Virus W32 besoin d'aide

Zobway -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,

Je suis infecté par W32 networm, pouvez-vous m'aider? Merci

voici le rapport de hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:51, on 22/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe
C:\WINDOWS\system32\winsock32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Insider\Insider.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\System32\locator.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\kawuoidm.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\hihmykbx.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [DJ Console Mk2] C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe -hide
O4 - HKLM\..\Run: [] winsock32.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [64970c5c] rundll32.exe "C:\WINDOWS\system32\ibjquthv.dll",b
O4 - HKLM\..\RunServices: [] winsock32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [VoipBuster] "C:\program files\voipbuster.com\voipbuster\voipbuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://eldarionankalima.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup162.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00C136.dat
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\kawuoidm.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
A voir également:

13 réponses

Réponse 1 / 13
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt



desinstalle via ton panneau de configuration:

SweetIM
Security Toolbar


_____________________


scan avec vundofix (colle le rapport)

Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.

Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.


puis :




virtumondebegone (colle le rapport)

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

_____________________________


ensuite recolle hijackthis et dis tes problemes
0
Réponse 2 / 13
Zobway
 
Jlpjlp,

j'ai suivi vos instructions,

voici les rapports :

1/ Virtumundobegone:


[11/22/2007, 13:37:08] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Bruxelles\Local Settings\Temporary Internet Files\Content.IE5\WZL7EI71\VirtumundoBeGone[1].exe" )
[11/22/2007, 13:37:12] - Detected System Information:
[11/22/2007, 13:37:12] - Windows Version: 5.1.2600, Service Pack 2
[11/22/2007, 13:37:12] - Current Username: Bruxelles (Admin)
[11/22/2007, 13:37:12] - Windows is in NORMAL mode.
[11/22/2007, 13:37:12] - Searching for Browser Helper Objects:
[11/22/2007, 13:37:12] - BHO 1: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/22/2007, 13:37:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/22/2007, 13:37:12] - No filename found. Continuing.
[11/22/2007, 13:37:12] - BHO 2: {81991A19-8FA4-44E7-B3EA-F0620242EED0} ()
[11/22/2007, 13:37:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/22/2007, 13:37:12] - Checking for HKLM\...\Winlogon\Notify\jkhhe
[11/22/2007, 13:37:12] - Key not found: HKLM\...\Winlogon\Notify\jkhhe, continuing.
[11/22/2007, 13:37:12] - BHO 3: {A95B2816-1D7E-4561-A202-68C0DE02353A} ()
[11/22/2007, 13:37:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/22/2007, 13:37:12] - Checking for HKLM\...\Winlogon\Notify\hihmykbx
[11/22/2007, 13:37:12] - Found: HKLM\...\Winlogon\Notify\hihmykbx - This is probably Virtumundo.
[11/22/2007, 13:37:12] - Assigning {A95B2816-1D7E-4561-A202-68C0DE02353A} MSEvents Object
[11/22/2007, 13:37:12] - BHO list has been changed! Starting over...
[11/22/2007, 13:37:12] - BHO 1: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/22/2007, 13:37:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/22/2007, 13:37:13] - No filename found. Continuing.
[11/22/2007, 13:37:13] - BHO 2: {81991A19-8FA4-44E7-B3EA-F0620242EED0} ()
[11/22/2007, 13:37:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/22/2007, 13:37:13] - Checking for HKLM\...\Winlogon\Notify\jkhhe
[11/22/2007, 13:37:13] - Key not found: HKLM\...\Winlogon\Notify\jkhhe, continuing.
[11/22/2007, 13:37:13] - BHO 3: {A95B2816-1D7E-4561-A202-68C0DE02353A} (MSEvents Object)
[11/22/2007, 13:37:13] - ALERT: Found MSEvents Object!
[11/22/2007, 13:37:13] - BHO 4: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[11/22/2007, 13:37:13] - BHO 5: {e5f2b371-43da-4d76-8ace-23176e3e06f3} ()
[11/22/2007, 13:37:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/22/2007, 13:37:13] - Checking for HKLM\...\Winlogon\Notify\rshehdsy
[11/22/2007, 13:37:13] - Key not found: HKLM\...\Winlogon\Notify\rshehdsy, continuing.
[11/22/2007, 13:37:13] - Finished Searching Browser Helper Objects
[11/22/2007, 13:37:13] - *** Detected MSEvents Object
[11/22/2007, 13:37:13] - Trying to remove MSEvents Object...
[11/22/2007, 13:37:14] - Terminating Process: IEXPLORE.EXE
[11/22/2007, 13:37:14] - Terminating Process: RUNDLL32.EXE
[11/22/2007, 13:37:15] - Disabling Automatic Shell Restart
[11/22/2007, 13:37:15] - Terminating Process: EXPLORER.EXE
[11/22/2007, 13:37:15] - Suspending the NT Session Manager System Service
[11/22/2007, 13:37:15] - Terminating Windows NT Logon/Logoff Manager
[11/22/2007, 13:37:15] - Re-enabling Automatic Shell Restart
[11/22/2007, 13:37:15] - File to disable: C:\WINDOWS\system32\hihmykbx.dll
[11/22/2007, 13:37:15] - Renaming C:\WINDOWS\system32\hihmykbx.dll -> C:\WINDOWS\system32\hihmykbx.dll.vir
[11/22/2007, 13:37:15] - File successfully renamed!
[11/22/2007, 13:37:15] - Removing HKLM\...\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
[11/22/2007, 13:37:15] - Removing HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
[11/22/2007, 13:37:15] - Adding Kill Bit for ActiveX for GUID: {A95B2816-1D7E-4561-A202-68C0DE02353A}
[11/22/2007, 13:37:15] - Deleting ATLEvents/MSEvents Registry entries
[11/22/2007, 13:37:15] - Removing HKLM\...\Winlogon\Notify\hihmykbx
[11/22/2007, 13:37:16] - Searching for Browser Helper Objects:
[11/22/2007, 13:37:16] - BHO 1: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/22/2007, 13:37:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/22/2007, 13:37:16] - No filename found. Continuing.
[11/22/2007, 13:37:16] - BHO 2: {81991A19-8FA4-44E7-B3EA-F0620242EED0} ()
[11/22/2007, 13:37:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/22/2007, 13:37:16] - Checking for HKLM\...\Winlogon\Notify\jkhhe
[11/22/2007, 13:37:16] - Key not found: HKLM\...\Winlogon\Notify\jkhhe, continuing.
[11/22/2007, 13:37:16] - BHO 3: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[11/22/2007, 13:37:16] - BHO 4: {e5f2b371-43da-4d76-8ace-23176e3e06f3} ()
[11/22/2007, 13:37:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/22/2007, 13:37:16] - Checking for HKLM\...\Winlogon\Notify\rshehdsy
[11/22/2007, 13:37:16] - Key not found: HKLM\...\Winlogon\Notify\rshehdsy, continuing.
[11/22/2007, 13:37:16] - Finished Searching Browser Helper Objects
[11/22/2007, 13:37:16] - Finishing up...
[11/22/2007, 13:37:16] - A restart is needed.
[11/22/2007, 13:37:24] - Attempting to Restart via STOP error (Blue Screen!)

