Problème trojan et downloader
Résolu/Fermé
mégavic
-
12 nov. 2007 à 20:24
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 13 nov. 2007 à 10:21
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 13 nov. 2007 à 10:21
A voir également:
- Problème trojan et downloader
- Telecharger downloader pour pc - Télécharger - Téléchargement & Transfert
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Csrss.exe trojan - Forum Virus
- Csrss.exe : processus suspect/virus ? - Forum Virus
- Trojan b901 system32 win config 34 ✓ - Forum Virus
9 réponses
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
12 nov. 2007 à 20:26
12 nov. 2007 à 20:26
slt,
colle un rapport hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
manuel :
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
___________________
scan avec vundofix (colle le rapport)
Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4
Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.
Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.
__________________
puis :
virtumondebegone (colle le rapport)
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
__________________
combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
________________
lance cwshredder (faire fix)
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/27497.html
________________
tu as avast et norton vire un des deux sinon ton ordi va planter
______________
Désinstalle dans ajout/suppression de programmes :
AskTBar/Ask Search
Best_Security_Tips toolbar
____________________
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".
R3 - URLSearchHook: Best_Security_Tips toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
O3 - Toolbar: Best_Security_Tips toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\3.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [343a49a0] rundll32.exe "C:\WINDOWS\system32\ibjeldfu.dll",b
O4 - HKCU\..\Run: [showfree] C:\DOCUME~1\victor\APPLIC~1\PHONEB~1\Close Four.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk789YYFR
____________________
utilise pour supprimer tes traces
CCLEANER: (lance un nettoyage et répare 3 fois les erreurs) sans installer la barre yahoo
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
______________________
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
secuser en ligne :
http://www.secuser.com/outils/antivirus.htm
__________________
ensuite recolle un nouveau rapport hijackthis (renomme le surtout!!) et dis tes problemes
colle un rapport hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
manuel :
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
___________________
scan avec vundofix (colle le rapport)
Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4
Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.
Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.
__________________
puis :
virtumondebegone (colle le rapport)
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
__________________
combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
________________
lance cwshredder (faire fix)
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/27497.html
________________
tu as avast et norton vire un des deux sinon ton ordi va planter
______________
Désinstalle dans ajout/suppression de programmes :
AskTBar/Ask Search
Best_Security_Tips toolbar
____________________
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".
R3 - URLSearchHook: Best_Security_Tips toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
O3 - Toolbar: Best_Security_Tips toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\3.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [343a49a0] rundll32.exe "C:\WINDOWS\system32\ibjeldfu.dll",b
O4 - HKCU\..\Run: [showfree] C:\DOCUME~1\victor\APPLIC~1\PHONEB~1\Close Four.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk789YYFR
____________________
utilise pour supprimer tes traces
CCLEANER: (lance un nettoyage et répare 3 fois les erreurs) sans installer la barre yahoo
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
______________________
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
secuser en ligne :
http://www.secuser.com/outils/antivirus.htm
__________________
ensuite recolle un nouveau rapport hijackthis (renomme le surtout!!) et dis tes problemes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:39:47, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Best_Security_Tips toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Best_Security_Tips toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\3.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [343a49a0] rundll32.exe "C:\WINDOWS\system32\ibjeldfu.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [showfree] C:\DOCUME~1\victor\APPLIC~1\PHONEB~1\Close Four.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\WinUpdater\update.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk789YYFR
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by132fd.bay132.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/...
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c008BE7E.dat
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\VIRUSfighter\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
Scan saved at 20:39:47, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Best_Security_Tips toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Best_Security_Tips toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\3.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [343a49a0] rundll32.exe "C:\WINDOWS\system32\ibjeldfu.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [showfree] C:\DOCUME~1\victor\APPLIC~1\PHONEB~1\Close Four.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\WinUpdater\update.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk789YYFR
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by132fd.bay132.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/...
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c008BE7E.dat
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\VIRUSfighter\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
[11/12/2007, 21:58:01] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\victor\Local Settings\Temporary Internet Files\Content.IE5\0E0A22NY\VirtumundoBeGone[1].exe" )
[11/12/2007, 21:58:16] - Detected System Information:
[11/12/2007, 21:58:16] - Windows Version: 5.1.2600, Service Pack 2
[11/12/2007, 21:58:16] - Current Username: victor (Admin)
[11/12/2007, 21:58:16] - Windows is in NORMAL mode.
[11/12/2007, 21:58:16] - Searching for Browser Helper Objects:
[11/12/2007, 21:58:16] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[11/12/2007, 21:58:16] - BHO 2: {0ABA2E41-7322-4773-A9E0-ECB44357705A} ()
[11/12/2007, 21:58:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:58:16] - Checking for HKLM\...\Winlogon\Notify\sstqr
[11/12/2007, 21:58:16] - Key not found: HKLM\...\Winlogon\Notify\sstqr, continuing.
[11/12/2007, 21:58:16] - BHO 3: {4023CF3F-7D2D-4CCC-B3F7-7C8297FDA90f} ()
[11/12/2007, 21:58:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:58:16] - Checking for HKLM\...\Winlogon\Notify\xkiksiom
[11/12/2007, 21:58:16] - Key not found: HKLM\...\Winlogon\Notify\xkiksiom, continuing.
[11/12/2007, 21:58:16] - BHO 4: {64F56FC1-1272-44CD-BA6E-39723696E350} (EoBho Class)
[11/12/2007, 21:58:16] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/12/2007, 21:58:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:58:16] - No filename found. Continuing.
[11/12/2007, 21:58:16] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[11/12/2007, 21:58:16] - BHO 7: {a09b7cf2-433b-4fb6-aaff-d6e4766cb5ab} ()
[11/12/2007, 21:58:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:58:16] - Checking for HKLM\...\Winlogon\Notify\qmghkayu
[11/12/2007, 21:58:17] - Key not found: HKLM\...\Winlogon\Notify\qmghkayu, continuing.
