 à 15:23
12 nov. 2007 à 15:23
+ Créé à: 15:16:36 12/11/2007
+ Résultat de l'analyse:
HKLM\SOFTWARE\uga6pcw -> Adware.AvSystemcare : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{33B876CD-58C2-4D27-B29A-7391664323E4}\RP221\A0126257.exe -> Downloader.VB.bkw : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq54.tmp -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\yves\Cookies\yves@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq55.tmp -> TrackingCookie.2o7 : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq56.tmp -> TrackingCookie.Atdmt : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq57.tmp -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\yves\Cookies\yves@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\yves\Cookies\yves@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Nettoyé.
C:\Documents and Settings\yves\Cookies\yves@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\yves\Cookies\yves@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5D.tmp -> TrackingCookie.Smartadserver : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5E.tmp -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\yves\Cookies\yves@zedo[1].txt -> TrackingCookie.Zedo : Nettoyé.
Fin du rapport
+ Résultat de l'analyse:
HKLM\SOFTWARE\uga6pcw -> Adware.AvSystemcare : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{33B876CD-58C2-4D27-B29A-7391664323E4}\RP221\A0126257.exe -> Downloader.VB.bkw : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq54.tmp -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\yves\Cookies\yves@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq55.tmp -> TrackingCookie.2o7 : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq56.tmp -> TrackingCookie.Atdmt : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq57.tmp -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\yves\Cookies\yves@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\yves\Cookies\yves@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Nettoyé.
C:\Documents and Settings\yves\Cookies\yves@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\yves\Cookies\yves@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5D.tmp -> TrackingCookie.Smartadserver : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5E.tmp -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\yves\Cookies\yves@zedo[1].txt -> TrackingCookie.Zedo : Nettoyé.
Fin du rapport
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
12 nov. 2007 à 15:27
12 nov. 2007 à 15:27
parfait
fais la suite
apres combofix pour bien virer les virus qui sont dans ta restauration system: comme celui là:
C:\System Volume Information\_restore{33B876CD-58C2-4D27-B29A-7391664323E4}\RP221\A0126257.exe -> Downloader.VB.bkw : Nettoyé et sauvegardé (mise en quarantaine).
désactive la restauration système pour purger les virus qui seraient dedans (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre) puis réactive la
______________
a plus
fais la suite
apres combofix pour bien virer les virus qui sont dans ta restauration system: comme celui là:
C:\System Volume Information\_restore{33B876CD-58C2-4D27-B29A-7391664323E4}\RP221\A0126257.exe -> Downloader.VB.bkw : Nettoyé et sauvegardé (mise en quarantaine).
désactive la restauration système pour purger les virus qui seraient dedans (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre) puis réactive la
______________
a plus
Utilisateur anonyme
13 nov. 2007 à 07:32
13 nov. 2007 à 07:32
si joint un dernier raport et te dit milles fois merci !
sa marche !!
tu sait me dire le meilleur prg pr plus avoir ce probleme?
Logfile of HijackThis v1.99.1
Scan saved at 7:29:40, on 13/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~2\wcescomm.exe
C:\Program Files\Washer\washer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: {c035728d-3a63-6c4b-02d4-d8c70c123090} - {090321c0-7c8d-4d20-b4c6-36a3d827530c} - C:\WINDOWS\system32\hblqlbbh.dll
O2 - BHO: (no name) - {14304D95-043D-4994-B6F7-7C145682A2BA} - (no file)
O2 - BHO: (no name) - {28698DBA-44D1-4AB1-8BC6-1F0F7CE10BDD} - (no file)
O2 - BHO: (no name) - {323D63A5-96A7-49A3-BCE0-C1449B9E8E19} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9C8A568E-4201-478a-8536-526CF371D2E2} - (no file)
O2 - BHO: (no name) - {A57F4CFD-97E1-49C7-9580-C923BE27C63D} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\zscprlhp.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {CEAA0C83-2ED5-4E07-A50D-7F40B427A31D} - (no file)
O2 - BHO: (no name) - {DD719CDE-AE9F-45BF-AC62-734301461166} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\zscprlhp.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [3f1512ae] rundll32.exe "C:\WINDOWS\system32\rbosmtxq.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~2\wcescomm.exe"
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Yahoo! Checkers - http://download2.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Literati - http://download2.games.yahoo.com/games/clients/y/tt5_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.be/SnapfishActivia.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: zscprlhp - C:\WINDOWS\SYSTEM32\zscprlhp.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Creative Technology Ltd. - (no file)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
merci
sa marche !!
tu sait me dire le meilleur prg pr plus avoir ce probleme?
Logfile of HijackThis v1.99.1
Scan saved at 7:29:40, on 13/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~2\wcescomm.exe
C:\Program Files\Washer\washer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: {c035728d-3a63-6c4b-02d4-d8c70c123090} - {090321c0-7c8d-4d20-b4c6-36a3d827530c} - C:\WINDOWS\system32\hblqlbbh.dll
O2 - BHO: (no name) - {14304D95-043D-4994-B6F7-7C145682A2BA} - (no file)
O2 - BHO: (no name) - {28698DBA-44D1-4AB1-8BC6-1F0F7CE10BDD} - (no file)
O2 - BHO: (no name) - {323D63A5-96A7-49A3-BCE0-C1449B9E8E19} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9C8A568E-4201-478a-8536-526CF371D2E2} - (no file)
O2 - BHO: (no name) - {A57F4CFD-97E1-49C7-9580-C923BE27C63D} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\zscprlhp.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {CEAA0C83-2ED5-4E07-A50D-7F40B427A31D} - (no file)
O2 - BHO: (no name) - {DD719CDE-AE9F-45BF-AC62-734301461166} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\zscprlhp.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [3f1512ae] rundll32.exe "C:\WINDOWS\system32\rbosmtxq.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~2\wcescomm.exe"
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Yahoo! Checkers - http://download2.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Literati - http://download2.games.yahoo.com/games/clients/y/tt5_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.be/SnapfishActivia.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: zscprlhp - C:\WINDOWS\SYSTEM32\zscprlhp.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Creative Technology Ltd. - (no file)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
merci
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
13 nov. 2007 à 10:30
13 nov. 2007 à 10:30
slt, c'est pas fini!
tu ne m'a pas collé le rapport vundofix et combofix
___________
desinstalle via AJOUT/SUPPRESION DE PROG si present:
Security Toolbar
___________
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".
O2 - BHO: {c035728d-3a63-6c4b-02d4-d8c70c123090} - {090321c0-7c8d-4d20-b4c6-36a3d827530c} - C:\WINDOWS\system32\hblqlbbh.dll
O2 - BHO: (no name) - {14304D95-043D-4994-B6F7-7C145682A2BA} - (no file)
O2 - BHO: (no name) - {28698DBA-44D1-4AB1-8BC6-1F0F7CE10BDD} - (no file)
O2 - BHO: (no name) - {323D63A5-96A7-49A3-BCE0-C1449B9E8E19} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9C8A568E-4201-478a-8536-526CF371D2E2} - (no file)
O2 - BHO: (no name) - {A57F4CFD-97E1-49C7-9580-C923BE27C63D} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\zscprlhp.dll
O2 - BHO: (no name) - {CEAA0C83-2ED5-4E07-A50D-7F40B427A31D} - (no file)
O2 - BHO: (no name) - {DD719CDE-AE9F-45BF-AC62-734301461166} - (no file)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\zscprlhp.dll
O4 - HKLM\..\Run: [3f1512ae] rundll32.exe "C:\WINDOWS\system32\rbosmtxq.dll",b
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O20 - Winlogon Notify: zscprlhp - C:\WINDOWS\SYSTEM32\zscprlhp.dll
_______________________
télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\WINDOWS\system32\hblqlbbh.dll
C:\WINDOWS\SYSTEM32\zscprlhp.dll
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
_______________________
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
secuser en ligne :
http://www.secuser.com/outils/antivirus.htm
pour te proteger, je te conseillle de remplacer avast par antivir et de mettre spywareblaster protegeant contre les infections vundo
pour protéger gratos ton ordi
http://www.commentcamarche.net/telecharger/logiciel 4 securite
mettre un antivirus
AVAST en français ou ANTIVIR (en anglais mais très efficace)
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
AD AWARE + SPYBOT + /- si tea timer non active de spybot: WINDOWS DEFENDER ou SPYWARE TERMINATOR
+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...
Rq : spybot et ad-aware on sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
--------
un pare feu :
celui de Windows ou mieux KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm
-----------
CCLEANER pour effacer les traces de surf
tu ne m'a pas collé le rapport vundofix et combofix
___________
desinstalle via AJOUT/SUPPRESION DE PROG si present:
Security Toolbar
___________
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".
O2 - BHO: {c035728d-3a63-6c4b-02d4-d8c70c123090} - {090321c0-7c8d-4d20-b4c6-36a3d827530c} - C:\WINDOWS\system32\hblqlbbh.dll
O2 - BHO: (no name) - {14304D95-043D-4994-B6F7-7C145682A2BA} - (no file)
O2 - BHO: (no name) - {28698DBA-44D1-4AB1-8BC6-1F0F7CE10BDD} - (no file)
O2 - BHO: (no name) - {323D63A5-96A7-49A3-BCE0-C1449B9E8E19} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9C8A568E-4201-478a-8536-526CF371D2E2} - (no file)
O2 - BHO: (no name) - {A57F4CFD-97E1-49C7-9580-C923BE27C63D} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\zscprlhp.dll
O2 - BHO: (no name) - {CEAA0C83-2ED5-4E07-A50D-7F40B427A31D} - (no file)
O2 - BHO: (no name) - {DD719CDE-AE9F-45BF-AC62-734301461166} - (no file)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\zscprlhp.dll
O4 - HKLM\..\Run: [3f1512ae] rundll32.exe "C:\WINDOWS\system32\rbosmtxq.dll",b
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O20 - Winlogon Notify: zscprlhp - C:\WINDOWS\SYSTEM32\zscprlhp.dll
_______________________
télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\WINDOWS\system32\hblqlbbh.dll
C:\WINDOWS\SYSTEM32\zscprlhp.dll
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
_______________________
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
secuser en ligne :
http://www.secuser.com/outils/antivirus.htm
pour te proteger, je te conseillle de remplacer avast par antivir et de mettre spywareblaster protegeant contre les infections vundo
pour protéger gratos ton ordi
http://www.commentcamarche.net/telecharger/logiciel 4 securite
mettre un antivirus
AVAST en français ou ANTIVIR (en anglais mais très efficace)
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
AD AWARE + SPYBOT + /- si tea timer non active de spybot: WINDOWS DEFENDER ou SPYWARE TERMINATOR
+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...
Rq : spybot et ad-aware on sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
--------
un pare feu :
celui de Windows ou mieux KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm
-----------
CCLEANER pour effacer les traces de surf
Utilisateur anonyme
13 nov. 2007 à 11:33
13 nov. 2007 à 11:33
j'ai eu ptit probleme j'ai du refaire !
ComboFix 07-11-08.1 - yves 2007-11-13 11:20:07.3 - [color=red][b]FAT32[/b][/color]x86
Running from: C:\Documents and Settings\yves\Local Settings\Temporary Internet Files\Content.IE5\295CAOB2\ComboFix[1].exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\Documents and Settings\yves\Bureau\Live Safety Center.lnk
C:\Documents and Settings\yves\Bureau\Online Security Guide.lnk
C:\Documents and Settings\yves\Favoris\Online Security Guide.lnk
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\zscprlhp.dllbox
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-13 to 2007-11-13 ))))))))))))))))))))))))))))))))))))
.
2007-11-13 08:50 <REP> d-------- C:\Program Files\Common Files
2007-11-13 08:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-13 07:45 <REP> d--hs---- C:\FOUND.047
2007-11-12 15:44 81,472 --a------ C:\WINDOWS\SYSTEM32\hblqlbbh.dll
2007-11-12 15:41 89,664 --a------ C:\WINDOWS\SYSTEM32\rbosmtxq.dll
2007-11-12 15:32 <REP> d--hs---- C:\FOUND.046
2007-11-12 15:25 145,984 --a------ C:\WINDOWS\SYSTEM32\saxnxsma.dll
2007-11-12 15:24 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-12 06:34 81,472 --a------ C:\WINDOWS\SYSTEM32\rbfwokwp.dll
2007-11-12 06:25 <REP> d-------- C:\VundoFix Backups
2007-11-12 05:59 <REP> d--hs---- C:\FOUND.045
2007-11-12 05:20 <REP> d--hs---- C:\FOUND.044
2007-11-11 18:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-11 17:11 71,232 --a------ C:\WINDOWS\SYSTEM32\jdmpsuyj.exe
2007-11-11 10:04 <REP> d--hs---- C:\FOUND.043
2007-11-11 09:10 <REP> d--hs---- C:\FOUND.042
2007-11-11 08:52 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-11-10 17:14 <REP> d-------- C:\Documents and Settings\yves\Application Data\Grisoft
2007-11-10 17:08 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-11-10 13:09 71,232 --a------ C:\WINDOWS\SYSTEM32\wdmnifwt.exe
2007-11-10 09:43 <REP> d-------- C:\Program Files\Washer
2007-11-10 09:43 44,032 --a------ C:\WINDOWS\unwash.exe
2007-11-10 08:46 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2007-11-10 07:11 <REP> d-------- C:\Program Files\Yahoo!