Rapport Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:40:54, on 22/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\kawuoidm.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe
C:\WINDOWS\system32\winsock32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Insider\Insider.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\hihmykbx.dll (file missing)
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [DJ Console Mk2] C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe -hide
O4 - HKLM\..\Run: [] winsock32.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [64970c5c] rundll32.exe "C:\WINDOWS\system32\ibjquthv.dll",b
O4 - HKLM\..\RunServices: [] winsock32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [VoipBuster] "C:\program files\voipbuster.com\voipbuster\voipbuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://eldarionankalima.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup162.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00C136.dat
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\kawuoidm.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
0
Réponse 3 / 13
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\hihmykbx.dll (file missing)
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [DJ Console Mk2] C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe -hide
O4 - HKLM\..\Run: [] winsock32.exe

O4 - HKLM\..\Run: [64970c5c] rundll32.exe "C:\WINDOWS\system32\ibjquthv.dll",b
O4 - HKLM\..\RunServices: [] winsock32.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup162.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00C136.dat


__________________




télécharges et installes :

kill box
https://www.bleepingcomputer.com/download/linux/


aide kill box
http://perso.wanadoo.fr/jesses/Docs/Logiciels/KillBox.htm


- Redémarre en mode sans échec, si tu sais pas comment on fait lis ceci

- Double-clic sur fix.reg

Ouvres killbox
- Sélectionne "delete on reboot"
- Clique sur le dossier jaune à droite et sélectionne le fichier :