[11/12/2007, 21:58:17] - BHO 8: {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} (CNavExtBho Class)
[11/12/2007, 21:58:17] - BHO 9: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[11/12/2007, 21:58:17] - BHO 10: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[11/12/2007, 21:58:17] - BHO 11: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[11/12/2007, 21:58:17] - BHO 12: {da30eff8-ccc6-4162-a20d-67402a26a215} (Best_Security_Tips toolbar)
[11/12/2007, 21:58:17] - BHO 13: {F32F6A8E-24A9-47EF-8E33-F20953C005DC} ()
[11/12/2007, 21:58:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:58:17] - Checking for HKLM\...\Winlogon\Notify\sstqo
[11/12/2007, 21:58:17] - Found: HKLM\...\Winlogon\Notify\sstqo - This is probably Virtumundo.
[11/12/2007, 21:58:17] - Assigning {F32F6A8E-24A9-47EF-8E33-F20953C005DC} MSEvents Object
[11/12/2007, 21:58:17] - BHO list has been changed! Starting over...
[11/12/2007, 21:58:17] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[11/12/2007, 21:58:17] - BHO 2: {0ABA2E41-7322-4773-A9E0-ECB44357705A} ()
[11/12/2007, 21:58:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:58:17] - Checking for HKLM\...\Winlogon\Notify\sstqr
[11/12/2007, 21:58:17] - Key not found: HKLM\...\Winlogon\Notify\sstqr, continuing.
[11/12/2007, 21:58:17] - BHO 3: {4023CF3F-7D2D-4CCC-B3F7-7C8297FDA90f} ()
[11/12/2007, 21:58:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:58:18] - Checking for HKLM\...\Winlogon\Notify\xkiksiom
[11/12/2007, 21:58:18] - Key not found: HKLM\...\Winlogon\Notify\xkiksiom, continuing.
[11/12/2007, 21:58:18] - BHO 4: {64F56FC1-1272-44CD-BA6E-39723696E350} (EoBho Class)
[11/12/2007, 21:58:18] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/12/2007, 21:58:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:58:18] - No filename found. Continuing.
[11/12/2007, 21:58:18] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[11/12/2007, 21:58:18] - BHO 7: {a09b7cf2-433b-4fb6-aaff-d6e4766cb5ab} ()
[11/12/2007, 21:58:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:58:18] - Checking for HKLM\...\Winlogon\Notify\qmghkayu
[11/12/2007, 21:58:18] - Key not found: HKLM\...\Winlogon\Notify\qmghkayu, continuing.
[11/12/2007, 21:58:18] - BHO 8: {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} (CNavExtBho Class)
[11/12/2007, 21:58:18] - BHO 9: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[11/12/2007, 21:58:18] - BHO 10: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[11/12/2007, 21:58:18] - BHO 11: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[11/12/2007, 21:58:18] - BHO 12: {da30eff8-ccc6-4162-a20d-67402a26a215} (Best_Security_Tips toolbar)
[11/12/2007, 21:58:18] - BHO 13: {F32F6A8E-24A9-47EF-8E33-F20953C005DC} (MSEvents Object)
[11/12/2007, 21:58:18] - ALERT: Found MSEvents Object!
[11/12/2007, 21:58:18] - BHO 14: {FE063DB1-4EC0-403e-8DD8-394C54984B2C} (Ask Toolbar BHO)
[11/12/2007, 21:58:18] - Finished Searching Browser Helper Objects
[11/12/2007, 21:58:18] - *** Detected MSEvents Object
[11/12/2007, 21:58:18] - Trying to remove MSEvents Object...
[11/12/2007, 21:58:19] - Terminating Process: IEXPLORE.EXE
[11/12/2007, 21:58:20] - Terminating Process: RUNDLL32.EXE
[11/12/2007, 21:58:22] - Disabling Automatic Shell Restart
[11/12/2007, 21:58:23] - Terminating Process: EXPLORER.EXE
[11/12/2007, 21:58:23] - Suspending the NT Session Manager System Service
[11/12/2007, 21:58:24] - Terminating Windows NT Logon/Logoff Manager
[11/12/2007, 21:58:24] - Re-enabling Automatic Shell Restart
[11/12/2007, 21:58:24] - File to disable: C:\WINDOWS\system32\sstqo.dll
[11/12/2007, 21:58:24] - Removing HKLM\...\Browser Helper Objects\{F32F6A8E-24A9-47EF-8E33-F20953C005DC}
[11/12/2007, 21:58:25] - Removing HKCR\CLSID\{F32F6A8E-24A9-47EF-8E33-F20953C005DC}
[11/12/2007, 21:58:27] - Adding Kill Bit for ActiveX for GUID: {F32F6A8E-24A9-47EF-8E33-F20953C005DC}
[11/12/2007, 21:58:27] - Deleting ATLEvents/MSEvents Registry entries
[11/12/2007, 21:58:27] - Removing HKLM\...\Winlogon\Notify\sstqo
[11/12/2007, 21:58:28] - Searching for Browser Helper Objects:
[11/12/2007, 21:58:28] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[11/12/2007, 21:58:28] - BHO 2: {0ABA2E41-7322-4773-A9E0-ECB44357705A} ()
[11/12/2007, 21:58:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:58:28] - Checking for HKLM\...\Winlogon\Notify\sstqr
[11/12/2007, 21:58:28] - Key not found: HKLM\...\Winlogon\Notify\sstqr, continuing.
[11/12/2007, 21:58:28] - BHO 3: {4023CF3F-7D2D-4CCC-B3F7-7C8297FDA90f} ()
[11/12/2007, 21:58:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:58:28] - Checking for HKLM\...\Winlogon\Notify\xkiksiom
[11/12/2007, 21:58:28] - Key not found: HKLM\...\Winlogon\Notify\xkiksiom, continuing.