2007-11-09 10:54 <REP> d--hs---- C:\FOUND.041
2007-11-09 08:35 <REP> d--hs---- C:\FOUND.040
2007-11-09 08:25 <REP> d--hs---- C:\FOUND.039
2007-11-09 05:45 1,732 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-11-08 19:08 71,232 --a------ C:\WINDOWS\SYSTEM32\hpsimnpx.exe
2007-11-08 18:51 <REP> d--hs---- C:\FOUND.038
2007-11-08 16:37 <REP> d--hs---- C:\FOUND.037
2007-11-08 05:39 <REP> d--hs---- C:\FOUND.036
2007-11-08 05:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-07 08:07 86,080 --a------ C:\WINDOWS\SYSTEM32\trdcvkes.dll
2007-11-07 08:03 71,232 --a------ C:\WINDOWS\SYSTEM32\austchjp.exe
2007-11-07 08:01 <REP> d--hs---- C:\FOUND.035
2007-11-07 00:00 71,232 --a------ C:\WINDOWS\SYSTEM32\iodsjgun.exe
2007-11-06 23:57 <REP> d--hs---- C:\FOUND.034
2007-11-06 20:09 145,984 --a------ C:\WINDOWS\SYSTEM32\xheunbwv.dll
2007-11-06 11:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2007-11-05 08:53 <REP> d--hs---- C:\FOUND.033
2007-11-05 06:56 <REP> d--hs---- C:\FOUND.032
2007-11-04 10:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-04 10:00 626,688 --a------ C:\WINDOWS\SYSTEM32\msvcr80.dll
2007-11-04 09:59 <REP> d-------- C:\Program Files\Picasa2
2007-11-04 09:37 35,328 --a------ C:\WINDOWS\SYSTEM32\ssqqrqp.dll
2007-11-04 09:36 32,768 --a------ C:\Documents and Settings\yves\pdf.exe
2007-11-04 09:36 786 --a------ C:\1823.bat
2007-11-04 09:30 <REP> d-------- C:\Program Files\AKVIS
2007-11-04 09:17 86,080 --a------ C:\WINDOWS\SYSTEM32\lvpyodau.dll
2007-11-03 10:31 35,328 --a------ C:\WINDOWS\SYSTEM32\yayvwxv.dll
2007-11-03 08:53 <REP> d--hs---- C:\FOUND.031
2007-11-03 08:12 <REP> d--hs---- C:\FOUND.030
2007-11-02 07:28 <REP> d-------- C:\Documents and Settings\yves\Application Data\erreurchasseur
2007-11-02 07:23 <REP> d-------- C:\Program Files\Fichiers communs\ErreurChasseur
2007-11-02 07:23 <REP> dr------- C:\Documents and Settings\All Users\Application Data\erreurchasseur
2007-11-02 07:10 <REP> d--hs---- C:\FOUND.029
2007-11-02 06:41 <REP> d--hs---- C:\FOUND.028
2007-11-01 04:48 <REP> d-------- C:\My Downloads
2007-11-01 04:44 <REP> d--hs---- C:\FOUND.027
2007-11-01 03:34 <REP> d-------- C:\WINDOWS\SYSTEM32\Mz18r
2007-11-01 03:34 <REP> d-------- C:\Temp\mZOr
2007-11-01 03:34 <REP> d-------- C:\Temp
2007-10-31 07:46 <REP> d-------- C:\Program Files\Trend Micro
2007-10-31 07:24 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Ahead
2007-10-30 21:24 28,672 --a------ C:\Documents and Settings\yves\update.exe
2007-10-30 21:21 <REP> d--hs---- C:\FOUND.026
2007-10-30 14:03 <REP> d-------- C:\Documents and Settings\yves\Application Data\CopyToDvd
2007-10-30 12:49 <REP> d--hs---- C:\FOUND.025
2007-10-30 11:45 <REP> d-------- C:\Program Files\Adssite Advanced Toolbar
2007-10-30 11:45 <REP> d-------- C:\Documents and Settings\yves\Application Data\Adssite Advanced Toolbar
2007-10-30 11:44 147,456 --a------ C:\WINDOWS\SYSTEM32\vbzip10.dll
2007-10-30 11:41 82 --a------ C:\n.bat
2007-10-30 11:41 0 --a------ C:\z.dat
2007-10-30 11:40 32,256 --a------ C:\WINDOWS\SYSTEM32\mljhede.dll.vir
2007-10-29 13:25 <REP> d-------- C:\Program Files\vso
2007-10-29 12:21 <REP> d--hs---- C:\FOUND.024
2007-10-29 10:23 <REP> d-------- C:\Documents and Settings\yves\Application Data\Vso
2007-10-29 10:23 47,360 --a------ C:\Documents and Settings\yves\Application Data\pcouffin.sys
2007-10-29 10:23 39,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Pcouffin.sys
2007-10-29 10:15 <REP> d-------- C:\Documents and Settings\yves\Application Data\DivX
2007-10-29 10:14 129,784 --------- C:\WINDOWS\SYSTEM32\pxafs.dll
2007-10-29 10:14 120,056 --------- C:\WINDOWS\SYSTEM32\pxcpyi64.exe
2007-10-29 10:14 118,520 --------- C:\WINDOWS\SYSTEM32\pxinsi64.exe
2007-10-29 10:13 <REP> d-------- C:\Program Files\DivX
2007-10-29 09:05 6,058,496 --------- C:\WINDOWS\SYSTEM32\dllcache\ieframe.dll
2007-10-29 09:05 2,455,488 --------- C:\WINDOWS\SYSTEM32\dllcache\ieapfltr.dat
2007-10-29 09:05 459,264 --------- C:\WINDOWS\SYSTEM32\dllcache\msfeeds.dll
2007-10-29 09:05 383,488 --------- C:\WINDOWS\SYSTEM32\dllcache\ieapfltr.dll
2007-10-29 09:05 267,776 --------- C:\WINDOWS\SYSTEM32\dllcache\iertutil.dll
2007-10-29 09:05 63,488 --------- C:\WINDOWS\SYSTEM32\dllcache\icardie.dll
2007-10-29 09:05 52,224 --------- C:\WINDOWS\SYSTEM32\dllcache\msfeedsbs.dll
2007-10-29 09:05 13,824 --------- C:\WINDOWS\SYSTEM32\dllcache\ieudinit.exe
2007-10-29 09:04 <REP> d-------- C:\WINDOWS\SYSTEM32\fr-fr
2007-10-29 08:35 <REP> d-------- C:\Program Files\Microsoft.NET
2007-10-29 07:24 <REP> d--hs---- C:\FOUND.023
2007-10-28 08:42 <REP> d-------- C:\Program Files\ReflexiveArcade
2007-10-28 08:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-10-28 08:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
2007-10-28 08:36 <REP> d-------- C:\Program Files\BFG
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-10 07:46 --------- d-----w C:\Program Files\Hijackthis Version Française
2007-11-08 13:34 120,704 ----a-w C:\Documents and Settings\yves\Application Data\GDIPFONTCACHEV1.DAT
2007-10-30 10:44 278,542 ----a-w C:\WINDOWS\FONTS\Setup.exe
2007-10-12 12:11 --------- d-----w C:\Documents and Settings\yves\Application Data\muvee Technologies
2007-10-12 11:17 --------- d-----w C:\Program Files\muvee Technologies
2007-10-12 11:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\muvee Technologies
2007-10-11 21:58 --------- d-----w C:\Program Files\Ares
2007-10-11 21:58 --------- d-----w C:\Documents and Settings\yves\Application Data\Ares
2007-10-11 18:51 --------- d-----w C:\Program Files\Fichiers communs\Micro Application Shared
2007-10-11 05:48 --------- d-----w C:\Program Files\GT Interactive
2007-10-11 05:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-10 14:18 --------- d-----w C:\Program Files\IVT Corporation
2007-10-10 07:02 --------- d-----w C:\Documents and Settings\yves\Application Data\AdobeUM
2007-10-10 06:56 --------- d-----w C:\Program Files\PowerQuest
2007-10-10 06:51 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-10-10 06:51 --------- d-----w C:\Documents and Settings\yves\Application Data\TuneUp Software
2007-10-10 06:50 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-10 06:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2007-10-09 20:52 --------- d-----w C:\Program Files\eMule
2007-10-09 18:48 --------- d-----w C:\Documents and Settings\yves\Application Data\Snapfish
2007-10-09 06:35 --------- d-----w C:\Documents and Settings\yves\Application Data\Serif
2007-10-09 06:32 --------- d-----w C:\Program Files\Micro application
2007-10-08 06:04 --------- d-----w C:\Program Files\eBay
2007-10-08 06:04 --------- d-----w C:\Documents and Settings\yves\Application Data\WholeSecurity
2007-10-07 08:44 --------- d-----w C:\Documents and Settings\yves\Application Data\Ahead
2007-10-07 08:42 --------- d-----w C:\Program Files\Nero
2007-10-07 08:42 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-10-07 08:27 --------- d-----w C:\Program Files\DVD Shrink
2007-10-07 08:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-10-06 05:02 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-10-04 18:38 --------- d-----w C:\Program Files\ToniArts
2007-10-04 08:16 --------- d-----w C:\Program Files\Google
2007-10-04 08:11 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-10-04 06:57 --------- d-----w C:\Program Files\MSXML 4.0
2007-10-04 06:41 --------- d-----w C:\Program Files\MSN Messenger
2007-10-03 19:48 112 ----a-w C:\Documents and Settings\yves\Application Data\fusioncache.dat
2007-10-03 19:48 --------- d-----w C:\Documents and Settings\yves\Application Data\ApplicationHistory
2007-10-03 19:17 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-03 19:17 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-03 18:58 --------- d-----w C:\Documents and Settings\yves\Application Data\Dossier de téléchargement Share-to-Web
2007-10-03 18:53 --------- d-----w C:\Program Files\Mobile Action
2007-10-03 18:31 --------- d-----w C:\Program Files\CyberLink
2007-10-03 18:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2007-10-03 17:58 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-10-03 17:57 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K.SYS
2007-10-03 17:54 --------- d-----w C:\Documents and Settings\yves\Application Data\Dossier de téléchargement Share-to-Web
2007-10-03 17:53 --------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard
2007-10-03 17:43 --------- d-----w C:\Documents and Settings\yves\Application Data\HP
2007-10-03 17:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2007-10-03 17:40 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
2007-10-03 17:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2007-10-03 17:37 --------- d-----w C:\Program Files\Hewlett-Packard
2007-10-03 17:37 --------- d-----w C:\Program Files\Fichiers communs\HP
2007-10-03 17:33 --------- d-----w C:\Program Files\HP
2007-10-03 15:24 --------- d-----w C:\Program Files\Microids
2007-10-03 15:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-03 15:16 --------- d-----w C:\Program Files\Analog Devices
2007-10-03 14:59 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-10-03 14:53 --------- d-----w C:\Program Files\ma-config.com
2007-10-03 14:53 --------- d-----w C:\Documents and Settings\yves\Application Data\ma-config.com
2007-10-03 12:13 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-10-03 11:44 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2007-10-03 11:44 --------- d-----w C:\Program Files\Inventel
2007-10-03 11:43 81,920 ----a-w C:\WINDOWS\SYSTEM32\W32N50.dll
2007-10-03 11:43 17,134 ----a-w C:\WINDOWS\SYSTEM32\PCANDIS5.sys
2007-10-03 11:38 --------- d-----w C:\Program Files\Mobistar
2007-10-03 11:13 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-03 11:11 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-10-03 11:06 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-10-03 10:50 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-10-03 10:49 271 --sh--w C:\Program Files\desktop.ini
2007-10-03 10:49 23,506 ---h--w C:\Program Files\folder.htt
2007-10-03 10:44 19,275 ----a-w C:\WINDOWS\SETVER.EXE
2007-10-03 10:44 --------- d-----w C:\Program Files\Services en ligne
2007-10-03 10:40 --------- d-----w C:\Program Files\PLUS!
2007-10-03 10:40 --------- d-----r C:\Program Files\Accessoires
2007-09-28 16:08 156,992 ----a-w C:\WINDOWS\SYSTEM32\DivXCodecVersionChecker.exe
2007-09-28 16:07 524,288 ----a-w C:\WINDOWS\SYSTEM32\DivXsm.exe
2007-09-28 16:07 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-09-28 16:07 3,596,288 ----a-w C:\WINDOWS\SYSTEM32\qt-dx331.dll
2007-09-28 16:07 200,704 ----a-w C:\WINDOWS\SYSTEM32\ssldivx.dll
2007-09-28 16:07 1,044,480 ----a-w C:\WINDOWS\SYSTEM32\libdivx.dll
2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx0c.dll
2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx07.dll
2007-09-28 16:05 81,920 ----a-w C:\WINDOWS\SYSTEM32\dpl100.dll
2007-09-28 16:05 802,816 ----a-w C:\WINDOWS\SYSTEM32\divx_xx11.dll
2007-09-28 16:05 739,840 ----a-w C:\WINDOWS\SYSTEM32\DivX.dll
2007-09-28 16:05 593,920 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI11.dll
2007-09-28 16:05 57,344 ----a-w C:\WINDOWS\SYSTEM32\dpv11.dll
2007-09-28 16:05 53,248 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI10.dll
2007-09-28 16:05 344,064 ----a-w C:\WINDOWS\SYSTEM32\dpus11.dll
2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu11.dll
2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu10.dll
2007-09-28 16:05 196,608 ----a-w C:\WINDOWS\SYSTEM32\dtu100.dll
2007-09-28 16:05 12,288 ----a-w C:\WINDOWS\SYSTEM32\DivXWMPExtType.dll
2007-08-22 13:57 474,624 ------w C:\WINDOWS\SYSTEM32\dllcache\shlwapi.dll
2007-08-22 13:57 152,064 ------w C:\WINDOWS\SYSTEM32\dllcache\cdfview.dll
2007-08-22 13:57 1,498,624 ------w C:\WINDOWS\SYSTEM32\dllcache\shdocvw.dll
2007-08-22 13:57 1,056,768 ----a-w C:\WINDOWS\SYSTEM32\dllcache\danim.dll
2007-08-22 13:57 1,023,488 ------w C:\WINDOWS\SYSTEM32\dllcache\browseui.dll
.