C:\WINDOWS\system32\__c00C136.dat
C:\WINDOWS\system32\ibjquthv.dll


- Clique sur la croix rouge et et blanche
- Répond yes et laisse redémarrer ton pc.
N'hésite pas à consulter l'Aide killbox

Vérifie que les fichier s

C:\WINDOWS\system32\__c00C136.dat
C:\WINDOWS\system32\ibjquthv.dll

ne sont plus present

_______________________


colle le rapport d'un scan en ligne
avec un des suivants:

Panda en ligne : (desactive ton antivirus le temps du scan si il le considere comme nefaste_)

http://pandasoftware.fr

è____________________

recolle un rapport hijackthis et dis tes problemes
0
Réponse 4 / 13
Zobway
 
J'ai enlevé les 2 fichiers ds system32

j'ai lancé le scan panda; voici le rapport:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2007-11-22 16:15:21
PROTECTIONS: 1
MALWARE: 80
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.7.1043 [VPS 071122-0] 4.7.1043 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@casalemedia[2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.atdmt.com/]
00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\Bruxelles\Local Settings\Temporary Internet Files\Content.IE5\WZL7EI71\VirtumundoBeGone[1].exe[²ƒÇ]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@tradedoubler[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@247realmedia[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@fastclick[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@tribalfusion[1].txt
00145732 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@as-eu.falkag[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@mediaplex[1].txt
00145792 Cookie/SexList TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@sexlist[2].txt
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@linksynergy[1].txt
00149046 Cookie/Casinotropez TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@casinotropez[1].txt
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@ccbill[2].txt
00156964 Cookie/2o7 TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@112.2o7[1].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@revenue[2].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.revenue.net/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@com[1].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@yadro[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.xiti.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@xiti[1].txt
00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@fe.lea.lycos[1].txt
00167730 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@ehg.hitbox[2].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@azjmp[2].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@toplist[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@statcounter[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.statcounter.com/]
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@counter.hitslink[1].txt
00167762 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@counter13.sextracker[1].txt
00167783 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@counter6.sextracker[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@apmebf[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.apmebf.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@burstnet[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@bs.serving-sys[2].txt
00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@888[3].txt
00168101 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@as-us.falkag[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@weborama[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@adtech[2].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@server.iad.liveperson[1].txt
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[stat.onestat.com/]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@stat.onestat[1].txt
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[stat.onestat.com/]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[stat.onestat.com/]
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@fl01.ct2.comclick[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.advertising.com/]
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@sextracker[2].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@adrevolver[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[statse.webtrendslive.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@statse.webtrendslive[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@overture[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@questionmarket[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@zedo[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.zedo.com/]
00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.metriweb.be/]
00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@metriweb[1].txt
00172483 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@888[2].txt
00172484 Cookie/Cassava TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@cassava[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.bluestreak.com/]
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@cs.sexcounter[2].txt
00180153 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@counter2.sextracker[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@adrevolver[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@adultfriendfinder[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.adultfriendfinder.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@go[2].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@searchportal.information[1].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[searchportal.information.com/]
00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@adviva[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@atwola[2].txt
00262024 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@www.errorsafe[1].txt
00262025 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@errorsafe[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@smartadserver[2].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.smartadserver.com/]
00286734 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@adserver.filefront[1].txt
00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@cgi-bin[1].txt
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@ehg-dig.hitbox[2].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@ads.addynamix[1].txt
00296583 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@stats.drivecleaner[2].txt
00296584 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@drivecleaner[2].txt
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@citi.bridgetrack[1].txt
00519333 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Bruxelles\Local Settings\Temporary Internet Files\Content.IE5\WZL7EI71\VirtumundoBeGone[1].exe
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@adserver.easyad[2].txt
02646028 Adware/PurityScan Adware No 0 Yes No C:\Documents and Settings\Bruxelles\Local Settings\Temporary Internet Files\Content.IE5\WZL7EI71\mosx1024[1]
02649815 Trj/Agent.GXF Virus/Trojan No 0 Yes No C:\WINDOWS\b111.exe
02670453 W32/Gaobot.QBN.worm Virus/Worm Yes 2 Yes No C:\WINDOWS\SYSTEM32\WINSOCK32.EXE
02670454 Adware/Yazzle Adware No 0 Yes No C:\WINDOWS\system32\dkfjdkfj.exe
02673158 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\WINDOWS\b122.exe
02688344 Spyware/Virtumonde Spyware Yes 2 Yes No C:\WINDOWS\SYSTEM32\KAWUOIDM.EXE
02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\Documents and Settings\Bruxelles\Local Settings\Temporary Internet Files\Content.IE5\YTWBINET\pochki20071106[1]
02688348 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\hihmykbx.dll.vir
02688348 Spyware/Virtumonde Spyware No 1 Yes No C:\Documents and Settings\Bruxelles\Local Settings\Temporary Internet Files\Content.IE5\AG2GXQ61\upd32_v14[1]
02690919 Adware/Yazzle Adware No 0 Yes No C:\WINDOWS\17PHolmes173.exe
02691065 Trj/Downloader.RBV Virus/Trojan No 0 Yes No C:\WINDOWS\system32\sldfkj.exe
02806076 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\WINDOWS\b128.exe
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
C:\PROGRAM FILES\INSIDER\INSIDER.EXE
;===================================================================================================================================================================================