[11/12/2007, 21:58:28] - BHO 4: {64F56FC1-1272-44CD-BA6E-39723696E350} (EoBho Class)
[11/12/2007, 21:58:28] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/12/2007, 21:58:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:58:29] - No filename found. Continuing.
[11/12/2007, 21:58:29] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[11/12/2007, 21:58:29] - BHO 7: {a09b7cf2-433b-4fb6-aaff-d6e4766cb5ab} ()
[11/12/2007, 21:58:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:58:29] - Checking for HKLM\...\Winlogon\Notify\qmghkayu
[11/12/2007, 21:58:29] - Key not found: HKLM\...\Winlogon\Notify\qmghkayu, continuing.
[11/12/2007, 21:58:29] - BHO 8: {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} (CNavExtBho Class)
[11/12/2007, 21:58:29] - BHO 9: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[11/12/2007, 21:58:29] - BHO 10: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[11/12/2007, 21:58:29] - BHO 11: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[11/12/2007, 21:58:29] - BHO 12: {da30eff8-ccc6-4162-a20d-67402a26a215} (Best_Security_Tips toolbar)
[11/12/2007, 21:58:29] - BHO 13: {FE063DB1-4EC0-403e-8DD8-394C54984B2C} (Ask Toolbar BHO)
[11/12/2007, 21:58:29] - Finished Searching Browser Helper Objects
[11/12/2007, 21:58:29] - Finishing up...
[11/12/2007, 21:58:29] - A restart is needed.
[11/12/2007, 21:58:42] - Attempting to Restart via STOP error (Blue Screen!)
[11/12/2007, 21:58:16] - Detected System Information:
[11/12/2007, 21:58:16] - Windows Version: 5.1.2600, Service Pack 2
[11/12/2007, 21:58:16] - Current Username: victor (Admin)
[11/12/2007, 21:58:16] - Windows is in NORMAL mode.
[11/12/2007, 21:58:16] - Searching for Browser Helper Objects:
[11/12/2007, 21:58:16] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[11/12/2007, 21:58:16] - BHO 2: {0ABA2E41-7322-4773-A9E0-ECB44357705A} ()
[11/12/2007, 21:58:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:58:16] - Checking for HKLM\...\Winlogon\Notify\sstqr
[11/12/2007, 21:58:16] - Key not found: HKLM\...\Winlogon\Notify\sstqr, continuing.
[11/12/2007, 21:58:16] - BHO 3: {4023CF3F-7D2D-4CCC-B3F7-7C8297FDA90f} ()
[11/12/2007, 21:58:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:58:16] - Checking for HKLM\...\Winlogon\Notify\xkiksiom
[11/12/2007, 21:58:16] - Key not found: HKLM\...\Winlogon\Notify\xkiksiom, continuing.
[11/12/2007, 21:58:16] - BHO 4: {64F56FC1-1272-44CD-BA6E-39723696E350} (EoBho Class)
[11/12/2007, 21:58:16] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/12/2007, 21:58:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:58:16] - No filename found. Continuing.
[11/12/2007, 21:58:16] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[11/12/2007, 21:58:16] - BHO 7: {a09b7cf2-433b-4fb6-aaff-d6e4766cb5ab} ()
[11/12/2007, 21:58:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:58:16] - Checking for HKLM\...\Winlogon\Notify\qmghkayu
[11/12/2007, 21:58:17] - Key not found: HKLM\...\Winlogon\Notify\qmghkayu, continuing.
[11/12/2007, 21:58:17] - BHO 8: {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} (CNavExtBho Class)
[11/12/2007, 21:58:17] - BHO 9: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[11/12/2007, 21:58:17] - BHO 10: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[11/12/2007, 21:58:17] - BHO 11: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[11/12/2007, 21:58:17] - BHO 12: {da30eff8-ccc6-4162-a20d-67402a26a215} (Best_Security_Tips toolbar)
[11/12/2007, 21:58:17] - BHO 13: {F32F6A8E-24A9-47EF-8E33-F20953C005DC} ()
[11/12/2007, 21:58:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:58:17] - Checking for HKLM\...\Winlogon\Notify\sstqo
[11/12/2007, 21:58:17] - Found: HKLM\...\Winlogon\Notify\sstqo - This is probably Virtumundo.
[11/12/2007, 21:58:17] - Assigning {F32F6A8E-24A9-47EF-8E33-F20953C005DC} MSEvents Object
[11/12/2007, 21:58:17] - BHO list has been changed! Starting over...
[11/12/2007, 21:58:17] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[11/12/2007, 21:58:17] - BHO 2: {0ABA2E41-7322-4773-A9E0-ECB44357705A} ()
[11/12/2007, 21:58:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:58:17] - Checking for HKLM\...\Winlogon\Notify\sstqr
[11/12/2007, 21:58:17] - Key not found: HKLM\...\Winlogon\Notify\sstqr, continuing.
[11/12/2007, 21:58:17] - BHO 3: {4023CF3F-7D2D-4CCC-B3F7-7C8297FDA90f} ()
[11/12/2007, 21:58:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:58:18] - Checking for HKLM\...\Winlogon\Notify\xkiksiom
[11/12/2007, 21:58:18] - Key not found: HKLM\...\Winlogon\Notify\xkiksiom, continuing.
[11/12/2007, 21:58:18] - BHO 4: {64F56FC1-1272-44CD-BA6E-39723696E350} (EoBho Class)
[11/12/2007, 21:58:18] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/12/2007, 21:58:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:58:18] - No filename found. Continuing.