((((((((((((((((((((((((((((( snapshot@2007-11-12_15.58.29.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-13 09:57:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
+ 2007-11-13 06:21:50 397,312 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\ntuser.dat
+ 2007-11-13 07:50:28 97,464 ----a-w C:\WINDOWS\SYSTEM32\Restore\rstrlog.dat
- 2006-01-09 08:36:06 40,960 ----a-w C:\WINDOWS\SYSTEM32\swsc.exe
+ 2006-11-29 16:21:30 370,688 ----a-w C:\WINDOWS\SYSTEM32\swsc.exe
- 2006-12-01 04:20:34 79,360 ----a-w C:\WINDOWS\SYSTEM32\swxcacls.exe
+ 2006-12-01 04:20:32 212,480 ----a-w C:\WINDOWS\SYSTEM32\swxcacls.exe
+ 2007-11-13 08:06:52 16,384 ----a-w C:\WINDOWS\TEMP\Perflib_Perfdata_504.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{090321c0-7c8d-4d20-b4c6-36a3d827530c}]
2007-11-12 15:44 81472 --a------ C:\WINDOWS\system32\hblqlbbh.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14304D95-043D-4994-B6F7-7C145682A2BA}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28698DBA-44D1-4AB1-8BC6-1F0F7CE10BDD}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{323D63A5-96A7-49A3-BCE0-C1449B9E8E19}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C8A568E-4201-478a-8536-526CF371D2E2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A57F4CFD-97E1-49C7-9580-C923BE27C63D}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CEAA0C83-2ED5-4E07-A50D-7F40B427A31D}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD719CDE-AE9F-45BF-AC62-734301461166}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-04-13 15:25]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"3f1512ae"="C:\WINDOWS\system32\rbosmtxq.dll" [2007-11-12 15:41]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-08 05:31]
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~2\wcescomm.exe" [2005-11-15 20:21]
"Washer"="C:\Program Files\Washer\washer.exe" [2003-01-13 10:08]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide de HP Photosmart Premier.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3f1512ae]
rundll32.exe "C:\WINDOWS\system32\trdcvkes.dll",b
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agent]
C:\Program Files\CyberLink\PowerVCRII\Agent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BestsellerAntivirus]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
C:\Program Files\HP\Digital Imaging\\Unload\hpqcmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaBtSh]
C:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote_Agent]
C:\Program Files\CyberLink\PowerVCRII\RemoteAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rtasks]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salestart]
"C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe" dm=http://erreurchasseur.com; ad=http://erreurchasseur.com
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray]
SysTray.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"Hidserv"=Hidserv.exe run
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
R2 BT848;Bt878, WDM Video Capture;C:\WINDOWS\system32\drivers\BT848.sys
R2 BTTUNER;BtTuner, WDM TvTuner;C:\WINDOWS\system32\drivers\BTTUNER.sys
R2 BTXBAR;BtXBar, WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.sys
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe -k netsvcs
R2 VVZT1435;VVZT1435;\??\C:\WINDOWS\System32\Drivers\VI76X672.sys
R2 XW4NJ5I9;XW4NJ5I9;\??\C:\WINDOWS\System32\Drivers\RK9PTCD2.sys
R3 Ma730Pt;MA730 Bluetooth VCOM Driver;C:\WINDOWS\system32\DRIVERS\Ma730Pt.sys
R3 Ma730Vad;MA730 Bluetooth Audio;C:\WINDOWS\system32\DRIVERS\Ma730Vad.sys
R3 PD100VID;Video Blaster WebCam 5 (WDM);C:\WINDOWS\system32\DRIVERS\PD100Vid.sys
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
S3 Ma730c;MA730 Bluetooth Core Driver;C:\WINDOWS\system32\DRIVERS\MA730C.sys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-09 20:09:20 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-13 11:24:12
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-13 11:25:43 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-12 15:59
.
--- E O F ---
ComboFix 07-11-08.1 - yves 2007-11-13 11:20:07.3 - [color=red][b]FAT32[/b][/color]x86
Running from: C:\Documents and Settings\yves\Local Settings\Temporary Internet Files\Content.IE5\295CAOB2\ComboFix[1].exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\Documents and Settings\yves\Bureau\Live Safety Center.lnk
C:\Documents and Settings\yves\Bureau\Online Security Guide.lnk
C:\Documents and Settings\yves\Favoris\Online Security Guide.lnk
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\zscprlhp.dllbox
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-13 to 2007-11-13 ))))))))))))))))))))))))))))))))))))
.
2007-11-13 08:50 <REP> d-------- C:\Program Files\Common Files
2007-11-13 08:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-13 07:45 <REP> d--hs---- C:\FOUND.047
2007-11-12 15:44 81,472 --a------ C:\WINDOWS\SYSTEM32\hblqlbbh.dll
2007-11-12 15:41 89,664 --a------ C:\WINDOWS\SYSTEM32\rbosmtxq.dll
2007-11-12 15:32 <REP> d--hs---- C:\FOUND.046
2007-11-12 15:25 145,984 --a------ C:\WINDOWS\SYSTEM32\saxnxsma.dll
2007-11-12 15:24 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-12 06:34 81,472 --a------ C:\WINDOWS\SYSTEM32\rbfwokwp.dll
2007-11-12 06:25 <REP> d-------- C:\VundoFix Backups
2007-11-12 05:59 <REP> d--hs---- C:\FOUND.045
2007-11-12 05:20 <REP> d--hs---- C:\FOUND.044
2007-11-11 18:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-11 17:11 71,232 --a------ C:\WINDOWS\SYSTEM32\jdmpsuyj.exe
2007-11-11 10:04 <REP> d--hs---- C:\FOUND.043
2007-11-11 09:10 <REP> d--hs---- C:\FOUND.042
2007-11-11 08:52 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-11-10 17:14 <REP> d-------- C:\Documents and Settings\yves\Application Data\Grisoft
2007-11-10 17:08 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-11-10 13:09 71,232 --a------ C:\WINDOWS\SYSTEM32\wdmnifwt.exe
2007-11-10 09:43 <REP> d-------- C:\Program Files\Washer
2007-11-10 09:43 44,032 --a------ C:\WINDOWS\unwash.exe
2007-11-10 08:46 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2007-11-10 07:11 <REP> d-------- C:\Program Files\Yahoo!
2007-11-09 10:54 <REP> d--hs---- C:\FOUND.041
2007-11-09 08:35 <REP> d--hs---- C:\FOUND.040
2007-11-09 08:25 <REP> d--hs---- C:\FOUND.039
2007-11-09 05:45 1,732 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-11-08 19:08 71,232 --a------ C:\WINDOWS\SYSTEM32\hpsimnpx.exe
2007-11-08 18:51 <REP> d--hs---- C:\FOUND.038
2007-11-08 16:37 <REP> d--hs---- C:\FOUND.037
2007-11-08 05:39 <REP> d--hs---- C:\FOUND.036
2007-11-08 05:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-07 08:07 86,080 --a------ C:\WINDOWS\SYSTEM32\trdcvkes.dll
2007-11-07 08:03 71,232 --a------ C:\WINDOWS\SYSTEM32\austchjp.exe
2007-11-07 08:01 <REP> d--hs---- C:\FOUND.035
2007-11-07 00:00 71,232 --a------ C:\WINDOWS\SYSTEM32\iodsjgun.exe
2007-11-06 23:57 <REP> d--hs---- C:\FOUND.034
2007-11-06 20:09 145,984 --a------ C:\WINDOWS\SYSTEM32\xheunbwv.dll
2007-11-06 11:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2007-11-05 08:53 <REP> d--hs---- C:\FOUND.033
2007-11-05 06:56 <REP> d--hs---- C:\FOUND.032
2007-11-04 10:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-04 10:00 626,688 --a------ C:\WINDOWS\SYSTEM32\msvcr80.dll
2007-11-04 09:59 <REP> d-------- C:\Program Files\Picasa2
2007-11-04 09:37 35,328 --a------ C:\WINDOWS\SYSTEM32\ssqqrqp.dll
2007-11-04 09:36 32,768 --a------ C:\Documents and Settings\yves\pdf.exe
2007-11-04 09:36 786 --a------ C:\1823.bat
2007-11-04 09:30 <REP> d-------- C:\Program Files\AKVIS
2007-11-04 09:17 86,080 --a------ C:\WINDOWS\SYSTEM32\lvpyodau.dll
2007-11-03 10:31 35,328 --a------ C:\WINDOWS\SYSTEM32\yayvwxv.dll
2007-11-03 08:53 <REP> d--hs---- C:\FOUND.031
2007-11-03 08:12 <REP> d--hs---- C:\FOUND.030
2007-11-02 07:28 <REP> d-------- C:\Documents and Settings\yves\Application Data\erreurchasseur
2007-11-02 07:23 <REP> d-------- C:\Program Files\Fichiers communs\ErreurChasseur
2007-11-02 07:23 <REP> dr------- C:\Documents and Settings\All Users\Application Data\erreurchasseur
2007-11-02 07:10 <REP> d--hs---- C:\FOUND.029
2007-11-02 06:41 <REP> d--hs---- C:\FOUND.028
2007-11-01 04:48 <REP> d-------- C:\My Downloads
2007-11-01 04:44 <REP> d--hs---- C:\FOUND.027
2007-11-01 03:34 <REP> d-------- C:\WINDOWS\SYSTEM32\Mz18r
2007-11-01 03:34 <REP> d-------- C:\Temp\mZOr
2007-11-01 03:34 <REP> d-------- C:\Temp
2007-10-31 07:46 <REP> d-------- C:\Program Files\Trend Micro
2007-10-31 07:24 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Ahead
2007-10-30 21:24 28,672 --a------ C:\Documents and Settings\yves\update.exe
2007-10-30 21:21 <REP> d--hs---- C:\FOUND.026
2007-10-30 14:03 <REP> d-------- C:\Documents and Settings\yves\Application Data\CopyToDvd
2007-10-30 12:49 <REP> d--hs---- C:\FOUND.025
2007-10-30 11:45 <REP> d-------- C:\Program Files\Adssite Advanced Toolbar
2007-10-30 11:45 <REP> d-------- C:\Documents and Settings\yves\Application Data\Adssite Advanced Toolbar
2007-10-30 11:44 147,456 --a------ C:\WINDOWS\SYSTEM32\vbzip10.dll
2007-10-30 11:41 82 --a------ C:\n.bat
2007-10-30 11:41 0 --a------ C:\z.dat
2007-10-30 11:40 32,256 --a------ C:\WINDOWS\SYSTEM32\mljhede.dll.vir
2007-10-29 13:25 <REP> d-------- C:\Program Files\vso
2007-10-29 12:21 <REP> d--hs---- C:\FOUND.024
2007-10-29 10:23 <REP> d-------- C:\Documents and Settings\yves\Application Data\Vso
2007-10-29 10:23 47,360 --a------ C:\Documents and Settings\yves\Application Data\pcouffin.sys
2007-10-29 10:23 39,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Pcouffin.sys
2007-10-29 10:15 <REP> d-------- C:\Documents and Settings\yves\Application Data\DivX
2007-10-29 10:14 129,784 --------- C:\WINDOWS\SYSTEM32\pxafs.dll
2007-10-29 10:14 120,056 --------- C:\WINDOWS\SYSTEM32\pxcpyi64.exe
2007-10-29 10:14 118,520 --------- C:\WINDOWS\SYSTEM32\pxinsi64.exe
2007-10-29 10:13 <REP> d-------- C:\Program Files\DivX
2007-10-29 09:05 6,058,496 --------- C:\WINDOWS\SYSTEM32\dllcache\ieframe.dll
2007-10-29 09:05 2,455,488 --------- C:\WINDOWS\SYSTEM32\dllcache\ieapfltr.dat
2007-10-29 09:05 459,264 --------- C:\WINDOWS\SYSTEM32\dllcache\msfeeds.dll
2007-10-29 09:05 383,488 --------- C:\WINDOWS\SYSTEM32\dllcache\ieapfltr.dll
2007-10-29 09:05 267,776 --------- C:\WINDOWS\SYSTEM32\dllcache\iertutil.dll
2007-10-29 09:05 63,488 --------- C:\WINDOWS\SYSTEM32\dllcache\icardie.dll
2007-10-29 09:05 52,224 --------- C:\WINDOWS\SYSTEM32\dllcache\msfeedsbs.dll
2007-10-29 09:05 13,824 --------- C:\WINDOWS\SYSTEM32\dllcache\ieudinit.exe
2007-10-29 09:04 <REP> d-------- C:\WINDOWS\SYSTEM32\fr-fr
2007-10-29 08:35 <REP> d-------- C:\Program Files\Microsoft.NET
2007-10-29 07:24 <REP> d--hs---- C:\FOUND.023
2007-10-28 08:42 <REP> d-------- C:\Program Files\ReflexiveArcade
2007-10-28 08:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-10-28 08:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
2007-10-28 08:36 <REP> d-------- C:\Program Files\BFG
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-10 07:46 --------- d-----w C:\Program Files\Hijackthis Version Française
2007-11-08 13:34 120,704 ----a-w C:\Documents and Settings\yves\Application Data\GDIPFONTCACHEV1.DAT
2007-10-30 10:44 278,542 ----a-w C:\WINDOWS\FONTS\Setup.exe
2007-10-12 12:11 --------- d-----w C:\Documents and Settings\yves\Application Data\muvee Technologies
2007-10-12 11:17 --------- d-----w C:\Program Files\muvee Technologies
2007-10-12 11:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\muvee Technologies
2007-10-11 21:58 --------- d-----w C:\Program Files\Ares
2007-10-11 21:58 --------- d-----w C:\Documents and Settings\yves\Application Data\Ares
2007-10-11 18:51 --------- d-----w C:\Program Files\Fichiers communs\Micro Application Shared
2007-10-11 05:48 --------- d-----w C:\Program Files\GT Interactive
2007-10-11 05:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-10 14:18 --------- d-----w C:\Program Files\IVT Corporation
2007-10-10 07:02 --------- d-----w C:\Documents and Settings\yves\Application Data\AdobeUM
2007-10-10 06:56 --------- d-----w C:\Program Files\PowerQuest
2007-10-10 06:51 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-10-10 06:51 --------- d-----w C:\Documents and Settings\yves\Application Data\TuneUp Software
2007-10-10 06:50 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-10 06:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2007-10-09 20:52 --------- d-----w C:\Program Files\eMule
2007-10-09 18:48 --------- d-----w C:\Documents and Settings\yves\Application Data\Snapfish
2007-10-09 06:35 --------- d-----w C:\Documents and Settings\yves\Application Data\Serif
2007-10-09 06:32 --------- d-----w C:\Program Files\Micro application