Scan Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:19:15, on 22/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\kawuoidm.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe
C:\WINDOWS\system32\winsock32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Insider\Insider.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\hihmykbx.dll (file missing)
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [DJ Console Mk2] C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe -hide
O4 - HKLM\..\Run: [] winsock32.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [64970c5c] rundll32.exe "C:\WINDOWS\system32\ibjquthv.dll",b
O4 - HKLM\..\RunServices: [] winsock32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [VoipBuster] "C:\program files\voipbuster.com\voipbuster\voipbuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://eldarionankalima.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup162.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00C136.dat
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\kawuoidm.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 13
Zobway
 
J'ai enlevé les 2 fichiers ds system32

j'ai lancé le scan panda; voici le rapport:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2007-11-22 16:15:21
PROTECTIONS: 1
MALWARE: 80
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.7.1043 [VPS 071122-0] 4.7.1043 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@casalemedia[2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.atdmt.com/]
00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\Bruxelles\Local Settings\Temporary Internet Files\Content.IE5\WZL7EI71\VirtumundoBeGone[1].exe[²ƒÇ]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@tradedoubler[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@247realmedia[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@fastclick[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@tribalfusion[1].txt
00145732 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@as-eu.falkag[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@mediaplex[1].txt
00145792 Cookie/SexList TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@sexlist[2].txt
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@linksynergy[1].txt
00149046 Cookie/Casinotropez TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@casinotropez[1].txt
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@ccbill[2].txt
00156964 Cookie/2o7 TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@112.2o7[1].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@revenue[2].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.revenue.net/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@com[1].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@yadro[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.xiti.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@xiti[1].txt
00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@fe.lea.lycos[1].txt
00167730 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@ehg.hitbox[2].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@azjmp[2].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@toplist[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@statcounter[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.statcounter.com/]
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@counter.hitslink[1].txt
00167762 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@counter13.sextracker[1].txt
00167783 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@counter6.sextracker[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@apmebf[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.apmebf.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@burstnet[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@bs.serving-sys[2].txt
00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@888[3].txt
00168101 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@as-us.falkag[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@weborama[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@adtech[2].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@server.iad.liveperson[1].txt
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[stat.onestat.com/]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@stat.onestat[1].txt
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[stat.onestat.com/]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[stat.onestat.com/]
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@fl01.ct2.comclick[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.advertising.com/]
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@sextracker[2].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@adrevolver[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[statse.webtrendslive.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@statse.webtrendslive[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@overture[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@questionmarket[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@zedo[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.zedo.com/]
00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.metriweb.be/]
00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@metriweb[1].txt
00172483 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@888[2].txt
00172484 Cookie/Cassava TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@cassava[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.bluestreak.com/]
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@cs.sexcounter[2].txt
00180153 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@counter2.sextracker[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@adrevolver[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@adultfriendfinder[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.adultfriendfinder.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@go[2].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@searchportal.information[1].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[searchportal.information.com/]
00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@adviva[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@atwola[2].txt
00262024 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@www.errorsafe[1].txt
00262025 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@errorsafe[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@smartadserver[2].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.smartadserver.com/]
00286734 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@adserver.filefront[1].txt
00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@cgi-bin[1].txt
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@ehg-dig.hitbox[2].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@ads.addynamix[1].txt
00296583 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@stats.drivecleaner[2].txt
00296584 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@drivecleaner[2].txt
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@citi.bridgetrack[1].txt
00519333 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Bruxelles\Local Settings\Temporary Internet Files\Content.IE5\WZL7EI71\VirtumundoBeGone[1].exe
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Cookies\bruxelles@adserver.easyad[2].txt
02646028 Adware/PurityScan Adware No 0 Yes No C:\Documents and Settings\Bruxelles\Local Settings\Temporary Internet Files\Content.IE5\WZL7EI71\mosx1024[1]
02649815 Trj/Agent.GXF Virus/Trojan No 0 Yes No C:\WINDOWS\b111.exe
02670453 W32/Gaobot.QBN.worm Virus/Worm Yes 2 Yes No C:\WINDOWS\SYSTEM32\WINSOCK32.EXE
02670454 Adware/Yazzle Adware No 0 Yes No C:\WINDOWS\system32\dkfjdkfj.exe
02673158 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\WINDOWS\b122.exe
02688344 Spyware/Virtumonde Spyware Yes 2 Yes No C:\WINDOWS\SYSTEM32\KAWUOIDM.EXE
02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\Documents and Settings\Bruxelles\Local Settings\Temporary Internet Files\Content.IE5\YTWBINET\pochki20071106[1]
02688348 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\hihmykbx.dll.vir
02688348 Spyware/Virtumonde Spyware No 1 Yes No C:\Documents and Settings\Bruxelles\Local Settings\Temporary Internet Files\Content.IE5\AG2GXQ61\upd32_v14[1]
02690919 Adware/Yazzle Adware No 0 Yes No C:\WINDOWS\17PHolmes173.exe
02691065 Trj/Downloader.RBV Virus/Trojan No 0 Yes No C:\WINDOWS\system32\sldfkj.exe
02806076 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\WINDOWS\b128.exe
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
C:\PROGRAM FILES\INSIDER\INSIDER.EXE
;===================================================================================================================================================================================