[11/12/2007, 21:58:18] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[11/12/2007, 21:58:18] - BHO 7: {a09b7cf2-433b-4fb6-aaff-d6e4766cb5ab} ()
[11/12/2007, 21:58:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:58:18] - Checking for HKLM\...\Winlogon\Notify\qmghkayu
[11/12/2007, 21:58:18] - Key not found: HKLM\...\Winlogon\Notify\qmghkayu, continuing.
[11/12/2007, 21:58:18] - BHO 8: {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} (CNavExtBho Class)
[11/12/2007, 21:58:18] - BHO 9: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[11/12/2007, 21:58:18] - BHO 10: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[11/12/2007, 21:58:18] - BHO 11: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[11/12/2007, 21:58:18] - BHO 12: {da30eff8-ccc6-4162-a20d-67402a26a215} (Best_Security_Tips toolbar)
[11/12/2007, 21:58:18] - BHO 13: {F32F6A8E-24A9-47EF-8E33-F20953C005DC} (MSEvents Object)
[11/12/2007, 21:58:18] - ALERT: Found MSEvents Object!
[11/12/2007, 21:58:18] - BHO 14: {FE063DB1-4EC0-403e-8DD8-394C54984B2C} (Ask Toolbar BHO)
[11/12/2007, 21:58:18] - Finished Searching Browser Helper Objects
[11/12/2007, 21:58:18] - *** Detected MSEvents Object
[11/12/2007, 21:58:18] - Trying to remove MSEvents Object...
[11/12/2007, 21:58:19] - Terminating Process: IEXPLORE.EXE
[11/12/2007, 21:58:20] - Terminating Process: RUNDLL32.EXE
[11/12/2007, 21:58:22] - Disabling Automatic Shell Restart
[11/12/2007, 21:58:23] - Terminating Process: EXPLORER.EXE
[11/12/2007, 21:58:23] - Suspending the NT Session Manager System Service
[11/12/2007, 21:58:24] - Terminating Windows NT Logon/Logoff Manager
[11/12/2007, 21:58:24] - Re-enabling Automatic Shell Restart
[11/12/2007, 21:58:24] - File to disable: C:\WINDOWS\system32\sstqo.dll
[11/12/2007, 21:58:24] - Removing HKLM\...\Browser Helper Objects\{F32F6A8E-24A9-47EF-8E33-F20953C005DC}
[11/12/2007, 21:58:25] - Removing HKCR\CLSID\{F32F6A8E-24A9-47EF-8E33-F20953C005DC}
[11/12/2007, 21:58:27] - Adding Kill Bit for ActiveX for GUID: {F32F6A8E-24A9-47EF-8E33-F20953C005DC}
[11/12/2007, 21:58:27] - Deleting ATLEvents/MSEvents Registry entries
[11/12/2007, 21:58:27] - Removing HKLM\...\Winlogon\Notify\sstqo
[11/12/2007, 21:58:28] - Searching for Browser Helper Objects:
[11/12/2007, 21:58:28] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[11/12/2007, 21:58:28] - BHO 2: {0ABA2E41-7322-4773-A9E0-ECB44357705A} ()
[11/12/2007, 21:58:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:58:28] - Checking for HKLM\...\Winlogon\Notify\sstqr
[11/12/2007, 21:58:28] - Key not found: HKLM\...\Winlogon\Notify\sstqr, continuing.
[11/12/2007, 21:58:28] - BHO 3: {4023CF3F-7D2D-4CCC-B3F7-7C8297FDA90f} ()
[11/12/2007, 21:58:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:58:28] - Checking for HKLM\...\Winlogon\Notify\xkiksiom
[11/12/2007, 21:58:28] - Key not found: HKLM\...\Winlogon\Notify\xkiksiom, continuing.
[11/12/2007, 21:58:28] - BHO 4: {64F56FC1-1272-44CD-BA6E-39723696E350} (EoBho Class)
[11/12/2007, 21:58:28] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/12/2007, 21:58:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:58:29] - No filename found. Continuing.
[11/12/2007, 21:58:29] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[11/12/2007, 21:58:29] - BHO 7: {a09b7cf2-433b-4fb6-aaff-d6e4766cb5ab} ()
[11/12/2007, 21:58:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 21:58:29] - Checking for HKLM\...\Winlogon\Notify\qmghkayu
[11/12/2007, 21:58:29] - Key not found: HKLM\...\Winlogon\Notify\qmghkayu, continuing.
[11/12/2007, 21:58:29] - BHO 8: {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} (CNavExtBho Class)
[11/12/2007, 21:58:29] - BHO 9: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[11/12/2007, 21:58:29] - BHO 10: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[11/12/2007, 21:58:29] - BHO 11: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[11/12/2007, 21:58:29] - BHO 12: {da30eff8-ccc6-4162-a20d-67402a26a215} (Best_Security_Tips toolbar)
[11/12/2007, 21:58:29] - BHO 13: {FE063DB1-4EC0-403e-8DD8-394C54984B2C} (Ask Toolbar BHO)
[11/12/2007, 21:58:29] - Finished Searching Browser Helper Objects
[11/12/2007, 21:58:29] - Finishing up...
[11/12/2007, 21:58:29] - A restart is needed.
[11/12/2007, 21:58:42] - Attempting to Restart via STOP error (Blue Screen!)
ComboFix 07-11-08.1 - victor 2007-11-12 22:53:30.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.93 [GMT 1:00]Running from: C:\Documents and Settings\victor\Local Settings\Temporary Internet Files\Content.IE5\BIDYSJKP\ComboFix[1].exe
* Created a new restore point
.