2007-10-08 06:04 --------- d-----w C:\Program Files\eBay
2007-10-08 06:04 --------- d-----w C:\Documents and Settings\yves\Application Data\WholeSecurity
2007-10-07 08:44 --------- d-----w C:\Documents and Settings\yves\Application Data\Ahead
2007-10-07 08:42 --------- d-----w C:\Program Files\Nero
2007-10-07 08:42 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-10-07 08:27 --------- d-----w C:\Program Files\DVD Shrink
2007-10-07 08:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-10-06 05:02 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-10-04 18:38 --------- d-----w C:\Program Files\ToniArts
2007-10-04 08:16 --------- d-----w C:\Program Files\Google
2007-10-04 08:11 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-10-04 06:57 --------- d-----w C:\Program Files\MSXML 4.0
2007-10-04 06:41 --------- d-----w C:\Program Files\MSN Messenger
2007-10-03 19:48 112 ----a-w C:\Documents and Settings\yves\Application Data\fusioncache.dat
2007-10-03 19:48 --------- d-----w C:\Documents and Settings\yves\Application Data\ApplicationHistory
2007-10-03 19:17 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-03 19:17 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-03 18:58 --------- d-----w C:\Documents and Settings\yves\Application Data\Dossier de téléchargement Share-to-Web
2007-10-03 18:53 --------- d-----w C:\Program Files\Mobile Action
2007-10-03 18:31 --------- d-----w C:\Program Files\CyberLink
2007-10-03 18:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2007-10-03 17:58 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-10-03 17:57 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K.SYS
2007-10-03 17:54 --------- d-----w C:\Documents and Settings\yves\Application Data\Dossier de téléchargement Share-to-Web
2007-10-03 17:53 --------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard
2007-10-03 17:43 --------- d-----w C:\Documents and Settings\yves\Application Data\HP
2007-10-03 17:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2007-10-03 17:40 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
2007-10-03 17:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2007-10-03 17:37 --------- d-----w C:\Program Files\Hewlett-Packard
2007-10-03 17:37 --------- d-----w C:\Program Files\Fichiers communs\HP
2007-10-03 17:33 --------- d-----w C:\Program Files\HP
2007-10-03 15:24 --------- d-----w C:\Program Files\Microids
2007-10-03 15:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-03 15:16 --------- d-----w C:\Program Files\Analog Devices
2007-10-03 14:59 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-10-03 14:53 --------- d-----w C:\Program Files\ma-config.com
2007-10-03 14:53 --------- d-----w C:\Documents and Settings\yves\Application Data\ma-config.com
2007-10-03 12:13 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-10-03 11:44 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2007-10-03 11:44 --------- d-----w C:\Program Files\Inventel
2007-10-03 11:43 81,920 ----a-w C:\WINDOWS\SYSTEM32\W32N50.dll
2007-10-03 11:43 17,134 ----a-w C:\WINDOWS\SYSTEM32\PCANDIS5.sys
2007-10-03 11:38 --------- d-----w C:\Program Files\Mobistar
2007-10-03 11:13 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-03 11:11 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-10-03 11:06 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-10-03 10:50 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-10-03 10:49 271 --sh--w C:\Program Files\desktop.ini
2007-10-03 10:49 23,506 ---h--w C:\Program Files\folder.htt
2007-10-03 10:44 19,275 ----a-w C:\WINDOWS\SETVER.EXE
2007-10-03 10:44 --------- d-----w C:\Program Files\Services en ligne
2007-10-03 10:40 --------- d-----w C:\Program Files\PLUS!
2007-10-03 10:40 --------- d-----r C:\Program Files\Accessoires
2007-09-28 16:08 156,992 ----a-w C:\WINDOWS\SYSTEM32\DivXCodecVersionChecker.exe
2007-09-28 16:07 524,288 ----a-w C:\WINDOWS\SYSTEM32\DivXsm.exe
2007-09-28 16:07 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-09-28 16:07 3,596,288 ----a-w C:\WINDOWS\SYSTEM32\qt-dx331.dll
2007-09-28 16:07 200,704 ----a-w C:\WINDOWS\SYSTEM32\ssldivx.dll
2007-09-28 16:07 1,044,480 ----a-w C:\WINDOWS\SYSTEM32\libdivx.dll
2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx0c.dll
2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx07.dll
2007-09-28 16:05 81,920 ----a-w C:\WINDOWS\SYSTEM32\dpl100.dll
2007-09-28 16:05 802,816 ----a-w C:\WINDOWS\SYSTEM32\divx_xx11.dll
2007-09-28 16:05 739,840 ----a-w C:\WINDOWS\SYSTEM32\DivX.dll
2007-09-28 16:05 593,920 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI11.dll
2007-09-28 16:05 57,344 ----a-w C:\WINDOWS\SYSTEM32\dpv11.dll
2007-09-28 16:05 53,248 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI10.dll
2007-09-28 16:05 344,064 ----a-w C:\WINDOWS\SYSTEM32\dpus11.dll
2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu11.dll
2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu10.dll
2007-09-28 16:05 196,608 ----a-w C:\WINDOWS\SYSTEM32\dtu100.dll
2007-09-28 16:05 12,288 ----a-w C:\WINDOWS\SYSTEM32\DivXWMPExtType.dll
2007-08-22 13:57 474,624 ------w C:\WINDOWS\SYSTEM32\dllcache\shlwapi.dll
2007-08-22 13:57 152,064 ------w C:\WINDOWS\SYSTEM32\dllcache\cdfview.dll
2007-08-22 13:57 1,498,624 ------w C:\WINDOWS\SYSTEM32\dllcache\shdocvw.dll
2007-08-22 13:57 1,056,768 ----a-w C:\WINDOWS\SYSTEM32\dllcache\danim.dll
2007-08-22 13:57 1,023,488 ------w C:\WINDOWS\SYSTEM32\dllcache\browseui.dll
.
((((((((((((((((((((((((((((( snapshot@2007-11-12_15.58.29.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-13 09:57:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
+ 2007-11-13 06:21:50 397,312 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\ntuser.dat
+ 2007-11-13 07:50:28 97,464 ----a-w C:\WINDOWS\SYSTEM32\Restore\rstrlog.dat
- 2006-01-09 08:36:06 40,960 ----a-w C:\WINDOWS\SYSTEM32\swsc.exe
+ 2006-11-29 16:21:30 370,688 ----a-w C:\WINDOWS\SYSTEM32\swsc.exe
- 2006-12-01 04:20:34 79,360 ----a-w C:\WINDOWS\SYSTEM32\swxcacls.exe
+ 2006-12-01 04:20:32 212,480 ----a-w C:\WINDOWS\SYSTEM32\swxcacls.exe
+ 2007-11-13 08:06:52 16,384 ----a-w C:\WINDOWS\TEMP\Perflib_Perfdata_504.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{090321c0-7c8d-4d20-b4c6-36a3d827530c}]
2007-11-12 15:44 81472 --a------ C:\WINDOWS\system32\hblqlbbh.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14304D95-043D-4994-B6F7-7C145682A2BA}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28698DBA-44D1-4AB1-8BC6-1F0F7CE10BDD}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{323D63A5-96A7-49A3-BCE0-C1449B9E8E19}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C8A568E-4201-478a-8536-526CF371D2E2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A57F4CFD-97E1-49C7-9580-C923BE27C63D}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CEAA0C83-2ED5-4E07-A50D-7F40B427A31D}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD719CDE-AE9F-45BF-AC62-734301461166}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-04-13 15:25]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"3f1512ae"="C:\WINDOWS\system32\rbosmtxq.dll" [2007-11-12 15:41]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-08 05:31]
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~2\wcescomm.exe" [2005-11-15 20:21]
"Washer"="C:\Program Files\Washer\washer.exe" [2003-01-13 10:08]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide de HP Photosmart Premier.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3f1512ae]
rundll32.exe "C:\WINDOWS\system32\trdcvkes.dll",b
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agent]
C:\Program Files\CyberLink\PowerVCRII\Agent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BestsellerAntivirus]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
C:\Program Files\HP\Digital Imaging\\Unload\hpqcmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaBtSh]
C:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote_Agent]
C:\Program Files\CyberLink\PowerVCRII\RemoteAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rtasks]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salestart]
"C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe" dm=http://erreurchasseur.com; ad=http://erreurchasseur.com
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray]
SysTray.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"Hidserv"=Hidserv.exe run
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
R2 BT848;Bt878, WDM Video Capture;C:\WINDOWS\system32\drivers\BT848.sys
R2 BTTUNER;BtTuner, WDM TvTuner;C:\WINDOWS\system32\drivers\BTTUNER.sys
R2 BTXBAR;BtXBar, WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.sys
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe -k netsvcs
R2 VVZT1435;VVZT1435;\??\C:\WINDOWS\System32\Drivers\VI76X672.sys
R2 XW4NJ5I9;XW4NJ5I9;\??\C:\WINDOWS\System32\Drivers\RK9PTCD2.sys
R3 Ma730Pt;MA730 Bluetooth VCOM Driver;C:\WINDOWS\system32\DRIVERS\Ma730Pt.sys
R3 Ma730Vad;MA730 Bluetooth Audio;C:\WINDOWS\system32\DRIVERS\Ma730Vad.sys
R3 PD100VID;Video Blaster WebCam 5 (WDM);C:\WINDOWS\system32\DRIVERS\PD100Vid.sys
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
S3 Ma730c;MA730 Bluetooth Core Driver;C:\WINDOWS\system32\DRIVERS\MA730C.sys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-09 20:09:20 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-13 11:24:12
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-13 11:25:43 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-12 15:59
.
--- E O F ---
Utilisateur anonyme
13 nov. 2007 à 12:25
13 nov. 2007 à 12:25
je croit que j'ai mal copier avant ! voila
Logfile of HijackThis v1.99.1
Scan saved at 12:24:11, on 13/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~2\wcescomm.exe
C:\Program Files\Washer\washer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: {c035728d-3a63-6c4b-02d4-d8c70c123090} - {090321c0-7c8d-4d20-b4c6-36a3d827530c} - C:\WINDOWS\system32\hblqlbbh.dll
O2 - BHO: (no name) - {14304D95-043D-4994-B6F7-7C145682A2BA} - (no file)
O2 - BHO: (no name) - {28698DBA-44D1-4AB1-8BC6-1F0F7CE10BDD} - (no file)
O2 - BHO: (no name) - {323D63A5-96A7-49A3-BCE0-C1449B9E8E19} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9C8A568E-4201-478a-8536-526CF371D2E2} - (no file)
O2 - BHO: (no name) - {A57F4CFD-97E1-49C7-9580-C923BE27C63D} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {CEAA0C83-2ED5-4E07-A50D-7F40B427A31D} - (no file)
O2 - BHO: (no name) - {DD719CDE-AE9F-45BF-AC62-734301461166} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [3f1512ae] rundll32.exe "C:\WINDOWS\system32\rbosmtxq.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~2\wcescomm.exe"
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Yahoo! Checkers - http://download2.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Literati - http://download2.games.yahoo.com/games/clients/y/tt5_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.be/SnapfishActivia.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Creative Technology Ltd. - (no file)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
Logfile of HijackThis v1.99.1
Scan saved at 12:24:11, on 13/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~2\wcescomm.exe
C:\Program Files\Washer\washer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: {c035728d-3a63-6c4b-02d4-d8c70c123090} - {090321c0-7c8d-4d20-b4c6-36a3d827530c} - C:\WINDOWS\system32\hblqlbbh.dll
O2 - BHO: (no name) - {14304D95-043D-4994-B6F7-7C145682A2BA} - (no file)
O2 - BHO: (no name) - {28698DBA-44D1-4AB1-8BC6-1F0F7CE10BDD} - (no file)
O2 - BHO: (no name) - {323D63A5-96A7-49A3-BCE0-C1449B9E8E19} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9C8A568E-4201-478a-8536-526CF371D2E2} - (no file)
O2 - BHO: (no name) - {A57F4CFD-97E1-49C7-9580-C923BE27C63D} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {CEAA0C83-2ED5-4E07-A50D-7F40B427A31D} - (no file)
O2 - BHO: (no name) - {DD719CDE-AE9F-45BF-AC62-734301461166} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [3f1512ae] rundll32.exe "C:\WINDOWS\system32\rbosmtxq.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~2\wcescomm.exe"
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Yahoo! Checkers - http://download2.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Literati - http://download2.games.yahoo.com/games/clients/y/tt5_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.be/SnapfishActivia.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Creative Technology Ltd. - (no file)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
13 nov. 2007 à 12:44
13 nov. 2007 à 12:44
ok
fais la suite de mon message 7 fix les ligne, colle otmovit...
fais la suite de mon message 7 fix les ligne, colle otmovit...