Scan Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:19:15, on 22/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\kawuoidm.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe
C:\WINDOWS\system32\winsock32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Insider\Insider.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\hihmykbx.dll (file missing)
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [DJ Console Mk2] C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe -hide
O4 - HKLM\..\Run: [] winsock32.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [64970c5c] rundll32.exe "C:\WINDOWS\system32\ibjquthv.dll",b
O4 - HKLM\..\RunServices: [] winsock32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [VoipBuster] "C:\program files\voipbuster.com\voipbuster\voipbuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://eldarionankalima.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup162.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00C136.dat
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\kawuoidm.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
0
Réponse 6 / 13
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".


R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
KCO3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\hihmykbx.dll (file missing)

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

O4 - HKLM\..\Run: [64970c5c] rundll32.exe "C:\WINDOWS\system32\ibjquthv.dll",b
O4 - HKLM\..\Run: [] winsock32.exe

O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup162.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00C136.dat

____________________

tu as gaobot alors lance ce logiciel:

https://www.broadcom.com/support/security-center

_____________________


télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :


C:\WINDOWS\system32\ibjquthv.dll
C:\WINDOWS\system32\__c00C136.dat
C:\WINDOWS\b111.exe
C:\WINDOWS\system32\dkfjdkfj.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\SYSTEM32\KAWUOIDM.EXE
C:\Documents and Settings\Bruxelles\Local Settings\Temporary Internet Files\Content.IE5\YTWBINET\pochki20071106[1]
C:\WINDOWS\system32\hihmykbx.dll.vir
C:\Documents and Settings\Bruxelles\Local Settings\Temporary Internet Files\Content.IE5\AG2GXQ61\upd32_v14[1]
C:\WINDOWS\17PHolmes173.exe
C:\WINDOWS\system32\sldfkj.exe
C:\WINDOWS\b128.exe


clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.