Incapable d'obtenir les privilèges Système
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\check_LSA7.txt
C:\Documents and Settings\victor\Bureau\internet.lnk
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver\Images\[u]0[/u]13E77A6.urr
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\biobeace.ini
C:\WINDOWS\system32\cjkoswfh.ini
C:\WINDOWS\system32\dlh9jkdq8.exe
C:\WINDOWS\system32\ecaeboib.dll
C:\WINDOWS\system32\hfwsokjc.dll
C:\WINDOWS\system32\hmocvdbq.dll
C:\WINDOWS\system32\kbssilxt.ini
C:\WINDOWS\system32\nbwnvjpy.dll
C:\WINDOWS\system32\nyvfhftb.dll
C:\WINDOWS\system32\rqtss.bak1
C:\WINDOWS\system32\rqtss.bak2
C:\WINDOWS\system32\rqtss.ini
C:\WINDOWS\system32\rqtss.ini2
C:\WINDOWS\system32\rqtss.tmp
C:\WINDOWS\system32\sstqr.dll
C:\WINDOWS\system32\txlissbk.dll
C:\WINDOWS\system32\udjebxnw.ini
C:\WINDOWS\system32\uqdtqrnt.dll
C:\WINDOWS\system32\wnxbejdu.dll
C:\WINDOWS\xzmsa.adt
C:\WINDOWS\xzoka.adt
C:\WINDOWS\xzsui.adt
C:\WINDOWS\xzwok.adt
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-12 to 2007-11-12 ))))))))))))))))))))))))))))))))))))
.
2007-11-12 22:48 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-12 22:42 81,472 --a------ C:\WINDOWS\system32\yinmutxb.dll
2007-11-12 22:39 89,664 --a------ C:\WINDOWS\system32\qwjapcvn.dll
2007-11-12 22:15 89,664 --a------ C:\WINDOWS\system32\bpenuyse.dll
2007-11-12 22:15 81,472 --a------ C:\WINDOWS\system32\mvwerjjx.dll
2007-11-12 21:47 81,472 --a------ C:\WINDOWS\system32\qmghkayu.dll
2007-11-12 20:37 <REP> d-------- C:\Program Files\Trend Micro
2007-11-11 23:21 7,076 --a------ C:\WINDOWS\system32\owvgoeob.dll
2007-11-11 20:11 88,128 --a------ C:\WINDOWS\system32\eilbiqyt.dll
2007-11-09 15:26 88,128 --a------ C:\WINDOWS\system32\ntssbgex.dll
2007-11-08 22:35 4,156 --a------ C:\WINDOWS\system32\nftrglnx.dll
2007-11-07 22:28 5,620 --a------ C:\WINDOWS\system32\skhwqgtb.dll
2007-11-07 22:27 71,232 --a------ C:\WINDOWS\system32\fvqtiuok.exe
2007-11-05 22:30 85,568 --a------ C:\WINDOWS\system32\gtqewuqa.dll
2007-11-03 00:04 <REP> d-------- C:\Documents and Settings\victor\Application Data\Grisoft
2007-11-03 00:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-03 00:03 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-02 23:44 <REP> d-------- C:\Program Files\Registry Defender
2007-11-02 20:34 86,080 --a------ C:\WINDOWS\system32\bljsenil.dll
2007-10-31 01:11 <REP> d-------- C:\Program Files\splus
2007-10-24 22:03 <REP> d-------- C:\Program Files\Nero.msi
2007-10-24 12:48 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
2007-10-24 12:48 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
2007-10-24 12:48 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
2007-10-23 20:54 <REP> d-------- C:\Program Files\Rocket Division Software
2007-10-23 07:13 <REP> d-------- C:\Documents and Settings\victor\Application Data\Windows Desktop Search
2007-10-21 22:43 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-10-21 22:38 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-10-21 22:36 <REP> d-------- C:\Program Files\Windows Desktop Search
2007-10-21 22:35 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2007-10-21 22:35 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2007-10-21 22:15 <REP> d-------- C:\Program Files\Windows Live
2007-10-21 22:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-10-20 20:38 <REP> d-------- C:\Program Files\AskTBar
2007-10-20 17:28 <REP> d-------- C:\Program Files\WinUpdater
2007-10-17 16:03 <REP> d-------- C:\Program Files\Windows Live Favorites
2007-10-17 16:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-10-17 16:01 <REP> d-------- C:\Program Files\Windows Live Toolbar
2007-10-17 13:24 <REP> d-------- C:\WINDOWS\system32\fr-fr
2007-10-17 12:30 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-17 12:30 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-10-17 12:30 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-17 12:30 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-17 12:30 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-17 12:30 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-17 12:30 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-17 12:30 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-17 12:21 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-12 21:29 --------- d-----w C:\Program Files\Best_Security_Tips
2007-11-12 00:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-10 09:28 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-11-06 19:05 --------- d-----w C:\Program Files\adslTV
2007-11-03 18:41 --------- d-----w C:\Program Files\eMule
2007-10-25 10:04 --------- d-----w C:\Program Files\eoRezo
2007-10-25 10:04 --------- d-----w C:\Documents and Settings\victor\Application Data\EoRezo
2007-10-24 20:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-21 21:27 --------- d-----w C:\Program Files\MSN Messenger
2007-10-19 01:33 --------- d-----w C:\Program Files\Picasa2
2007-10-10 16:28 585,728 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-09 15:53 --------- d-----w C:\Program Files\Google
2007-10-03 19:35 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-03 19:35 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-10-03 19:35 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-03 19:35 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-03 19:35 --------- d-----w C:\Program Files\Symantec
2007-09-30 22:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2007-09-29 08:57 --------- d-----w C:\Program Files\World of Warcraft
2007-09-27 21:08 --------- d-----w C:\Program Files\LimeWire Turbo Accelerator
2007-09-23 19:10 404,540 ----a-w C:\WINDOWS\jvms.exe
2007-08-27 15:13 537,992 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-08-27 15:13 161,160 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-16 14:17 51,568 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-08-13 16:54 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