Utilisateur anonyme
13 nov. 2007 à 13:49
13 nov. 2007 à 13:49
DllUnregisterServer procedure not found in C:\WINDOWS\system32\hblqlbbh.dll
C:\WINDOWS\system32\hblqlbbh.dll NOT unregistered.
C:\WINDOWS\system32\hblqlbbh.dll moved successfully.
File/Folder C:\WINDOWS\SYSTEM32\zscprlhp.dll not found.
Created on 11/13/2007 13:48:28
C:\WINDOWS\system32\hblqlbbh.dll NOT unregistered.
C:\WINDOWS\system32\hblqlbbh.dll moved successfully.
File/Folder C:\WINDOWS\SYSTEM32\zscprlhp.dll not found.
Created on 11/13/2007 13:48:28
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
13 nov. 2007 à 13:55
13 nov. 2007 à 13:55
ok
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
secuser en ligne :
http://www.secuser.com/outils/antivirus.htm
__________________
recolle un nouveau rapport combofix et hijackthis et dis tes problemes
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
secuser en ligne :
http://www.secuser.com/outils/antivirus.htm
__________________
recolle un nouveau rapport combofix et hijackthis et dis tes problemes
Utilisateur anonyme
14 nov. 2007 à 10:22
14 nov. 2007 à 10:22
bonjour
j'ai fait un scan avec secuser et j'ai suprimer 2 problemes ! mais j'ai pas eu de rapport !
j'ai fait un scan avec secuser et j'ai suprimer 2 problemes ! mais j'ai pas eu de rapport !
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
14 nov. 2007 à 12:55
14 nov. 2007 à 12:55
ok
recolle un nouveau rapport combofix et hijackthis et dis tes problemes
recolle un nouveau rapport combofix et hijackthis et dis tes problemes
Utilisateur anonyme
14 nov. 2007 à 21:52
14 nov. 2007 à 21:52
ComboFix 07-11-08.1 - yves 2007-11-14 21:47:01.4 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.650 [GMT 1:00]
Running from: C:\Documents and Settings\yves\Local Settings\Temporary Internet Files\Content.IE5\WDJXY4BX\ComboFix[1].exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-10-14 to 2007-11-14 ))))))))))))))))))))))))))))))))))))
.
2007-11-14 10:25 <REP> d-------- C:\Program Files\Sunbelt Software
2007-11-14 09:50 <REP> d-------- C:\WINDOWS\AU_Temp
2007-11-14 09:36 <REP> d--hs---- C:\FOUND.048
2007-11-13 13:58 <REP> d-------- C:\WINDOWS\report
2007-11-13 13:58 <REP> d-------- C:\WINDOWS\AU_Backup
2007-11-13 13:58 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2007-11-13 13:58 267,845 --a------ C:\WINDOWS\tsc.exe
2007-11-13 13:58 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-11-13 13:58 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2007-11-13 13:55 <REP> d-------- C:\WINDOWS\AU_Log
2007-11-13 13:55 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-11-13 13:55 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-11-13 13:55 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-11-13 08:50 <REP> d-------- C:\Program Files\Common Files
2007-11-13 08:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-13 07:45 <REP> d--hs---- C:\FOUND.047
2007-11-12 15:32 <REP> d--hs---- C:\FOUND.046
2007-11-12 15:25 145,984 --a------ C:\WINDOWS\SYSTEM32\saxnxsma.dll
2007-11-12 15:24 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-12 06:34 81,472 --a------ C:\WINDOWS\SYSTEM32\rbfwokwp.dll
2007-11-12 06:25 <REP> d-------- C:\VundoFix Backups
2007-11-12 05:59 <REP> d--hs---- C:\FOUND.045
2007-11-12 05:20 <REP> d--hs---- C:\FOUND.044
2007-11-11 18:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-11 10:04 <REP> d--hs---- C:\FOUND.043
2007-11-11 09:10 <REP> d--hs---- C:\FOUND.042
2007-11-11 08:52 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-11-10 09:43 <REP> d-------- C:\Program Files\Washer
2007-11-10 09:43 44,032 --a------ C:\WINDOWS\unwash.exe
2007-11-10 08:46 <REP> d-------- C:\Program Files\Hijackthis Version Française
2007-11-10 07:11 <REP> d-------- C:\Program Files\Yahoo!
2007-11-09 10:54 <REP> d--hs---- C:\FOUND.041
2007-11-09 08:35 <REP> d--hs---- C:\FOUND.040
2007-11-09 08:25 <REP> d--hs---- C:\FOUND.039
2007-11-09 05:45 1,732 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-11-08 18:51 <REP> d--hs---- C:\FOUND.038
2007-11-08 16:37 <REP> d--hs---- C:\FOUND.037
2007-11-08 05:39 <REP> d--hs---- C:\FOUND.036
2007-11-07 08:07 86,080 --a------ C:\WINDOWS\SYSTEM32\trdcvkes.dll
2007-11-07 08:01 <REP> d--hs---- C:\FOUND.035
2007-11-06 23:57 <REP> d--hs---- C:\FOUND.034
2007-11-06 20:09 145,984 --a------ C:\WINDOWS\SYSTEM32\xheunbwv.dll
2007-11-06 11:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2007-11-05 08:53 <REP> d--hs---- C:\FOUND.033
2007-11-05 06:56 <REP> d--hs---- C:\FOUND.032
2007-11-04 10:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-04 10:00 626,688 --a------ C:\WINDOWS\SYSTEM32\msvcr80.dll
2007-11-04 09:37 35,328 --a------ C:\WINDOWS\SYSTEM32\ssqqrqp.dll
2007-11-04 09:36 32,768 --a------ C:\Documents and Settings\yves\pdf.exe
2007-11-04 09:36 786 --a------ C:\1823.bat
2007-11-04 09:30 <REP> d-------- C:\Program Files\AKVIS
2007-11-04 09:17 86,080 --a------ C:\WINDOWS\SYSTEM32\lvpyodau.dll
2007-11-03 10:31 35,328 --a------ C:\WINDOWS\SYSTEM32\yayvwxv.dll
2007-11-03 08:53 <REP> d--hs---- C:\FOUND.031
2007-11-03 08:12 <REP> d--hs---- C:\FOUND.030
2007-11-02 07:28 <REP> d-------- C:\Documents and Settings\yves\Application Data\erreurchasseur
2007-11-02 07:23 <REP> d-------- C:\Program Files\Fichiers communs\ErreurChasseur
2007-11-02 07:23 <REP> dr------- C:\Documents and Settings\All Users\Application Data\erreurchasseur
2007-11-02 07:10 <REP> d--hs---- C:\FOUND.029
2007-11-02 06:41 <REP> d--hs---- C:\FOUND.028
2007-11-01 04:48 <REP> d-------- C:\My Downloads
2007-11-01 04:44 <REP> d--hs---- C:\FOUND.027
2007-11-01 03:34 <REP> d-------- C:\WINDOWS\SYSTEM32\Mz18r
2007-11-01 03:34 <REP> d-------- C:\Temp\mZOr
2007-11-01 03:34 <REP> d-------- C:\Temp
2007-10-31 07:46 <REP> d-------- C:\Program Files\Trend Micro
2007-10-31 07:24 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Ahead
2007-10-30 21:24 28,672 --a------ C:\Documents and Settings\yves\update.exe
2007-10-30 21:21 <REP> d--hs---- C:\FOUND.026
2007-10-30 14:03 <REP> d-------- C:\Documents and Settings\yves\Application Data\CopyToDvd
2007-10-30 12:49 <REP> d--hs---- C:\FOUND.025
2007-10-30 11:45 <REP> d-------- C:\Program Files\Adssite Advanced Toolbar
2007-10-30 11:45 <REP> d-------- C:\Documents and Settings\yves\Application Data\Adssite Advanced Toolbar
2007-10-30 11:44 147,456 --a------ C:\WINDOWS\SYSTEM32\vbzip10.dll
2007-10-30 11:41 82 --a------ C:\n.bat
2007-10-30 11:41 0 --a------ C:\z.dat
2007-10-29 13:25 <REP> d-------- C:\Program Files\vso
2007-10-29 12:21 <REP> d--hs---- C:\FOUND.024
2007-10-29 10:23 <REP> d-------- C:\Documents and Settings\yves\Application Data\Vso
2007-10-29 10:23 47,360 --a------ C:\Documents and Settings\yves\Application Data\pcouffin.sys
2007-10-29 10:23 39,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Pcouffin.sys
2007-10-29 10:15 <REP> d-------- C:\Documents and Settings\yves\Application Data\DivX
2007-10-29 10:14 129,784 --------- C:\WINDOWS\SYSTEM32\pxafs.dll
2007-10-29 10:14 120,056 --------- C:\WINDOWS\SYSTEM32\pxcpyi64.exe
2007-10-29 10:14 118,520 --------- C:\WINDOWS\SYSTEM32\pxinsi64.exe
2007-10-29 10:13 <REP> d-------- C:\Program Files\DivX
2007-10-29 09:05 6,058,496 --------- C:\WINDOWS\SYSTEM32\dllcache\ieframe.dll
2007-10-29 09:05 2,455,488 --------- C:\WINDOWS\SYSTEM32\dllcache\ieapfltr.dat
2007-10-29 09:05 459,264 --------- C:\WINDOWS\SYSTEM32\dllcache\msfeeds.dll
2007-10-29 09:05 383,488 --------- C:\WINDOWS\SYSTEM32\dllcache\ieapfltr.dll
2007-10-29 09:05 267,776 --------- C:\WINDOWS\SYSTEM32\dllcache\iertutil.dll
2007-10-29 09:05 63,488 --------- C:\WINDOWS\SYSTEM32\dllcache\icardie.dll
2007-10-29 09:05 52,224 --------- C:\WINDOWS\SYSTEM32\dllcache\msfeedsbs.dll
2007-10-29 09:05 13,824 --------- C:\WINDOWS\SYSTEM32\dllcache\ieudinit.exe
2007-10-29 09:04 <REP> d-------- C:\WINDOWS\SYSTEM32\fr-fr
2007-10-29 08:35 <REP> d-------- C:\Program Files\Microsoft.NET
2007-10-29 07:24 <REP> d--hs---- C:\FOUND.023
2007-10-28 08:42 <REP> d-------- C:\Program Files\ReflexiveArcade
2007-10-28 08:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-10-28 08:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-08 13:34 120,704 ----a-w C:\Documents and Settings\yves\Application Data\GDIPFONTCACHEV1.DAT
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\SYSTEM32\dllcache\shell32.dll
2007-10-13 17:18 796,672 ----a-w C:\WINDOWS\GPInstall.exe
2007-10-13 17:18 --------- d-----w C:\Program Files\denouvel
2007-10-13 05:57 --------- d-----w C:\Documents and Settings\yves\Application Data\Microsoft Help
2007-10-13 05:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-12 12:11 --------- d-----w C:\Documents and Settings\yves\Application Data\muvee Technologies
2007-10-12 11:17 --------- d-----w C:\Program Files\muvee Technologies
2007-10-12 11:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\muvee Technologies
2007-10-11 21:58 --------- d-----w C:\Program Files\Ares
2007-10-11 21:58 --------- d-----w C:\Documents and Settings\yves\Application Data\Ares
2007-10-11 18:51 --------- d-----w C:\Program Files\Fichiers communs\Micro Application Shared
2007-10-11 05:48 --------- d-----w C:\Program Files\GT Interactive
2007-10-11 05:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-10 14:18 --------- d-----w C:\Program Files\IVT Corporation
2007-10-10 07:02 --------- d-----w C:\Documents and Settings\yves\Application Data\AdobeUM
2007-10-10 06:56 --------- d-----w C:\Program Files\PowerQuest
2007-10-10 06:51 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-10-10 06:51 --------- d-----w C:\Documents and Settings\yves\Application Data\TuneUp Software
2007-10-10 06:50 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-10 06:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2007-10-09 20:52 --------- d-----w C:\Program Files\eMule
2007-10-09 18:48 --------- d-----w C:\Documents and Settings\yves\Application Data\Snapfish
2007-10-09 06:35 --------- d-----w C:\Documents and Settings\yves\Application Data\Serif
2007-10-09 06:32 --------- d-----w C:\Program Files\Micro application
2007-10-08 06:04 --------- d-----w C:\Program Files\eBay
2007-10-08 06:04 --------- d-----w C:\Documents and Settings\yves\Application Data\WholeSecurity
2007-10-07 08:44 --------- d-----w C:\Documents and Settings\yves\Application Data\Ahead
2007-10-07 08:42 --------- d-----w C:\Program Files\Nero
2007-10-07 08:42 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-10-07 08:27 --------- d-----w C:\Program Files\DVD Shrink
2007-10-07 08:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-10-06 05:02 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-10-04 18:38 --------- d-----w C:\Program Files\ToniArts
2007-10-04 08:16 --------- d-----w C:\Program Files\Google
2007-10-04 08:11 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-10-04 06:57 --------- d-----w C:\Program Files\MSXML 4.0
2007-10-04 06:41 --------- d-----w C:\Program Files\MSN Messenger
2007-10-03 19:48 112 ----a-w C:\Documents and Settings\yves\Application Data\fusioncache.dat
2007-10-03 19:48 --------- d-----w C:\Documents and Settings\yves\Application Data\ApplicationHistory
2007-10-03 19:17 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-03 19:17 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-03 18:58 --------- d-----w C:\Documents and Settings\yves\Application Data\Dossier de téléchargement Share-to-Web
2007-10-03 18:53 --------- d-----w C:\Program Files\Mobile Action
2007-10-03 18:31 --------- d-----w C:\Program Files\CyberLink
2007-10-03 18:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2007-10-03 17:58 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-10-03 17:57 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K.SYS
2007-10-03 17:54 --------- d-----w C:\Documents and Settings\yves\Application Data\Dossier de téléchargement Share-to-Web
2007-10-03 17:53 --------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard
2007-10-03 17:43 --------- d-----w C:\Documents and Settings\yves\Application Data\HP
2007-10-03 17:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2007-10-03 17:40 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
2007-10-03 17:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2007-10-03 17:37 --------- d-----w C:\Program Files\Hewlett-Packard
2007-10-03 17:37 --------- d-----w C:\Program Files\Fichiers communs\HP
2007-10-03 17:33 --------- d-----w C:\Program Files\HP
2007-10-03 15:24 --------- d-----w C:\Program Files\Microids
2007-10-03 15:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-03 15:16 --------- d-----w C:\Program Files\Analog Devices
2007-10-03 14:59 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-10-03 14:53 --------- d-----w C:\Program Files\ma-config.com
2007-10-03 14:53 --------- d-----w C:\Documents and Settings\yves\Application Data\ma-config.com
2007-10-03 12:13 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-10-03 11:44 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2007-10-03 11:44 --------- d-----w C:\Program Files\Inventel
2007-10-03 11:43 81,920 ----a-w C:\WINDOWS\SYSTEM32\W32N50.dll
2007-10-03 11:43 17,134 ----a-w C:\WINDOWS\SYSTEM32\PCANDIS5.sys
2007-10-03 11:38 --------- d-----w C:\Program Files\Mobistar
2007-10-03 11:13 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-03 11:11 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-10-03 11:06 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-10-03 10:50 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-10-03 10:49 271 --sh--w C:\Program Files\desktop.ini
2007-10-03 10:49 23,506 ---h--w C:\Program Files\folder.htt
2007-10-03 10:44 19,275 ----a-w C:\WINDOWS\SETVER.EXE
2007-10-03 10:44 --------- d-----w C:\Program Files\Services en ligne
2007-10-03 10:40 --------- d-----w C:\Program Files\PLUS!