_______________________

scan avec :

spybot : (si vous avez une version instalée avant sept 2007 changer là par la version 1.5)

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html

voir demo d utilisation (merci Balltrap)
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

_______________________

installe
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/28872.html

_______________________

utilise pour supprimer tes traces (supprime les fichiers temporaires et les cookies surtout)

CCLEANER: (lance un nettoyage et répare 3 fois les erreurs) sans installer la barre yahoo

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

____________________________


recolle un rapport panda et un rapport hijackthis
ET SURTOUT DIS TES SOUCIS!

a plus
0
Réponse 7 / 13
Zobway
 
Voila j'ai fixé la première liste dans hijackthis, pas de soucis.
-------------

J'ai lancé le logiciel de symantec, il a détecté quelques trucs puis m'a recommandé un patch. Souci : j'ai fermé la fenêtre et n'ai donc pas téléchargé ce patch.

-------------

J'ai effectué la manip avec OTMoveIT, collé la liste pas de soucis. Voici le rapport:

File/Folder C:\WINDOWS\system32\ibjquthv.dll not found.
File/Folder C:\WINDOWS\system32\__c00C136.dat not found.
File/Folder C:\WINDOWS\b111.exe not found.
File/Folder C:\WINDOWS\system32\dkfjdkfj.exe not found.
File/Folder C:\WINDOWS\b122.exe not found.
File/Folder C:\WINDOWS\SYSTEM32\KAWUOIDM.EXE not found.
File/Folder C:\Documents and Settings\Bruxelles\Local Settings\Temporary Internet Files\Content.IE5\YTWBINET\pochki20071106[1] not found.
File/Folder C:\WINDOWS\system32\hihmykbx.dll.vir not found.
File/Folder C:\Documents and Settings\Bruxelles\Local Settings\Temporary Internet Files\Content.IE5\AG2GXQ61\upd32_v14[1] not found.
File/Folder C:\WINDOWS\17PHolmes173.exe not found.
File/Folder C:\WINDOWS\system32\sldfkj.exe not found.
File/Folder C:\WINDOWS\b128.exe not found.

Created on 11/22/2007 23:41:51

-------------

J'ai lancé spybot et enlevé tous les fichiés endommagé comme suggéré
Certains d'entre eux demandaient une autorisation complémentaire, je l'ai fait pour tous sauf un (le premier, je ne savais pas quoi faire).

-----------

J'ai installé et mis à jour spywareblaster, pas de soucis.

----------

J'ai réparer les erreurs trois fois avec Ccleaner, pas de soucis.

---------

test Panda:je pense que Gaobot.QBN.worm est tjrs présent sur mon ordi.

le rapport :

;***********************************************************************************************************************************************************************************
ANALYSIS: 2007-11-23 01:02:42
PROTECTIONS: 1
MALWARE: 1
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.7.1043 [VPS 071122-0] 4.7.1043 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
02670453 W32/Gaobot.QBN.worm Virus/Worm No 1 Yes No C:\WINDOWS\system32\winsock32.exe
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
C:\PROGRAM FILES\INSIDER\INSIDER.EXE
;===================================================================================================================================================================================

Le test hijackthis: le rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:05:17, on 23/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\kawuoidm.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Insider\Insider.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DJ Console Mk2] C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [] winsock32.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA8039] command /c del "C:\WINDOWS\system32\hihmykbx.dllbox"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2370] cmd /c del "C:\WINDOWS\system32\hihmykbx.dllbox"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB2815] command /c del "C:\WINDOWS\system32\hihmykbx.dllbox"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8224] cmd /c del "C:\WINDOWS\system32\hihmykbx.dllbox"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://eldarionankalima.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
0
Réponse 8 / 13
zobway
 
Bonjour,

Je suis infecté par Gaobot, qqn peut-il m'aider à m'en débarasser??

Merci
0
Réponse 9 / 13
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
installe la nouvelle version de spybot pour remplacer la tienne:


https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html


______________________

installe un vrai parefeu a la place de celui de windows

KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm


_____________________


pour virer gaobot:


lance
https://www.broadcom.com/support/security-center


puis lance

https://www.broadcom.com/support/security-center

________________________


refais un scan panda

si toujours gaiobot ici:

C:\WINDOWS\system32\winsock32.exe




télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\WINDOWS\system32\winsock32.exe


clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.




recolle un rapport hijackthis et dis tes soucis

a plus
0
Réponse 10 / 13
zobway
 
j'ai lancé spybot qui a planté après un premier scan, lors des corrections d'erreurs. Je l'ai relancé et corrigé les erreurs.