2007-08-13 16:54 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2007-08-13 16:45 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
2007-08-13 16:44 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
2007-08-13 16:39 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
2007-08-13 16:39 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
2007-08-13 16:36 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
2007-08-13 16:32 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2007-08-13 16:01 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
2007-06-12 18:06 14 ----a-w C:\Documents and Settings\victor\getfile.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4023CF3F-7D2D-4CCC-B3F7-7C8297FDA90f}]
C:\WINDOWS\system32\xkiksiom.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{607337eb-7954-4db5-be93-7e2da3bc9608}]
2007-11-12 22:42 81472 --a------ C:\WINDOWS\system32\yinmutxb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-02-22 11:08]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-26 14:39]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"EoEngine"="" []
"EoWeather"="" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"343a49a0"="C:\WINDOWS\system32\qwjapcvn.dll" [2007-11-12 22:39]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
"MsnMsgr"="C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" [2007-08-16 15:19]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2006-04-21 16:03]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-02 13:31]
"showfree"="C:\DOCUME~1\victor\APPLIC~1\PHONEB~1\Close Four.exe" []
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2007-02-05 03:05]
"WinUpdater"="C:\Program Files\WinUpdater\update.exe" [2007-10-20 16:53]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxxxwt]
byxxxwt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fcccawt]
fcccawt.dll
R0 Defrag32b;Defrag32Boot;C:\WINDOWS\system32\drivers\Defrag32b.sys
R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys
R0 timounter;Acronis TrueImage Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R2 Defrag32;Defrag32;C:\WINDOWS\system32\drivers\Defrag32.sys
R2 PDSched;PDScheduler;C:\Program Files\Raxco\PerfectDisk\PDSched.exe
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
R2 tifsfilter;Acronis TrueImage FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd66435b-29c9-11dc-b8ef-0013d3b71ea4}]
\Shell\AutoRun\command - E:\InstallTomTomHOME.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-12 22:00:03 C:\WINDOWS\Tasks\A9C10160911EB974.job"
"2007-11-09 21:22:31 C:\WINDOWS\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - victor.job"
"2007-11-12 21:26:04 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-12 23:08:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-12 23:16:12 - machine was rebooted
.
--- E O F ---
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.93 [GMT 1:00]Running from: C:\Documents and Settings\victor\Local Settings\Temporary Internet Files\Content.IE5\BIDYSJKP\ComboFix[1].exe
* Created a new restore point
.
Incapable d'obtenir les privilèges Système
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\check_LSA7.txt
C:\Documents and Settings\victor\Bureau\internet.lnk
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver\Images\[u]0[/u]13E77A6.urr
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\biobeace.ini
C:\WINDOWS\system32\cjkoswfh.ini
C:\WINDOWS\system32\dlh9jkdq8.exe
C:\WINDOWS\system32\ecaeboib.dll
C:\WINDOWS\system32\hfwsokjc.dll
C:\WINDOWS\system32\hmocvdbq.dll
C:\WINDOWS\system32\kbssilxt.ini
C:\WINDOWS\system32\nbwnvjpy.dll
C:\WINDOWS\system32\nyvfhftb.dll
C:\WINDOWS\system32\rqtss.bak1
C:\WINDOWS\system32\rqtss.bak2
C:\WINDOWS\system32\rqtss.ini
C:\WINDOWS\system32\rqtss.ini2
C:\WINDOWS\system32\rqtss.tmp
C:\WINDOWS\system32\sstqr.dll
C:\WINDOWS\system32\txlissbk.dll
C:\WINDOWS\system32\udjebxnw.ini
C:\WINDOWS\system32\uqdtqrnt.dll
C:\WINDOWS\system32\wnxbejdu.dll
C:\WINDOWS\xzmsa.adt
C:\WINDOWS\xzoka.adt
C:\WINDOWS\xzsui.adt
C:\WINDOWS\xzwok.adt
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-12 to 2007-11-12 ))))))))))))))))))))))))))))))))))))
.
2007-11-12 22:48 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-12 22:42 81,472 --a------ C:\WINDOWS\system32\yinmutxb.dll
2007-11-12 22:39 89,664 --a------ C:\WINDOWS\system32\qwjapcvn.dll
2007-11-12 22:15 89,664 --a------ C:\WINDOWS\system32\bpenuyse.dll
2007-11-12 22:15 81,472 --a------ C:\WINDOWS\system32\mvwerjjx.dll
2007-11-12 21:47 81,472 --a------ C:\WINDOWS\system32\qmghkayu.dll
2007-11-12 20:37 <REP> d-------- C:\Program Files\Trend Micro
2007-11-11 23:21 7,076 --a------ C:\WINDOWS\system32\owvgoeob.dll
2007-11-11 20:11 88,128 --a------ C:\WINDOWS\system32\eilbiqyt.dll
2007-11-09 15:26 88,128 --a------ C:\WINDOWS\system32\ntssbgex.dll
2007-11-08 22:35 4,156 --a------ C:\WINDOWS\system32\nftrglnx.dll
2007-11-07 22:28 5,620 --a------ C:\WINDOWS\system32\skhwqgtb.dll
2007-11-07 22:27 71,232 --a------ C:\WINDOWS\system32\fvqtiuok.exe
2007-11-05 22:30 85,568 --a------ C:\WINDOWS\system32\gtqewuqa.dll
2007-11-03 00:04 <REP> d-------- C:\Documents and Settings\victor\Application Data\Grisoft
2007-11-03 00:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-03 00:03 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-02 23:44 <REP> d-------- C:\Program Files\Registry Defender
2007-11-02 20:34 86,080 --a------ C:\WINDOWS\system32\bljsenil.dll
2007-10-31 01:11 <REP> d-------- C:\Program Files\splus
2007-10-24 22:03 <REP> d-------- C:\Program Files\Nero.msi
2007-10-24 12:48 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
2007-10-24 12:48 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
2007-10-24 12:48 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
2007-10-23 20:54 <REP> d-------- C:\Program Files\Rocket Division Software
2007-10-23 07:13 <REP> d-------- C:\Documents and Settings\victor\Application Data\Windows Desktop Search
2007-10-21 22:43 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-10-21 22:38 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-10-21 22:36 <REP> d-------- C:\Program Files\Windows Desktop Search
2007-10-21 22:35 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2007-10-21 22:35 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2007-10-21 22:15 <REP> d-------- C:\Program Files\Windows Live
2007-10-21 22:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-10-20 20:38 <REP> d-------- C:\Program Files\AskTBar
2007-10-20 17:28 <REP> d-------- C:\Program Files\WinUpdater
2007-10-17 16:03 <REP> d-------- C:\Program Files\Windows Live Favorites
2007-10-17 16:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-10-17 16:01 <REP> d-------- C:\Program Files\Windows Live Toolbar
2007-10-17 13:24 <REP> d-------- C:\WINDOWS\system32\fr-fr
2007-10-17 12:30 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-17 12:30 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-10-17 12:30 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-17 12:30 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-17 12:30 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-17 12:30 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-17 12:30 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-17 12:30 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-17 12:21 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-12 21:29 --------- d-----w C:\Program Files\Best_Security_Tips
2007-11-12 00:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-10 09:28 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-11-06 19:05 --------- d-----w C:\Program Files\adslTV
2007-11-03 18:41 --------- d-----w C:\Program Files\eMule
2007-10-25 10:04 --------- d-----w C:\Program Files\eoRezo
2007-10-25 10:04 --------- d-----w C:\Documents and Settings\victor\Application Data\EoRezo
2007-10-24 20:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-21 21:27 --------- d-----w C:\Program Files\MSN Messenger
2007-10-19 01:33 --------- d-----w C:\Program Files\Picasa2
2007-10-10 16:28 585,728 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-09 15:53 --------- d-----w C:\Program Files\Google
2007-10-03 19:35 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-03 19:35 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-10-03 19:35 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-03 19:35 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-03 19:35 --------- d-----w C:\Program Files\Symantec
2007-09-30 22:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2007-09-29 08:57 --------- d-----w C:\Program Files\World of Warcraft
2007-09-27 21:08 --------- d-----w C:\Program Files\LimeWire Turbo Accelerator
2007-09-23 19:10 404,540 ----a-w C:\WINDOWS\jvms.exe
2007-08-27 15:13 537,992 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-08-27 15:13 161,160 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-16 14:17 51,568 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-08-13 16:54 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
2007-08-13 16:54 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2007-08-13 16:45 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
2007-08-13 16:44 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
2007-08-13 16:39 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
2007-08-13 16:39 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
2007-08-13 16:36 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
2007-08-13 16:32 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2007-08-13 16:01 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
2007-06-12 18:06 14 ----a-w C:\Documents and Settings\victor\getfile.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4023CF3F-7D2D-4CCC-B3F7-7C8297FDA90f}]
C:\WINDOWS\system32\xkiksiom.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{607337eb-7954-4db5-be93-7e2da3bc9608}]
2007-11-12 22:42 81472 --a------ C:\WINDOWS\system32\yinmutxb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-02-22 11:08]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-26 14:39]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"EoEngine"="" []
"EoWeather"="" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"343a49a0"="C:\WINDOWS\system32\qwjapcvn.dll" [2007-11-12 22:39]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
"MsnMsgr"="C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" [2007-08-16 15:19]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2006-04-21 16:03]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-02 13:31]
"showfree"="C:\DOCUME~1\victor\APPLIC~1\PHONEB~1\Close Four.exe" []
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2007-02-05 03:05]
"WinUpdater"="C:\Program Files\WinUpdater\update.exe" [2007-10-20 16:53]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxxxwt]
byxxxwt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fcccawt]
fcccawt.dll
R0 Defrag32b;Defrag32Boot;C:\WINDOWS\system32\drivers\Defrag32b.sys
R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys
R0 timounter;Acronis TrueImage Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R2 Defrag32;Defrag32;C:\WINDOWS\system32\drivers\Defrag32.sys
R2 PDSched;PDScheduler;C:\Program Files\Raxco\PerfectDisk\PDSched.exe
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
R2 tifsfilter;Acronis TrueImage FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd66435b-29c9-11dc-b8ef-0013d3b71ea4}]
\Shell\AutoRun\command - E:\InstallTomTomHOME.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-12 22:00:03 C:\WINDOWS\Tasks\A9C10160911EB974.job"
"2007-11-09 21:22:31 C:\WINDOWS\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - victor.job"
"2007-11-12 21:26:04 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-12 23:08:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-12 23:16:12 - machine was rebooted
.
--- E O F ---
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
12 nov. 2007 à 23:18
12 nov. 2007 à 23:18
ok fais la suite
;***********************************************************************************************************************************************************************************
ANALYSIS: 2007-11-13 00:20:58
PROTECTIONS: 1
MALWARE: 11
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Norton AntiVirus 2006 2005 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00032731 application/mywebsearch HackTools No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3}
00032731 application/mywebsearch HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44cf-8957-5838F569A31D}
00032731 application/mywebsearch HackTools No 0 Yes No hkey_current_user\software\mywebsearch
00032731 application/mywebsearch HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
00032731 application/mywebsearch HackTools No 0 Yes No hkey_classes_root\clsid\{a4730ebe-43a6-443e-9776-36915d323ad3}
00032731 application/mywebsearch HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
00032731 application/mywebsearch HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
00096053 application/funweb HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF}
00096053 application/funweb HackTools No 0 Yes No hkey_local_machine\software\fun web products
00096053 application/funweb HackTools No 0 Yes No hkey_current_user\software\fun web products
00096053 application/funweb HackTools No 0 Yes No c:\windows\downloaded program files\f3initialsetup1.0.0.15-3.inf
00096053 application/funweb HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
00096053 application/funweb HackTools No 0 Yes No HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\victor\Cookies\victor@doubleclick[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\victor\Cookies\victor@tradedoubler[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\victor\Cookies\victor@247realmedia[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\victor\Cookies\victor@xiti[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\victor\Cookies\victor@bluestreak[2].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\victor\Cookies\victor@smartadserver[1].txt
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\NirCmd.exe
02510815 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\WINDOWS\jvms.exe
02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\fvqtiuok.exe
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
ANALYSIS: 2007-11-13 00:20:58
PROTECTIONS: 1
MALWARE: 11
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Norton AntiVirus 2006 2005 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00032731 application/mywebsearch HackTools No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3}
00032731 application/mywebsearch HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44cf-8957-5838F569A31D}
00032731 application/mywebsearch HackTools No 0 Yes No hkey_current_user\software\mywebsearch
00032731 application/mywebsearch HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
00032731 application/mywebsearch HackTools No 0 Yes No hkey_classes_root\clsid\{a4730ebe-43a6-443e-9776-36915d323ad3}
00032731 application/mywebsearch HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
00032731 application/mywebsearch HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
00096053 application/funweb HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF}
00096053 application/funweb HackTools No 0 Yes No hkey_local_machine\software\fun web products
00096053 application/funweb HackTools No 0 Yes No hkey_current_user\software\fun web products
00096053 application/funweb HackTools No 0 Yes No c:\windows\downloaded program files\f3initialsetup1.0.0.15-3.inf
00096053 application/funweb HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
00096053 application/funweb HackTools No 0 Yes No HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\victor\Cookies\victor@doubleclick[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\victor\Cookies\victor@tradedoubler[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\victor\Cookies\victor@247realmedia[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\victor\Cookies\victor@xiti[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\victor\Cookies\victor@bluestreak[2].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\victor\Cookies\victor@smartadserver[1].txt
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\NirCmd.exe
02510815 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\WINDOWS\jvms.exe
02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\fvqtiuok.exe
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:28:52, on 13/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4023CF3F-7D2D-4CCC-B3F7-7C8297FDA90f} - C:\WINDOWS\system32\xkiksiom.dll (file missing)
O2 - BHO: (no name) - {607337eb-7954-4db5-be93-7e2da3bc9608} - C:\WINDOWS\system32\yinmutxb.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\WinUpdater\update.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by132fd.bay132.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/...
O20 - Winlogon Notify: byxxxwt - byxxxwt.dll (file missing)
O20 - Winlogon Notify: fcccawt - fcccawt.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\VIRUSfighter\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
Scan saved at 00:28:52, on 13/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4023CF3F-7D2D-4CCC-B3F7-7C8297FDA90f} - C:\WINDOWS\system32\xkiksiom.dll (file missing)
O2 - BHO: (no name) - {607337eb-7954-4db5-be93-7e2da3bc9608} - C:\WINDOWS\system32\yinmutxb.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\WinUpdater\update.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by132fd.bay132.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/...
O20 - Winlogon Notify: byxxxwt - byxxxwt.dll (file missing)
O20 - Winlogon Notify: fcccawt - fcccawt.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\VIRUSfighter\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
13 nov. 2007 à 10:21
13 nov. 2007 à 10:21
ca marche mais c'est loin d'être la fin....
________________
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".
O2 - BHO: (no name) - {4023CF3F-7D2D-4CCC-B3F7-7C8297FDA90f} - C:\WINDOWS\system32\xkiksiom.dll (file missing)
O2 - BHO: (no name) - {607337eb-7954-4db5-be93-7e2da3bc9608} - C:\WINDOWS\system32\yinmutxb.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/
O20 - Winlogon Notify: byxxxwt - byxxxwt.dll (file missing)
O20 - Winlogon Notify: fcccawt - fcccawt.dll (file missing)
____________________
télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\WINDOWS\system32\yinmutxb.dll
C:\WINDOWS\jvms.exe
C:\WINDOWS\system32\fvqtiuok.exe
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
____________________
utilise pour supprimer tes traces
CCLEANER: (lance un nettoyage et répare 3 fois les erreurs) sans installer la barre yahoo
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
____________________
lance regcleaner et nettoie ton registre
https://www.01net.com/telecharger/
_____________________
recolle ensuite un scan en ligne et hijackthis
ainsi qu'un rapport navilog
Fais un clic droit sur ce lien : (IL-MAFIOSO)
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
________________
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".
O2 - BHO: (no name) - {4023CF3F-7D2D-4CCC-B3F7-7C8297FDA90f} - C:\WINDOWS\system32\xkiksiom.dll (file missing)
O2 - BHO: (no name) - {607337eb-7954-4db5-be93-7e2da3bc9608} - C:\WINDOWS\system32\yinmutxb.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/
O20 - Winlogon Notify: byxxxwt - byxxxwt.dll (file missing)
O20 - Winlogon Notify: fcccawt - fcccawt.dll (file missing)
____________________
télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\WINDOWS\system32\yinmutxb.dll
C:\WINDOWS\jvms.exe
C:\WINDOWS\system32\fvqtiuok.exe
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
____________________
utilise pour supprimer tes traces
CCLEANER: (lance un nettoyage et répare 3 fois les erreurs) sans installer la barre yahoo
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
____________________
lance regcleaner et nettoie ton registre
https://www.01net.com/telecharger/
_____________________
recolle ensuite un scan en ligne et hijackthis
ainsi qu'un rapport navilog
Fais un clic droit sur ce lien : (IL-MAFIOSO)
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