2007-10-03 10:40 --------- d-----r C:\Program Files\Accessoires
2007-09-28 16:08 156,992 ----a-w C:\WINDOWS\SYSTEM32\DivXCodecVersionChecker.exe
2007-09-28 16:07 524,288 ----a-w C:\WINDOWS\SYSTEM32\DivXsm.exe
2007-09-28 16:07 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-09-28 16:07 3,596,288 ----a-w C:\WINDOWS\SYSTEM32\qt-dx331.dll
2007-09-28 16:07 200,704 ----a-w C:\WINDOWS\SYSTEM32\ssldivx.dll
2007-09-28 16:07 1,044,480 ----a-w C:\WINDOWS\SYSTEM32\libdivx.dll
2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx0c.dll
2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx07.dll
2007-09-28 16:05 81,920 ----a-w C:\WINDOWS\SYSTEM32\dpl100.dll
2007-09-28 16:05 802,816 ----a-w C:\WINDOWS\SYSTEM32\divx_xx11.dll
2007-09-28 16:05 739,840 ----a-w C:\WINDOWS\SYSTEM32\DivX.dll
2007-09-28 16:05 593,920 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI11.dll
2007-09-28 16:05 57,344 ----a-w C:\WINDOWS\SYSTEM32\dpv11.dll
2007-09-28 16:05 53,248 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI10.dll
2007-09-28 16:05 344,064 ----a-w C:\WINDOWS\SYSTEM32\dpus11.dll
2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu11.dll
2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu10.dll
2007-09-28 16:05 196,608 ----a-w C:\WINDOWS\SYSTEM32\dtu100.dll
2007-09-28 16:05 12,288 ----a-w C:\WINDOWS\SYSTEM32\DivXWMPExtType.dll
2007-08-22 13:57 474,624 ------w C:\WINDOWS\SYSTEM32\dllcache\shlwapi.dll
2007-08-22 13:57 152,064 ------w C:\WINDOWS\SYSTEM32\dllcache\cdfview.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-04-13 15:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~2\wcescomm.exe" [2005-11-15 20:21]
"Washer"="C:\Program Files\Washer\washer.exe" [2003-01-13 10:08]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"washindex"=C:\Program Files\Washer\washidx.exe "yves"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide de HP Photosmart Premier.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3f1512ae]
rundll32.exe "C:\WINDOWS\system32\trdcvkes.dll",b
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agent]
C:\Program Files\CyberLink\PowerVCRII\Agent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BestsellerAntivirus]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
C:\Program Files\HP\Digital Imaging\\Unload\hpqcmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaBtSh]
C:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote_Agent]
C:\Program Files\CyberLink\PowerVCRII\RemoteAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rtasks]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salestart]
"C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe" dm=http://erreurchasseur.com; ad=http://erreurchasseur.com
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray]
SysTray.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"Hidserv"=Hidserv.exe run
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R2 BT848;Bt878, WDM Video Capture;C:\WINDOWS\system32\drivers\BT848.sys
R2 BTTUNER;BtTuner, WDM TvTuner;C:\WINDOWS\system32\drivers\BTTUNER.sys
R2 BTXBAR;BtXBar, WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.sys
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe -k netsvcs
R2 VVZT1435;VVZT1435;\??\C:\WINDOWS\System32\Drivers\VI76X672.sys
R2 XW4NJ5I9;XW4NJ5I9;\??\C:\WINDOWS\System32\Drivers\RK9PTCD2.sys
R3 Ma730Pt;MA730 Bluetooth VCOM Driver;C:\WINDOWS\system32\DRIVERS\Ma730Pt.sys
R3 Ma730Vad;MA730 Bluetooth Audio;C:\WINDOWS\system32\DRIVERS\Ma730Vad.sys
R3 PD100VID;Video Blaster WebCam 5 (WDM);C:\WINDOWS\system32\DRIVERS\PD100Vid.sys
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
S3 Ma730c;MA730 Bluetooth Core Driver;C:\WINDOWS\system32\DRIVERS\MA730C.sys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-09 20:09:20 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-14 21:50:39
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-14 21:52:19
C:\ComboFix3.txt ... 2007-11-12 15:59
C:\ComboFix2.txt ... 2007-11-13 11:25
.
--- E O F ---
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.650 [GMT 1:00]
Running from: C:\Documents and Settings\yves\Local Settings\Temporary Internet Files\Content.IE5\WDJXY4BX\ComboFix[1].exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-10-14 to 2007-11-14 ))))))))))))))))))))))))))))))))))))
.
2007-11-14 10:25 <REP> d-------- C:\Program Files\Sunbelt Software
2007-11-14 09:50 <REP> d-------- C:\WINDOWS\AU_Temp
2007-11-14 09:36 <REP> d--hs---- C:\FOUND.048
2007-11-13 13:58 <REP> d-------- C:\WINDOWS\report
2007-11-13 13:58 <REP> d-------- C:\WINDOWS\AU_Backup
2007-11-13 13:58 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2007-11-13 13:58 267,845 --a------ C:\WINDOWS\tsc.exe
2007-11-13 13:58 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-11-13 13:58 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2007-11-13 13:55 <REP> d-------- C:\WINDOWS\AU_Log
2007-11-13 13:55 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-11-13 13:55 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-11-13 13:55 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-11-13 08:50 <REP> d-------- C:\Program Files\Common Files
2007-11-13 08:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-13 07:45 <REP> d--hs---- C:\FOUND.047
2007-11-12 15:32 <REP> d--hs---- C:\FOUND.046
2007-11-12 15:25 145,984 --a------ C:\WINDOWS\SYSTEM32\saxnxsma.dll
2007-11-12 15:24 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-12 06:34 81,472 --a------ C:\WINDOWS\SYSTEM32\rbfwokwp.dll
2007-11-12 06:25 <REP> d-------- C:\VundoFix Backups
2007-11-12 05:59 <REP> d--hs---- C:\FOUND.045
2007-11-12 05:20 <REP> d--hs---- C:\FOUND.044
2007-11-11 18:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-11 10:04 <REP> d--hs---- C:\FOUND.043
2007-11-11 09:10 <REP> d--hs---- C:\FOUND.042
2007-11-11 08:52 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-11-10 09:43 <REP> d-------- C:\Program Files\Washer
2007-11-10 09:43 44,032 --a------ C:\WINDOWS\unwash.exe
2007-11-10 08:46 <REP> d-------- C:\Program Files\Hijackthis Version Française
2007-11-10 07:11 <REP> d-------- C:\Program Files\Yahoo!
2007-11-09 10:54 <REP> d--hs---- C:\FOUND.041
2007-11-09 08:35 <REP> d--hs---- C:\FOUND.040
2007-11-09 08:25 <REP> d--hs---- C:\FOUND.039
2007-11-09 05:45 1,732 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-11-08 18:51 <REP> d--hs---- C:\FOUND.038
2007-11-08 16:37 <REP> d--hs---- C:\FOUND.037
2007-11-08 05:39 <REP> d--hs---- C:\FOUND.036
2007-11-07 08:07 86,080 --a------ C:\WINDOWS\SYSTEM32\trdcvkes.dll
2007-11-07 08:01 <REP> d--hs---- C:\FOUND.035
2007-11-06 23:57 <REP> d--hs---- C:\FOUND.034
2007-11-06 20:09 145,984 --a------ C:\WINDOWS\SYSTEM32\xheunbwv.dll
2007-11-06 11:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2007-11-05 08:53 <REP> d--hs---- C:\FOUND.033
2007-11-05 06:56 <REP> d--hs---- C:\FOUND.032
2007-11-04 10:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-04 10:00 626,688 --a------ C:\WINDOWS\SYSTEM32\msvcr80.dll
2007-11-04 09:37 35,328 --a------ C:\WINDOWS\SYSTEM32\ssqqrqp.dll
2007-11-04 09:36 32,768 --a------ C:\Documents and Settings\yves\pdf.exe
2007-11-04 09:36 786 --a------ C:\1823.bat
2007-11-04 09:30 <REP> d-------- C:\Program Files\AKVIS
2007-11-04 09:17 86,080 --a------ C:\WINDOWS\SYSTEM32\lvpyodau.dll
2007-11-03 10:31 35,328 --a------ C:\WINDOWS\SYSTEM32\yayvwxv.dll
2007-11-03 08:53 <REP> d--hs---- C:\FOUND.031
2007-11-03 08:12 <REP> d--hs---- C:\FOUND.030
2007-11-02 07:28 <REP> d-------- C:\Documents and Settings\yves\Application Data\erreurchasseur
2007-11-02 07:23 <REP> d-------- C:\Program Files\Fichiers communs\ErreurChasseur
2007-11-02 07:23 <REP> dr------- C:\Documents and Settings\All Users\Application Data\erreurchasseur
2007-11-02 07:10 <REP> d--hs---- C:\FOUND.029
2007-11-02 06:41 <REP> d--hs---- C:\FOUND.028
2007-11-01 04:48 <REP> d-------- C:\My Downloads
2007-11-01 04:44 <REP> d--hs---- C:\FOUND.027
2007-11-01 03:34 <REP> d-------- C:\WINDOWS\SYSTEM32\Mz18r
2007-11-01 03:34 <REP> d-------- C:\Temp\mZOr
2007-11-01 03:34 <REP> d-------- C:\Temp
2007-10-31 07:46 <REP> d-------- C:\Program Files\Trend Micro
2007-10-31 07:24 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Ahead
2007-10-30 21:24 28,672 --a------ C:\Documents and Settings\yves\update.exe
2007-10-30 21:21 <REP> d--hs---- C:\FOUND.026
2007-10-30 14:03 <REP> d-------- C:\Documents and Settings\yves\Application Data\CopyToDvd
2007-10-30 12:49 <REP> d--hs---- C:\FOUND.025
2007-10-30 11:45 <REP> d-------- C:\Program Files\Adssite Advanced Toolbar
2007-10-30 11:45 <REP> d-------- C:\Documents and Settings\yves\Application Data\Adssite Advanced Toolbar
2007-10-30 11:44 147,456 --a------ C:\WINDOWS\SYSTEM32\vbzip10.dll
2007-10-30 11:41 82 --a------ C:\n.bat
2007-10-30 11:41 0 --a------ C:\z.dat
2007-10-29 13:25 <REP> d-------- C:\Program Files\vso
2007-10-29 12:21 <REP> d--hs---- C:\FOUND.024
2007-10-29 10:23 <REP> d-------- C:\Documents and Settings\yves\Application Data\Vso
2007-10-29 10:23 47,360 --a------ C:\Documents and Settings\yves\Application Data\pcouffin.sys
2007-10-29 10:23 39,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Pcouffin.sys
2007-10-29 10:15 <REP> d-------- C:\Documents and Settings\yves\Application Data\DivX
2007-10-29 10:14 129,784 --------- C:\WINDOWS\SYSTEM32\pxafs.dll
2007-10-29 10:14 120,056 --------- C:\WINDOWS\SYSTEM32\pxcpyi64.exe
2007-10-29 10:14 118,520 --------- C:\WINDOWS\SYSTEM32\pxinsi64.exe
2007-10-29 10:13 <REP> d-------- C:\Program Files\DivX
2007-10-29 09:05 6,058,496 --------- C:\WINDOWS\SYSTEM32\dllcache\ieframe.dll
2007-10-29 09:05 2,455,488 --------- C:\WINDOWS\SYSTEM32\dllcache\ieapfltr.dat
2007-10-29 09:05 459,264 --------- C:\WINDOWS\SYSTEM32\dllcache\msfeeds.dll
2007-10-29 09:05 383,488 --------- C:\WINDOWS\SYSTEM32\dllcache\ieapfltr.dll
2007-10-29 09:05 267,776 --------- C:\WINDOWS\SYSTEM32\dllcache\iertutil.dll
2007-10-29 09:05 63,488 --------- C:\WINDOWS\SYSTEM32\dllcache\icardie.dll
2007-10-29 09:05 52,224 --------- C:\WINDOWS\SYSTEM32\dllcache\msfeedsbs.dll
2007-10-29 09:05 13,824 --------- C:\WINDOWS\SYSTEM32\dllcache\ieudinit.exe
2007-10-29 09:04 <REP> d-------- C:\WINDOWS\SYSTEM32\fr-fr
2007-10-29 08:35 <REP> d-------- C:\Program Files\Microsoft.NET
2007-10-29 07:24 <REP> d--hs---- C:\FOUND.023
2007-10-28 08:42 <REP> d-------- C:\Program Files\ReflexiveArcade
2007-10-28 08:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-10-28 08:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-08 13:34 120,704 ----a-w C:\Documents and Settings\yves\Application Data\GDIPFONTCACHEV1.DAT
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\SYSTEM32\dllcache\shell32.dll
2007-10-13 17:18 796,672 ----a-w C:\WINDOWS\GPInstall.exe
2007-10-13 17:18 --------- d-----w C:\Program Files\denouvel
2007-10-13 05:57 --------- d-----w C:\Documents and Settings\yves\Application Data\Microsoft Help
2007-10-13 05:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-12 12:11 --------- d-----w C:\Documents and Settings\yves\Application Data\muvee Technologies
2007-10-12 11:17 --------- d-----w C:\Program Files\muvee Technologies
2007-10-12 11:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\muvee Technologies
2007-10-11 21:58 --------- d-----w C:\Program Files\Ares
2007-10-11 21:58 --------- d-----w C:\Documents and Settings\yves\Application Data\Ares
2007-10-11 18:51 --------- d-----w C:\Program Files\Fichiers communs\Micro Application Shared
2007-10-11 05:48 --------- d-----w C:\Program Files\GT Interactive
2007-10-11 05:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-10 14:18 --------- d-----w C:\Program Files\IVT Corporation
2007-10-10 07:02 --------- d-----w C:\Documents and Settings\yves\Application Data\AdobeUM
2007-10-10 06:56 --------- d-----w C:\Program Files\PowerQuest
2007-10-10 06:51 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-10-10 06:51 --------- d-----w C:\Documents and Settings\yves\Application Data\TuneUp Software
2007-10-10 06:50 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-10 06:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2007-10-09 20:52 --------- d-----w C:\Program Files\eMule
2007-10-09 18:48 --------- d-----w C:\Documents and Settings\yves\Application Data\Snapfish
2007-10-09 06:35 --------- d-----w C:\Documents and Settings\yves\Application Data\Serif
2007-10-09 06:32 --------- d-----w C:\Program Files\Micro application
2007-10-08 06:04 --------- d-----w C:\Program Files\eBay
2007-10-08 06:04 --------- d-----w C:\Documents and Settings\yves\Application Data\WholeSecurity
2007-10-07 08:44 --------- d-----w C:\Documents and Settings\yves\Application Data\Ahead
2007-10-07 08:42 --------- d-----w C:\Program Files\Nero
2007-10-07 08:42 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-10-07 08:27 --------- d-----w C:\Program Files\DVD Shrink
2007-10-07 08:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-10-06 05:02 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-10-04 18:38 --------- d-----w C:\Program Files\ToniArts
2007-10-04 08:16 --------- d-----w C:\Program Files\Google
2007-10-04 08:11 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-10-04 06:57 --------- d-----w C:\Program Files\MSXML 4.0
2007-10-04 06:41 --------- d-----w C:\Program Files\MSN Messenger
2007-10-03 19:48 112 ----a-w C:\Documents and Settings\yves\Application Data\fusioncache.dat
2007-10-03 19:48 --------- d-----w C:\Documents and Settings\yves\Application Data\ApplicationHistory
2007-10-03 19:17 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-03 19:17 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-03 18:58 --------- d-----w C:\Documents and Settings\yves\Application Data\Dossier de téléchargement Share-to-Web
2007-10-03 18:53 --------- d-----w C:\Program Files\Mobile Action
2007-10-03 18:31 --------- d-----w C:\Program Files\CyberLink
2007-10-03 18:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2007-10-03 17:58 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-10-03 17:57 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K.SYS
2007-10-03 17:54 --------- d-----w C:\Documents and Settings\yves\Application Data\Dossier de téléchargement Share-to-Web
2007-10-03 17:53 --------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard
2007-10-03 17:43 --------- d-----w C:\Documents and Settings\yves\Application Data\HP
2007-10-03 17:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2007-10-03 17:40 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
2007-10-03 17:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2007-10-03 17:37 --------- d-----w C:\Program Files\Hewlett-Packard
2007-10-03 17:37 --------- d-----w C:\Program Files\Fichiers communs\HP
2007-10-03 17:33 --------- d-----w C:\Program Files\HP
2007-10-03 15:24 --------- d-----w C:\Program Files\Microids
2007-10-03 15:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-03 15:16 --------- d-----w C:\Program Files\Analog Devices
2007-10-03 14:59 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-10-03 14:53 --------- d-----w C:\Program Files\ma-config.com
2007-10-03 14:53 --------- d-----w C:\Documents and Settings\yves\Application Data\ma-config.com
2007-10-03 12:13 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-10-03 11:44 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2007-10-03 11:44 --------- d-----w C:\Program Files\Inventel
2007-10-03 11:43 81,920 ----a-w C:\WINDOWS\SYSTEM32\W32N50.dll
2007-10-03 11:43 17,134 ----a-w C:\WINDOWS\SYSTEM32\PCANDIS5.sys
2007-10-03 11:38 --------- d-----w C:\Program Files\Mobistar
2007-10-03 11:13 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-03 11:11 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-10-03 11:06 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-10-03 10:50 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-10-03 10:49 271 --sh--w C:\Program Files\desktop.ini
2007-10-03 10:49 23,506 ---h--w C:\Program Files\folder.htt
2007-10-03 10:44 19,275 ----a-w C:\WINDOWS\SETVER.EXE
2007-10-03 10:44 --------- d-----w C:\Program Files\Services en ligne
2007-10-03 10:40 --------- d-----w C:\Program Files\PLUS!
2007-10-03 10:40 --------- d-----r C:\Program Files\Accessoires
2007-09-28 16:08 156,992 ----a-w C:\WINDOWS\SYSTEM32\DivXCodecVersionChecker.exe
2007-09-28 16:07 524,288 ----a-w C:\WINDOWS\SYSTEM32\DivXsm.exe
2007-09-28 16:07 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-09-28 16:07 3,596,288 ----a-w C:\WINDOWS\SYSTEM32\qt-dx331.dll
2007-09-28 16:07 200,704 ----a-w C:\WINDOWS\SYSTEM32\ssldivx.dll
2007-09-28 16:07 1,044,480 ----a-w C:\WINDOWS\SYSTEM32\libdivx.dll
2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx0c.dll
2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx07.dll
2007-09-28 16:05 81,920 ----a-w C:\WINDOWS\SYSTEM32\dpl100.dll
2007-09-28 16:05 802,816 ----a-w C:\WINDOWS\SYSTEM32\divx_xx11.dll
2007-09-28 16:05 739,840 ----a-w C:\WINDOWS\SYSTEM32\DivX.dll
2007-09-28 16:05 593,920 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI11.dll
2007-09-28 16:05 57,344 ----a-w C:\WINDOWS\SYSTEM32\dpv11.dll
2007-09-28 16:05 53,248 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI10.dll
2007-09-28 16:05 344,064 ----a-w C:\WINDOWS\SYSTEM32\dpus11.dll
2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu11.dll
2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu10.dll
2007-09-28 16:05 196,608 ----a-w C:\WINDOWS\SYSTEM32\dtu100.dll
2007-09-28 16:05 12,288 ----a-w C:\WINDOWS\SYSTEM32\DivXWMPExtType.dll
2007-08-22 13:57 474,624 ------w C:\WINDOWS\SYSTEM32\dllcache\shlwapi.dll
2007-08-22 13:57 152,064 ------w C:\WINDOWS\SYSTEM32\dllcache\cdfview.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-04-13 15:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~2\wcescomm.exe" [2005-11-15 20:21]
"Washer"="C:\Program Files\Washer\washer.exe" [2003-01-13 10:08]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"washindex"=C:\Program Files\Washer\washidx.exe "yves"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide de HP Photosmart Premier.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3f1512ae]
rundll32.exe "C:\WINDOWS\system32\trdcvkes.dll",b
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agent]
C:\Program Files\CyberLink\PowerVCRII\Agent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BestsellerAntivirus]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
C:\Program Files\HP\Digital Imaging\\Unload\hpqcmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaBtSh]
C:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote_Agent]
C:\Program Files\CyberLink\PowerVCRII\RemoteAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rtasks]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salestart]
"C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe" dm=http://erreurchasseur.com; ad=http://erreurchasseur.com
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray]
SysTray.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"Hidserv"=Hidserv.exe run
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R2 BT848;Bt878, WDM Video Capture;C:\WINDOWS\system32\drivers\BT848.sys
R2 BTTUNER;BtTuner, WDM TvTuner;C:\WINDOWS\system32\drivers\BTTUNER.sys
R2 BTXBAR;BtXBar, WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.sys
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe -k netsvcs
R2 VVZT1435;VVZT1435;\??\C:\WINDOWS\System32\Drivers\VI76X672.sys
R2 XW4NJ5I9;XW4NJ5I9;\??\C:\WINDOWS\System32\Drivers\RK9PTCD2.sys
R3 Ma730Pt;MA730 Bluetooth VCOM Driver;C:\WINDOWS\system32\DRIVERS\Ma730Pt.sys
R3 Ma730Vad;MA730 Bluetooth Audio;C:\WINDOWS\system32\DRIVERS\Ma730Vad.sys
R3 PD100VID;Video Blaster WebCam 5 (WDM);C:\WINDOWS\system32\DRIVERS\PD100Vid.sys
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
S3 Ma730c;MA730 Bluetooth Core Driver;C:\WINDOWS\system32\DRIVERS\MA730C.sys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-09 20:09:20 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-14 21:50:39
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-14 21:52:19
C:\ComboFix3.txt ... 2007-11-12 15:59
C:\ComboFix2.txt ... 2007-11-13 11:25
.
--- E O F ---
Utilisateur anonyme
14 nov. 2007 à 21:55
14 nov. 2007 à 21:55
voila ! je n'ai plus de probleme concernant mon infection! mais pc plante souvant! mais je sait pas de ou sa vient!
merci milles fois!
Logfile of HijackThis v1.99.1
Scan saved at 21:53:44, on 14/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~2\wcescomm.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [washindex] C:\Program Files\Washer\washidx.exe "yves"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~2\wcescomm.exe"
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Yahoo! Checkers - http://download2.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Literati - http://download2.games.yahoo.com/games/clients/y/tt5_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.be/SnapfishActivia.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Creative Technology Ltd. - (no file)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
merci milles fois!
Logfile of HijackThis v1.99.1
Scan saved at 21:53:44, on 14/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~2\wcescomm.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [washindex] C:\Program Files\Washer\washidx.exe "yves"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~2\wcescomm.exe"
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Yahoo! Checkers - http://download2.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Literati - http://download2.games.yahoo.com/games/clients/y/tt5_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.be/SnapfishActivia.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Creative Technology Ltd. - (no file)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
15 nov. 2007 à 20:16
15 nov. 2007 à 20:16
analyse ces fichiers sur virus total et dis moi lequels sont inféctés;
https://www.virustotal.com/gui/
C:\WINDOWS\vsapi32.dll
C:\WINDOWS\hcextoutput.dll
C:\WINDOWS\SYSTEM32\saxnxsma.dll
C:\WINDOWS\SYSTEM32\rbfwokwp.dll
C:\WINDOWS\SYSTEM32\tmp.reg
C:\WINDOWS\SYSTEM32\trdcvkes.dll
C:\WINDOWS\SYSTEM32\xheunbwv.dll
C:\WINDOWS\SYSTEM32\msvcr80.dll
C:\WINDOWS\SYSTEM32\ssqqrqp.dll
C:\WINDOWS\SYSTEM32\lvpyodau.dll
C:\WINDOWS\SYSTEM32\yayvwxv.dll
_____________________
Colle le rapport :
Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.
Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean
Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.
Manuel de clean :
http://kerio.probb.fr/tuto-Clean-h37.html
_______________________
https://www.virustotal.com/gui/
C:\WINDOWS\vsapi32.dll
C:\WINDOWS\hcextoutput.dll
C:\WINDOWS\SYSTEM32\saxnxsma.dll
C:\WINDOWS\SYSTEM32\rbfwokwp.dll
C:\WINDOWS\SYSTEM32\tmp.reg
C:\WINDOWS\SYSTEM32\trdcvkes.dll
C:\WINDOWS\SYSTEM32\xheunbwv.dll
C:\WINDOWS\SYSTEM32\msvcr80.dll
C:\WINDOWS\SYSTEM32\ssqqrqp.dll
C:\WINDOWS\SYSTEM32\lvpyodau.dll
C:\WINDOWS\SYSTEM32\yayvwxv.dll
_____________________
Colle le rapport :
Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.
Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean
Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.
Manuel de clean :
http://kerio.probb.fr/tuto-Clean-h37.html
_______________________
Utilisateur anonyme
15 nov. 2007 à 22:52
15 nov. 2007 à 22:52
Fichier rbfwokwp.dll_ reçu le 2007.11.15 22:41:57 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 8/32 (25%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 6.
L'heure estimée de démarrage est entre 55 et 78 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.
Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.11.16.0 2007.11.15 -
AntiVir 7.6.0.34 2007.11.15 TR/Dldr.ConHook.Gen
Authentium 4.93.8 2007.11.15 -
Avast 4.7.1074.0 2007.11.15 -
AVG 7.5.0.503 2007.11.15 Lop
BitDefender 7.2 2007.11.15 -
CAT-QuickHeal 9.00 2007.11.15 -
ClamAV 0.91.2 2007.11.15 -
DrWeb 4.44.0.09170 2007.11.15 -
eSafe 7.0.15.0 2007.11.14 -
eTrust-Vet 31.2.5297 2007.11.15 -
Ewido 4.0 2007.11.15 -
FileAdvisor 1 2007.11.15 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.14 -
F-Secure 6.70.13030.0 2007.11.15 Vundo.gen49
Ikarus T3.1.1.12 2007.11.15 -
Kaspersky 7.0.0.125 2007.11.15 -
McAfee 5164 2007.11.15 Vundo
Microsoft 1.3007 2007.11.12 -
NOD32v2 2661 2007.11.15 -
Norman 5.80.02 2007.11.15 W32/Virtumonde.IJR
Panda 9.0.0.4 2007.11.15 Suspicious file
Prevx1 V2 2007.11.15 Trojan.Vundo
Rising 20.18.31.00 2007.11.15 -
Sophos 4.23.0 2007.11.15 -
Sunbelt 2.2.907.0 2007.11.15 -
Symantec 10 2007.11.15 -
TheHacker 6.2.9.129 2007.11.15 -
VBA32 3.12.2.5 2007.11.15 -
VirusBuster 4.3.26:9 2007.11.15 -
Webwasher-Gateway 6.0.1 2007.11.15 Trojan.Dldr.ConHook.Gen
Information additionnelle
File size: 81472 bytes
MD5: f8bf00829c67f38d9631d8707884a78e
SHA1: 1d14bf0604ec7714e37e0ca44e9d2c343c8ba812
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=3821B1D140B8653B3E18018CF8356100F9A09EF2
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 8/32 (25%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 6.
L'heure estimée de démarrage est entre 55 et 78 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.
Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.11.16.0 2007.11.15 -
AntiVir 7.6.0.34 2007.11.15 TR/Dldr.ConHook.Gen
Authentium 4.93.8 2007.11.15 -
Avast 4.7.1074.0 2007.11.15 -
AVG 7.5.0.503 2007.11.15 Lop
BitDefender 7.2 2007.11.15 -
CAT-QuickHeal 9.00 2007.11.15 -
ClamAV 0.91.2 2007.11.15 -
DrWeb 4.44.0.09170 2007.11.15 -
eSafe 7.0.15.0 2007.11.14 -
eTrust-Vet 31.2.5297 2007.11.15 -
Ewido 4.0 2007.11.15 -
FileAdvisor 1 2007.11.15 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.14 -
F-Secure 6.70.13030.0 2007.11.15 Vundo.gen49
Ikarus T3.1.1.12 2007.11.15 -
Kaspersky 7.0.0.125 2007.11.15 -
McAfee 5164 2007.11.15 Vundo
Microsoft 1.3007 2007.11.12 -
NOD32v2 2661 2007.11.15 -
Norman 5.80.02 2007.11.15 W32/Virtumonde.IJR
Panda 9.0.0.4 2007.11.15 Suspicious file
Prevx1 V2 2007.11.15 Trojan.Vundo
Rising 20.18.31.00 2007.11.15 -
Sophos 4.23.0 2007.11.15 -
Sunbelt 2.2.907.0 2007.11.15 -
Symantec 10 2007.11.15 -
TheHacker 6.2.9.129 2007.11.15 -
VBA32 3.12.2.5 2007.11.15 -
VirusBuster 4.3.26:9 2007.11.15 -
Webwasher-Gateway 6.0.1 2007.11.15 Trojan.Dldr.ConHook.Gen
Information additionnelle
File size: 81472 bytes
MD5: f8bf00829c67f38d9631d8707884a78e
SHA1: 1d14bf0604ec7714e37e0ca44e9d2c343c8ba812
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=3821B1D140B8653B3E18018CF8356100F9A09EF2
Utilisateur anonyme
15 nov. 2007 à 23:00
15 nov. 2007 à 23:00
Fichier saxnxsma.dll_ reçu le 2007.11.15 22:53:36 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 11/32 (34.38%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 6.
L'heure estimée de démarrage est entre 55 et 78 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.
Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.11.16.0 2007.11.15 -
AntiVir 7.6.0.34 2007.11.15 TR/Vundo.CA
Authentium 4.93.8 2007.11.15 -
Avast 4.7.1074.0 2007.11.15 -
AVG 7.5.0.503 2007.11.15 Obfustat.VTX
BitDefender 7.2 2007.11.15 Adware.Virtumonde.GHI
CAT-QuickHeal 9.00 2007.11.15 -
ClamAV 0.91.2 2007.11.15 -
DrWeb 4.44.0.09170 2007.11.15 -
eSafe 7.0.15.0 2007.11.14 -
eTrust-Vet 31.2.5297 2007.11.15 -
Ewido 4.0 2007.11.15 -
FileAdvisor 1 2007.11.15 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.14 -
F-Secure 6.70.13030.0 2007.11.15 -
Ikarus T3.1.1.12 2007.11.15 -
Kaspersky 7.0.0.125 2007.11.15 not-a-virus:AdWare.Win32.SecToolBar.k
McAfee 5164 2007.11.15 -
Microsoft 1.3007 2007.11.12 -
NOD32v2 2661 2007.11.15 Win32/Adware.SecToolbar
Norman 5.80.02 2007.11.15 W32/Virtumonde.IIT
Panda 9.0.0.4 2007.11.15 Spyware/Virtumonde
Prevx1 V2 2007.11.15 Trojan.Zlob
Rising 20.18.31.00 2007.11.15 -
Sophos 4.23.0 2007.11.15 -
Sunbelt 2.2.907.0 2007.11.15 -
Symantec 10 2007.11.15 Trojan.Vundo
TheHacker 6.2.9.129 2007.11.15 Trojan/BHO.ui
VBA32 3.12.2.5 2007.11.15 -
VirusBuster 4.3.26:9 2007.11.15 -
Webwasher-Gateway 6.0.1 2007.11.15 Trojan.Vundo.CA
Information additionnelle
File size: 145984 bytes
MD5: 0e2d51539d9bb17e116e41c1396520cd
SHA1: 5bcb7fa90beab9ac25a3c840dea11e314d3fd6f7
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=5E3C8ADC40D98E673AB20272A7FF1C00C714E363
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 11/32 (34.38%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 6.
L'heure estimée de démarrage est entre 55 et 78 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.
Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.11.16.0 2007.11.15 -
AntiVir 7.6.0.34 2007.11.15 TR/Vundo.CA
Authentium 4.93.8 2007.11.15 -
Avast 4.7.1074.0 2007.11.15 -
AVG 7.5.0.503 2007.11.15 Obfustat.VTX
BitDefender 7.2 2007.11.15 Adware.Virtumonde.GHI
CAT-QuickHeal 9.00 2007.11.15 -
ClamAV 0.91.2 2007.11.15 -
DrWeb 4.44.0.09170 2007.11.15 -
eSafe 7.0.15.0 2007.11.14 -
eTrust-Vet 31.2.5297 2007.11.15 -
Ewido 4.0 2007.11.15 -
FileAdvisor 1 2007.11.15 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.14 -
F-Secure 6.70.13030.0 2007.11.15 -
Ikarus T3.1.1.12 2007.11.15 -
Kaspersky 7.0.0.125 2007.11.15 not-a-virus:AdWare.Win32.SecToolBar.k
McAfee 5164 2007.11.15 -
Microsoft 1.3007 2007.11.12 -
NOD32v2 2661 2007.11.15 Win32/Adware.SecToolbar
Norman 5.80.02 2007.11.15 W32/Virtumonde.IIT
Panda 9.0.0.4 2007.11.15 Spyware/Virtumonde
Prevx1 V2 2007.11.15 Trojan.Zlob
Rising 20.18.31.00 2007.11.15 -
Sophos 4.23.0 2007.11.15 -
Sunbelt 2.2.907.0 2007.11.15 -
Symantec 10 2007.11.15 Trojan.Vundo
TheHacker 6.2.9.129 2007.11.15 Trojan/BHO.ui
VBA32 3.12.2.5 2007.11.15 -
VirusBuster 4.3.26:9 2007.11.15 -
Webwasher-Gateway 6.0.1 2007.11.15 Trojan.Vundo.CA
Information additionnelle
File size: 145984 bytes
MD5: 0e2d51539d9bb17e116e41c1396520cd
SHA1: 5bcb7fa90beab9ac25a3c840dea11e314d3fd6f7
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=5E3C8ADC40D98E673AB20272A7FF1C00C714E363
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
15 nov. 2007 à 23:11
15 nov. 2007 à 23:11
tous les fichiers inféctés tu les mets dans la citation de otmovit et tu fais la procedure pour les supprimer (j'ai deja mis ce que tu ass dis d'inféctés avant 23h30 ) car la je vais faire dodo!
en attente:
C:\WINDOWS\vsapi32.dll
C:\WINDOWS\hcextoutput.dll
C:\WINDOWS\SYSTEM32\msvcr80.dll
C:\WINDOWS\SYSTEM32\ssqqrqp.dll
C:\WINDOWS\SYSTEM32\lvpyodau.dll
C:\WINDOWS\SYSTEM32\yayvwxv.dll
télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\WINDOWS\SYSTEM32\xheunbwv.dll
C:\WINDOWS\SYSTEM32\saxnxsma.dll
C:\WINDOWS\SYSTEM32\rbfwokwp.dll
C:\WINDOWS\SYSTEM32\trdcvkes.dll
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
____________
Colle le rapport :
Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.
Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean
Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.
Manuel de clean :
http://kerio.probb.fr/tuto-Clean-h37.html
_______________________
remplace avast par antivir et colle moi un rapport:
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
________________________
recolle un rapport hijackthis
et dis moi tes problemes
en attente:
C:\WINDOWS\vsapi32.dll
C:\WINDOWS\hcextoutput.dll
C:\WINDOWS\SYSTEM32\msvcr80.dll
C:\WINDOWS\SYSTEM32\ssqqrqp.dll
C:\WINDOWS\SYSTEM32\lvpyodau.dll
C:\WINDOWS\SYSTEM32\yayvwxv.dll
télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\WINDOWS\SYSTEM32\xheunbwv.dll
C:\WINDOWS\SYSTEM32\saxnxsma.dll
C:\WINDOWS\SYSTEM32\rbfwokwp.dll
C:\WINDOWS\SYSTEM32\trdcvkes.dll
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
____________
Colle le rapport :
Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.
Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean
Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.
Manuel de clean :
http://kerio.probb.fr/tuto-Clean-h37.html
_______________________
remplace avast par antivir et colle moi un rapport:
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
________________________
recolle un rapport hijackthis
et dis moi tes problemes