J'ai téléchargé zonealarm mais il m'empêche d'aller sur internet.

J'ai l'impression que j'ai encore plus de virus qu'hier. Je recois sans arrêt des message d'alerte du security center de windows.

voici le log MoveIT:

C:\WINDOWS\system32\winsock32.exe moved successfully.

Created on 11/24/2007 03:09:27

Le log du scan Panda:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2007-11-24 03:04:44
PROTECTIONS: 1
MALWARE: 8
SUSPECTS: 4
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.7.1043 [VPS 071123-0] 4.7.1043 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Bruxelles\Application Data\Mozilla\Firefox\Profiles\kqi5izyo.default\cookies.txt[.xiti.com/]
01240387 Trj/Downloader.PJT Virus/Trojan No 0 Yes No C:\WINDOWS\system32\rocasmsj.exe
02646028 Adware/PurityScan Adware Yes 1 Yes No C:\WINDOWS\SYSTEM32\__C00575CA.DAT
02646028 Adware/PurityScan Adware No 0 Yes No C:\WINDOWS\system32\mhvggalx.dll
02670453 W32/Gaobot.QBN.worm Virus/Worm No 1 Yes No C:\WINDOWS\system32\winsock32.exe
02688344 Spyware/Virtumonde Spyware Yes 2 Yes No C:\WINDOWS\SYSTEM32\LIYWNJQL.EXE
02688348 Spyware/Virtumonde Spyware Yes 2 Yes No C:\WINDOWS\SYSTEM32\LSZNGLCN.DLL
02688348 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\lsznglcn.dll_old
02688348 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\vuvfqhdb.dll
02812177 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\OAIATPPR.DLL
02864645 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\mljiiff.dll
02864645 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\qommlki.dll
02864645 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\byxxwwx.dll
02864645 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\rqrrsst.dll
02864645 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\ssqqpom.dll
02864645 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\ssqrrrp.dll
02864645 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\tuvvutq.dll
02864645 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\vtutspo.dll
02864645 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\fccaaaa.dll
02864645 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\mljkljg.dll
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHDISP.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\PROGRAM FILES\INSIDER\INSIDER.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
;===================================================================================================================================================================================


et le log hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:15:22, on 24/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\liywnjql.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Insider\Insider.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\lsznglcn.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DJ Console Mk2] C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [64970c5c] rundll32.exe "C:\WINDOWS\system32\oaiatppr.dll",b
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [] winsock32.exe
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA8651] command /c del "C:\WINDOWS\system32\lsznglcn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1409] cmd /c del "C:\WINDOWS\system32\lsznglcn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7016] command /c del "C:\WINDOWS\system32\lsznglcn.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6005] cmd /c del "C:\WINDOWS\system32\lsznglcn.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://eldarionankalima.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00575CA.dat
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 11 / 13
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
desinstalle spybot que tu as puis installe la nouvelle version

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html
___________________


Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\lsznglcn.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"


O4 - HKLM\..\Run: [64970c5c] rundll32.exe "C:\WINDOWS\system32\oaiatppr.dll",b

O4 - HKLM\..\RunServices: [] winsock32.exe

O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00575CA.dat


_____________________

télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\WINDOWS\system32\lsznglcn.dll
C:\WINDOWS\system32\rocasmsj.exe
C:\WINDOWS\SYSTEM32\__C00575CA.DAT
C:\WINDOWS\system32\mhvggalx.dll
C:\WINDOWS\system32\winsock32.exe
C:\WINDOWS\SYSTEM32\LIYWNJQL.EXE
C:\WINDOWS\SYSTEM32\LSZNGLCN.DLL
C:\WINDOWS\system32\lsznglcn.dll_old
C:\WINDOWS\system32\vuvfqhdb.dll
C:\WINDOWS\SYSTEM32\OAIATPPR.DLL
C:\WINDOWS\system32\mljiiff.dll
C:\WINDOWS\system32\qommlki.dll
C:\WINDOWS\system32\byxxwwx.dll
C:\WINDOWS\system32\rqrrsst.dll
C:\WINDOWS\system32\ssqqpom.dll
C:\WINDOWS\system32\ssqrrrp.dll
C:\WINDOWS\system32\tuvvutq.dll
C:\WINDOWS\system32\vtutspo.dll
C:\WINDOWS\system32\fccaaaa.dll
C:\WINDOWS\system32\mljkljg.dll


clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

______________________


desactive la restauration syteme pour purger les virus qui seraient dedans puis reactive là (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis parametre)


_______________________

recolle un rapport hijackthis et dis tes problemes

_______________________

remplace avast par antivir et colle moi un rapport

https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)



a plus
0
Réponse 12 / 13
zobway
 
Voila,

J'ai déplacé les fichiers avec MoveIT, voici le rapport:

File/Folder C:\WINDOWS\system32\lsznglcn.dll not found.
C:\WINDOWS\system32\rocasmsj.exe moved successfully.
C:\WINDOWS\SYSTEM32\__C00575CA.DAT moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\mhvggalx.dll
C:\WINDOWS\system32\mhvggalx.dll NOT unregistered.
C:\WINDOWS\system32\mhvggalx.dll moved successfully.
File/Folder C:\WINDOWS\system32\winsock32.exe not found.
C:\WINDOWS\SYSTEM32\LIYWNJQL.EXE moved successfully.
File/Folder C:\WINDOWS\SYSTEM32\LSZNGLCN.DLL not found.
File/Folder C:\WINDOWS\system32\lsznglcn.dll_old not found.
C:\WINDOWS\system32\vuvfqhdb.dll unregistered successfully.
C:\WINDOWS\system32\vuvfqhdb.dll moved successfully.
File/Folder C:\WINDOWS\SYSTEM32\OAIATPPR.DLL not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\mljiiff.dll
C:\WINDOWS\system32\mljiiff.dll NOT unregistered.
C:\WINDOWS\system32\mljiiff.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\qommlki.dll
C:\WINDOWS\system32\qommlki.dll NOT unregistered.
C:\WINDOWS\system32\qommlki.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\byxxwwx.dll
C:\WINDOWS\system32\byxxwwx.dll NOT unregistered.
C:\WINDOWS\system32\byxxwwx.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\rqrrsst.dll
C:\WINDOWS\system32\rqrrsst.dll NOT unregistered.
C:\WINDOWS\system32\rqrrsst.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ssqqpom.dll
C:\WINDOWS\system32\ssqqpom.dll NOT unregistered.
C:\WINDOWS\system32\ssqqpom.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ssqrrrp.dll
C:\WINDOWS\system32\ssqrrrp.dll NOT unregistered.
C:\WINDOWS\system32\ssqrrrp.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\tuvvutq.dll
C:\WINDOWS\system32\tuvvutq.dll NOT unregistered.
C:\WINDOWS\system32\tuvvutq.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\vtutspo.dll
C:\WINDOWS\system32\vtutspo.dll NOT unregistered.
C:\WINDOWS\system32\vtutspo.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\fccaaaa.dll
C:\WINDOWS\system32\fccaaaa.dll NOT unregistered.
C:\WINDOWS\system32\fccaaaa.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\mljkljg.dll
C:\WINDOWS\system32\mljkljg.dll NOT unregistered.
C:\WINDOWS\system32\mljkljg.dll moved successfully.

Created on 11/25/2007 18:04:16


J'ai effectué la manip pour désactiver et réactiver la restauration du système; pas de soucis.

Voici le scan Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:12:09, on 25/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Insider\Insider.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DJ Console Mk2] C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://eldarionankalima.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00D2490.dat
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 13 / 13
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
DEsinstalle AVAST car il ne faut gerder que antivir

_________________

supprime ce qui est dans la restauration (sauvegarde) de spybot et de antivir

__________________


utilise pour supprimer tes traces (supprime bien les fichiers temporaires)

CCLEANER: (lance un nettoyage et répare 3 fois les erreurs) sans installer la barre yahoo

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

_________________


si tout c'est bien passé désactive la restauration système pour purger les virus qui seraient dedans
puis redemarre ton ordinateur
puis réactive là
(dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre)
_________________
combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

___________________

recolle un rapport antivir et dis tes problemes
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
W32 L32: correspondance entre taille US et taille française
efg -
sibel -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses