malware adware

Question

Bonjour,

en ces fetes de noel tout le monde ce doit d aider les necessiteux, apres avoir reussi à me depettrer de plusieurs problemes sur mon ordinateur, j avoue bloquer sur ce probleme, voici mon scan, en esperant qu une ame charitable voudra bien m aider !!! 
merci d avance!! 

Logfile of HijackThis v1.99.1 
Scan saved at 14:14:59, on 25-12-2007 
Platform: Windows XP SP2 (WinNT 5.01.2600) 
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) 

Running processes: 
C:\WINDOWS\System32\smss.exe 
C:\WINDOWS\system32\winlogon.exe 
C:\WINDOWS\system32\services.exe 
C:\WINDOWS\system32\lsass.exe 
C:\WINDOWS\system32\svchost.exe 
C:\Programas\Panda Software\Panda Internet Security 2007\pavsrv51.exe 
C:\Programas\Panda Software\Panda Internet Security 2007\AVENGINE.EXE 
C:\WINDOWS\system32\svchost.exe 
C:\Programas\Panda Software\Panda Internet Security 2007\TPSrv.exe 
C:\WINDOWS\system32\svchost.exe 
c:\programas\panda software\panda internet security 2007\firewall\PNMSRV.EXE 
C:\WINDOWS\Explorer.EXE 
C:\WINDOWS\system32\spoolsv.exe 
C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe 
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\mdm.exe 
C:\WINDOWS\system32
vsvc32.exe 
C:\Programas\Panda Software\Panda Internet Security 2007\PavFnSvr.exe 
C:\Programas\Ficheiros comuns\Panda Software\PavShld\pavprsrv.exe 
C:\Programas\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe 
C:\Programas\Panda Software\Panda Internet Security 2007\PsImSvc.exe 
C:\WINDOWS\system32\svchost.exe 
C:\Programas\CyberLink\PowerDVD\PDVDServ.exe 
C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe 
C:\Programas\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE 
C:\Programas\USB Disk Win98 Driver\Res.EXE 
C:\WINDOWS\SOUNDMAN.EXE 
C:\Programas\Java\jre1.6.0_02\bin\jusched.exe 
C:\WINDOWS\vsnpstd.exe 
C:\WINDOWS\system32undll32.exe 
C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe 
C:\Programas\MSN Messenger\MsnMsgr.Exe 
C:\Programas\Messenger\msmsgs.exe 
C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 
C:\Programas\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE 
c:\programas\panda software\panda internet security 2007\WebProxy.exe 
C:\WINDOWS\system32\ctfmon.exe 
C:\Programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe 
C:\Programas\Internet Explorer\IEXPLORE.EXE 
C:\Programas\Java\jre1.6.0_02\bin\jucheck.exe 
C:\Documents and Settings\Julien\Os meus documentos\hijackthis\HijackThis.exe 

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll 
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll 
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar2.dll 
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\Windows Live Toolbar\msntb.dll 
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit 
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe 
O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe 
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe" 
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programas\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s 
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programas\Panda Software\Panda Internet Security 2007\Inicio.exe" 
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Programas\USB Disk Win98 Driver\Res.EXE 
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE 
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup 
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_02\bin\jusched.exe" 
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime 
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe 
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar 
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe 
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized 
O4 - HKLM\..\Run: [2c149b40] rundll32.exe "C:\WINDOWS\system32\jemuupdx.dll",b 
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background 
O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background 
O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 
O4 - HKCU\..\Run: [NBJ] "C:\Programas\Ahead\Nero BackItUp\NBJ.exe" 
O4 - HKCU\..\Run: [Shareaza] "C:\Programas\Shareaza\Shareaza.exe" -tray 
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe 
O4 - HKCU\..\Run: [Router] C:\Programas\Router\Router.exe 
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Programas\Microsoft Office\Office12\ONENOTEM.EXE 
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Reader 8.0\Readereader_sl.exe 
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe 
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe 
O8 - Extra context menu item: &Windows Live Search - res://C:\Programas\Windows Live Toolbar\msntb.dll/search.htm 
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Programas\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?47efb4aca7314b9e98f76b76025b3f6d 
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Programas\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?47efb4aca7314b9e98f76b76025b3f6d 
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab 
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab 
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/ 
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab 
O17 - HKLM\System\CCS\Services\Tcpip\..\{C409F88E-B2BF-4E55-9044-FBD2C31E0DDF}: NameServer = 212.55.154.174 
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll 
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHEI~1\MICROS~1\OFFICE12\MSOXMLMF.DLL 
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll 
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe 
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe 
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe 
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programas\Panda Software\Panda Internet Security 2007\PavFnSvr.exe 
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programas\Ficheiros comuns\Panda Software\PavShld\pavprsrv.exe 
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programas\Panda Software\Panda Internet Security 2007\pavsrv51.exe 
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Programas\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe 
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\programas\panda software\panda internet security 2007\firewall\PNMSRV.EXE 
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Programas\Panda Software\Panda Internet Security 2007\PsImSvc.exe 
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Programas\Panda Software\Panda Internet Security 2007\TPSrv.exe

vitalic54 · Answer

le nom est malware alarm, toutes mes confuses...

noctambule28 · Answer

salut

  Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
    http://www.atribune.org/ccount/click.php?id=4
    Double-clique VundoFix.exe afin de le lancer.

    Clique sur le bouton Scan for Vundo.
    Lorsque le scan est complété, clique sur le bouton Remove Vundo.
    Une invite te demandera si tu veux supprimer les fichiers, clique YES
    Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
    Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
    Démarre ton PC à nouveau.
    Copie/colle le rapport (c:\vundofix.txt) dans ta réponse

a+

vitalic54 · Answer

merci bien, je fais le scan et j t envoi la reponse...

vitalic54 · Answer

Voili, voilou!!

VundoFix V6.7.7

Checking Java version...

Sun Java not detected
Scan started at 15:59:38 25-12-2007

Listing files found while scanning....

C:\WINDOWS\system32\awttqop.dll
C:\WINDOWS\system32\hpxnuark.dll
C:\WINDOWS\system32\jemuupdx.dll
C:\WINDOWS\system32\kraunxph.ini
C:\WINDOWS\system32\sstts.dll
C:\WINDOWS\system32\xdpuumej.ini

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\awttqop.dll
C:\WINDOWS\system32\awttqop.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\hpxnuark.dll
C:\WINDOWS\system32\hpxnuark.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\jemuupdx.dll
C:\WINDOWS\system32\jemuupdx.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\kraunxph.ini
C:\WINDOWS\system32\kraunxph.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\sstts.dll
C:\WINDOWS\system32\sstts.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\xdpuumej.ini
C:\WINDOWS\system32\xdpuumej.ini Has been deleted!

Performing Repairs to the registry.
Done!

noctambule28 · Answer

* Double-clique VundoFix.exe afin de le lancer.
* Ne clique sur le bouton Scan for Vundo mais fais un clic droit dans la fenêtre blanche et clique "Add more files?"
* Dans la nouvelle fenêtre qui apparait, Copie/colle le chemin du fichier suivant dans la première case (au haut):

--chemin du dll Vundo identifié--C:\WINDOWS\system32\awttqop.dll 

* Copie/colle le chemin du fichier suivant dans la seconde case (au centre):
C:\WINDOWS\system32\awttqop.*


* Clique sur le bouton "Add File(s)"
* Clique sur le bouton "Close Window"
* Clique à nouveau sur "Remove Vundo"
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
* Démarre ton PC à nouveau.
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse

vitalic54 · Answer

VundoFix V6.7.7

Checking Java version...

Sun Java not detected
Scan started at 15:59:38 25-12-2007

Listing files found while scanning....

C:\WINDOWS\system32\awttqop.dll
C:\WINDOWS\system32\hpxnuark.dll
C:\WINDOWS\system32\jemuupdx.dll
C:\WINDOWS\system32\kraunxph.ini
C:\WINDOWS\system32\sstts.dll
C:\WINDOWS\system32\xdpuumej.ini

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\awttqop.dll
C:\WINDOWS\system32\awttqop.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\hpxnuark.dll
C:\WINDOWS\system32\hpxnuark.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\jemuupdx.dll
C:\WINDOWS\system32\jemuupdx.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\kraunxph.ini
C:\WINDOWS\system32\kraunxph.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\sstts.dll
C:\WINDOWS\system32\sstts.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\xdpuumej.ini
C:\WINDOWS\system32\xdpuumej.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\awttqop.dll
C:\WINDOWS\system32\awttqop.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\awttqop.dll
C:\WINDOWS\system32\awttqop.dll Could not be deleted.

Performing Repairs to the registry.
Done!


Logfile of HijackThis v1.99.1
Scan saved at 17:58:25, on 25-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Panda Software\Panda Internet Security 2007\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
c:\programas\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Programas\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Programas\Ficheiros comuns\Panda Software\PavShld\pavprsrv.exe
C:\Programas\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\Programas\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Panda Software\Panda Internet Security 2007\apvxdwin.exe
C:\Programas\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
c:\programas\panda software\panda internet security 2007\WebProxy.exe
C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programas\USB Disk Win98 Driver\Res.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programas\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32undll32.exe
C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programas\Spyware Terminator\SpywareTerminatorShield.exe
C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Programas\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\Programas\Java\jre1.6.0_02\bin\jucheck.exe
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\Programas\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Julien\Os meus documentos\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\Windows Live Toolbar\msntb.dll
O2 - BHO: {96d33500-bbf3-42c9-02c4-65c4f08dc9ef} - {fe9cd80f-4c56-4c20-9c24-3fbb00533d69} - C:\WINDOWS\system32\wxprvatb.dll
O2 - BHO: (no name) - {FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856} - C:\WINDOWS\system32\awttqop.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programas\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programas\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Programas\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programas\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programas\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Shareaza] "C:\Programas\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Programas\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Reader 8.0\Readereader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programas\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Programas\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?47efb4aca7314b9e98f76b76025b3f6d
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Programas\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?47efb4aca7314b9e98f76b76025b3f6d
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C409F88E-B2BF-4E55-9044-FBD2C31E0DDF}: NameServer = 212.55.154.174
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHEI~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programas\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programas\Ficheiros comuns\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programas\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Programas\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\programas\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Programas\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programas\Spyware Terminator\sp_rsser.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Programas\Panda Software\Panda Internet Security 2007\TPSrv.exe

voila tu as tt, mais je crois qu il y a un probleme avec vundofix, si j ai bien compris!!

noctambule28 · Answer

c'est pas le bon rapport, c'est le meme que tout à l'heure

donc, il y a eu un probleme, effectivement


donc, nous passons par autre chose

    Télécharge VirtumundoBegone sur le bureau:
    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
    Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis. 



Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu

vitalic54 · Answer

j espere que ça va le faire maintenant, merci en tt cas, voici:


Logfile of HijackThis v1.99.1
Scan saved at 18:24:18, on 25-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Programas\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programas\Panda Software\Panda Internet Security 2007\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
c:\programas\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Programas\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Programas\Ficheiros comuns\Panda Software\PavShld\pavprsrv.exe
C:\Programas\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\Programas\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Panda Software\Panda Internet Security 2007\apvxdwin.exe
C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programas\USB Disk Win98 Driver\Res.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programas\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32undll32.exe
C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programas\Spyware Terminator\SpywareTerminatorShield.exe
C:\Programas\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
c:\programas\panda software\panda internet security 2007\WebProxy.exe
C:\Programas\MSN Messenger\MsnMsgr.Exe
C:\Programas\Messenger\msmsgs.exe
C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programas\Shareaza\Shareaza.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Adobe\Reader 8.0\Readereader_sl.exe
C:\Programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Documents and Settings\Julien\Os meus documentos\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\Windows Live Toolbar\msntb.dll
O2 - BHO: {96d33500-bbf3-42c9-02c4-65c4f08dc9ef} - {fe9cd80f-4c56-4c20-9c24-3fbb00533d69} - C:\WINDOWS\system32\wxprvatb.dll
O2 - BHO: (no name) - {FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856} - C:\WINDOWS\system32\awttqop.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programas\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programas\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Programas\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programas\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programas\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Shareaza] "C:\Programas\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Programas\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Reader 8.0\Readereader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programas\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Programas\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?47efb4aca7314b9e98f76b76025b3f6d
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Programas\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?47efb4aca7314b9e98f76b76025b3f6d
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHEI~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programas\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programas\Ficheiros comuns\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programas\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Programas\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\programas\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Programas\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programas\Spyware Terminator\sp_rsser.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Programas\Panda Software\Panda Internet Security 2007\TPSrv.exe

[12/25/2007, 18:14:08] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Julien\Definições locais\Temporary Internet Files\Content.IE5\OH2701ER\VirtumundoBeGone[1].exe" )
[12/25/2007, 18:14:12] - Detected System Information:
[12/25/2007, 18:14:12] -  Windows Version: 5.1.2600, Service Pack 2
[12/25/2007, 18:14:12] -  Current Username: Julien (Admin)
[12/25/2007, 18:14:13] -  Windows is in NORMAL mode.
[12/25/2007, 18:14:13] - Searching for Browser Helper Objects:
[12/25/2007, 18:14:13] -  BHO 1: {53707962-6F74-2D53-2644-206D7942484F} ()
[12/25/2007, 18:14:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/25/2007, 18:14:13] -  Checking for HKLM\...\Winlogon\Notify\SDHelper
[12/25/2007, 18:14:13] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[12/25/2007, 18:14:13] -  BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[12/25/2007, 18:14:13] -  BHO 3: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[12/25/2007, 18:14:13] -  BHO 4: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[12/25/2007, 18:14:13] -  BHO 5: {fe9cd80f-4c56-4c20-9c24-3fbb00533d69} ()
[12/25/2007, 18:14:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/25/2007, 18:14:13] -  Checking for HKLM\...\Winlogon\Notify\wxprvatb
[12/25/2007, 18:14:14] -  Key not found: HKLM\...\Winlogon\Notify\wxprvatb, continuing.
[12/25/2007, 18:14:14] -  BHO 6: {FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856} ()
[12/25/2007, 18:14:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/25/2007, 18:14:14] -  Checking for HKLM\...\Winlogon\Notify\awttqop
[12/25/2007, 18:14:14] -  Key not found: HKLM\...\Winlogon\Notify\awttqop, continuing.
[12/25/2007, 18:14:14] - Finished Searching Browser Helper Objects
[12/25/2007, 18:14:14] - Finishing up...
[12/25/2007, 18:14:14] - Nothing found! Exiting...


à toi maintenant!!

noctambule28 · Answer

tu relance hijackthis
mais cette fois  tu clic sur do a system scan only

puis tu coches devant les ligne suivantes

et fix checked

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
O2 - BHO: {96d33500-bbf3-42c9-02c4-65c4f08dc9ef} - {fe9cd80f-4c56-4c20-9c24-3fbb00533d69} - C:\WINDOWS\system32\wxprvatb.dll 
O2 - BHO: (no name) - {FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856} - C:\WINDOWS\system32\awttqop.dll 
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\Windows Live Toolbar\msntb.dll 

puis

 télécharger ComboFix ici:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Et enregistre le sur le bureau.
Regardes ici, si tu souhaites te familiariser avec son utilisation:
http://mickael.barroux.free.fr/securite/combofix.php

Sur ton bureau double clic sur Combofix.exe.
Appuies sur la touche 1, pour que le programme commence à s'exécuter et suis les instructions à l'écran.
En cours de nettoyage il est possible, que tu reçoives un avertissement te disant que le pc va redémarrer, laisse faire.

Après le redemarrage du pc, un rapport s'ouvrira dans le Bloc notes en fin d'analyse, copie et colle tout son contenu dans ton prochain message.
(Le fichier rapport Combofix.txt , est ensuite automatiquement sauvegardé dans C:\Combofix.txt)

/!\ Pendant toute la durée (ça peut être assez long si le pc est très infecté) du scan de ComboFix, n'ouvres aucun programme et ne surfe pas sur le net. 


ensuite tu post le rapport de combofix, et un nouvel hijackthis

p.s:je serais un peu absent ce soir

vitalic54 · Answer

ComboFix 07-12-21.4 - Julien 2007-12-25 19:56:06.2 - NTFSx86 MINIMAL
Executando de: C:\Documents and Settings\Julien\Ambiente de trabalho\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Julien\Application Data\inst.exe
c:\Documents and Settings\Julien\Definições locais\Application Data\fspzkuunj.dat
C:\Documents and Settings\Julien\Definições locais\Application Data\fspzkuunj.exe
C:\Documents and Settings\Julien\Definições locais\Application Data\fspzkuunj_nav.dat
c:\Documents and Settings\Julien\Definições locais\Application Data\fspzkuunj_navps.dat
C:\Programas\Temporary
C:\Programas\WinAble
C:\WINDOWS\cookies.ini
C:\WINDOWS\messenger.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system32\awttqop.dll
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\sttss.ini
C:\WINDOWS\system32\sttss.ini2
C:\WINDOWS\system32\wxprvatb.dll

.
((((((((((((((((((((((( Ficheiros criados de 2007-11-25 to 2007-12-25 ))))))))))))))))))))))))))))))))
.

2007-12-25 18:01 . 2007-12-25 18:01 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-12-25 17:41 . 2007-12-25 17:41 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Spyware Terminator
2007-12-25 16:47 . 2007-12-25 16:47 135,936 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-12-25 16:45 . 2007-12-25 16:46 <DIR> d-------- C:\Programas\WinClamAVShield
2007-12-25 16:44 . 2007-12-25 17:41 <DIR> d-------- C:\Programas\Spyware Terminator
2007-12-25 16:44 . 2007-12-25 16:44 <DIR> d-------- C:\Programas\Crawler
2007-12-25 16:44 . 2007-12-25 16:49 <DIR> d-------- C:\Documents and Settings\Julien\Application Data\Spyware Terminator
2007-12-25 16:44 . 2007-12-25 16:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2007-12-25 15:59 . 2007-12-25 18:04 <DIR> d-------- C:\VundoFix Backups
2007-12-23 16:49 . 2007-12-23 17:12 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-12-23 16:16 . 2007-12-23 16:16 <DIR> d-------- C:\Documents and Settings\Julien\Application Data\Grisoft
2007-12-23 16:16 . 2007-12-23 16:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-23 16:16 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-23 15:53 . 2007-12-23 19:36 <DIR> d-------- C:\Program Files
2007-12-23 15:52 . 2007-12-23 15:53 1,283,174 --a------ C:\Install
2007-12-22 16:33 . 2007-12-23 15:42 996,825 ---hs---- C:\WINDOWS\system32\cvpehgqa.ini
2007-12-21 16:33 . 2007-12-22 13:58 995,859 ---hs---- C:\WINDOWS\system32\wstrxxaf.ini
2007-12-20 16:32 . 2007-12-21 16:33 995,739 ---hs---- C:\WINDOWS\system32\suvrsvga.ini
2007-12-19 19:58 . 2007-12-19 19:58 <DIR> d-------- C:\WINDOWS\system32\99F_saver__pc dir
2007-12-19 19:58 . 2007-12-19 19:58 203,264 --a------ C:\WINDOWS\system32\99F_saver__pc.scr
2007-12-19 16:32 . 2007-12-20 16:32 987,634 ---hs---- C:\WINDOWS\system32\xnbhqrcs.ini
2007-12-18 16:07 . 2007-12-18 19:49 984,900 ---hs---- C:\WINDOWS\system32\ikuiufrs.ini
2007-12-17 15:37 . 2007-12-18 15:38 981,628 ---hs---- C:\WINDOWS\system32\mwvgdjaw.ini
2007-12-16 03:06 . 2007-12-17 14:58 970,374 ---hs---- C:\WINDOWS\system32\boyaukqf.ini
2007-12-15 03:05 . 2007-12-15 05:14 952,383 ---hs---- C:\WINDOWS\system32\thmiqhjf.ini
2007-12-15 02:14 . 2007-12-25 13:51 <DIR> d-------- C:\Programas\Router
2007-12-13 19:02 . 2007-12-13 19:02 <DIR> d-------- C:\WINDOWS\system32\ineWc01
2007-12-13 19:01 . 2007-12-13 19:01 <DIR> d-------- C:\Temp\tpBe12
2007-12-04 23:30 . 2007-12-04 23:30 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2007-12-04 23:30 . 2007-12-04 23:30 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2007-12-04 23:29 . 2007-12-04 23:29 <DIR> d-------- C:\WINDOWS\system32\Lang
2007-12-01 03:01 . 2007-12-23 20:26 <DIR> d-------- C:\Programas\Windows Live Favorites

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-25 19:04 337,500 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT
2007-12-25 19:04 1,132 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG
2007-12-23 22:01 --------- d-----w C:\Programas\SmitfraudFix
2007-12-23 20:53 --------- d-----w C:\Programas\HardwareDetection
2007-12-23 20:26 --------- d-----w C:\Programas\Windows Live Toolbar
2007-12-23 20:25 --------- d-----w C:\Programas\USB Disk Win98 Driver
2007-12-23 20:24 --------- d-----w C:\Programas\MSN Messenger
2007-12-23 20:21 --------- d-----w C:\Programas\Google
2007-12-23 20:00 --------- d-----w C:\Programas\DivX
2007-12-12 22:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-01 21:28 --------- d-----w C:\Programas\Kodak
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 14:43 --------- d-----w C:\Programas\BoontyGames
2007-11-12 01:05 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-05 23:26 --------- d-----w C:\Documents and Settings\Julien\Application Data\LimeWire
2007-10-29 22:43 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 10:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-25 09:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-15 18:13 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-10-15 18:13 249,856 ------w C:\WINDOWS\Setup1.exe
2007-07-21 22:25 47,360 ----a-w C:\Documents and Settings\Julien\Application Data\pcouffin.sys
2007-06-18 17:41 868,820 ----a-w C:\Programas\SmitfraudFix.exe
2007-06-18 17:38 798,772 ----a-w C:\Programas\SmitfraudFix.zip
2007-04-04 18:04 702,212 ----a-w C:\Programas\APR2007_d3dx10_33_x64.cab
2007-04-04 18:04 699,465 ----a-w C:\Programas\APR2007_d3dx10_33_x86.cab
2007-04-04 18:04 56,902 ----a-w C:\Programas\APR2007_xinput_x86.cab
2007-04-04 18:04 45,305 ----a-w C:\Programas\dxdllreg_x86.cab
2007-04-04 18:04 199,366 ----a-w C:\Programas\APR2007_XACT_x64.cab
2007-04-04 18:04 154,825 ----a-w C:\Programas\APR2007_XACT_x86.cab
2007-04-04 18:04 100,417 ----a-w C:\Programas\APR2007_xinput_x64.cab
2007-04-04 18:04 1,610,958 ----a-w C:\Programas\APR2007_d3dx9_33_x64.cab
2007-04-04 18:04 1,609,639 ----a-w C:\Programas\APR2007_d3dx9_33_x86.cab
2007-04-04 17:48 976,020 ------w C:\Programas\BDAXP.cab
2007-04-04 17:48 917,318 ------w C:\Programas\Apr2006_MDX1_x86.cab
2007-04-04 17:48 88,102 ------w C:\Programas\AUG2006_xinput_x64.cab
2007-04-04 17:48 87,989 ------w C:\Programas\Apr2006_xinput_x64.cab
2007-04-04 17:48 86,925 ------w C:\Programas\Oct2005_xinput_x64.cab
2007-04-04 17:48 85,881 ----a-w C:\Programas\dxupdate.cab
2007-04-04 17:48 77,160 ----a-w C:\Programas\DSETUP.dll
2007-04-04 17:48 503,144 ----a-w C:\Programas\DXSETUP.exe
2007-04-04 17:48 47,018 ------w C:\Programas\AUG2006_xinput_x86.cab
2007-04-04 17:48 46,898 ------w C:\Programas\Apr2006_xinput_x86.cab
2007-04-04 17:48 46,247 ------w C:\Programas\Oct2005_xinput_x86.cab
2007-04-04 17:48 4,163,518 ------w C:\Programas\Apr2006_MDX1_x86_Archive.cab
2007-04-04 17:48 213,767 ------w C:\Programas\DEC2006_d3dx10_00_x64.cab
2007-04-04 17:48 198,275 ------w C:\Programas\FEB2007_XACT_x64.cab
2007-04-04 17:48 193,435 ------w C:\Programas\DEC2006_XACT_x64.cab
2007-04-04 17:48 192,680 ------w C:\Programas\DEC2006_d3dx10_00_x86.cab
2007-04-04 17:48 183,863 ------w C:\Programas\AUG2006_XACT_x64.cab
2007-04-04 17:48 183,321 ------w C:\Programas\OCT2006_XACT_x64.cab
2007-04-04 17:48 181,745 ------w C:\Programas\JUN2006_XACT_x64.cab
2007-04-04 17:48 180,021 ------w C:\Programas\Apr2006_XACT_x64.cab
2007-04-04 17:48 179,247 ------w C:\Programas\Feb2006_XACT_x64.cab
2007-04-04 17:48 151,583 ------w C:\Programas\FEB2007_XACT_x86.cab
2007-04-04 17:48 146,559 ------w C:\Programas\DEC2006_XACT_x86.cab
2007-04-04 17:48 138,977 ------w C:\Programas\OCT2006_XACT_x86.cab
2007-04-04 17:48 138,195 ------w C:\Programas\AUG2006_XACT_x86.cab
2007-04-04 17:48 134,631 ------w C:\Programas\JUN2006_XACT_x86.cab
2007-04-04 17:48 133,991 ------w C:\Programas\Apr2006_XACT_x86.cab
2007-04-04 17:48 133,297 ------w C:\Programas\Feb2006_XACT_x86.cab
2007-04-04 17:48 13,265,040 ------w C:\Programas\dxnt.cab
2007-04-04 17:48 1,673,576 ----a-w C:\Programas\dsetup32.dll
2007-04-04 17:48 1,575,336 ------w C:\Programas\DEC2006_d3dx9_32_x86.cab
2007-04-04 17:48 1,572,114 ------w C:\Programas\DEC2006_d3dx9_32_x64.cab
2007-04-04 17:48 1,413,862 ------w C:\Programas\OCT2006_d3dx9_31_x64.cab
2007-04-04 17:48 1,398,718 ------w C:\Programas\Apr2006_d3dx9_30_x64.cab
2007-04-04 17:48 1,363,684 ------w C:\Programas\Feb2006_d3dx9_29_x64.cab
2007-04-04 17:48 1,358,864 ------w C:\Programas\Dec2005_d3dx9_28_x64.cab
2007-04-04 17:48 1,351,430 ------w C:\Programas\Aug2005_d3dx9_27_x64.cab
2007-04-04 17:48 1,348,242 ------w C:\Programas\Apr2005_d3dx9_25_x64.cab
2007-04-04 17:48 1,336,890 ------w C:\Programas\Jun2005_d3dx9_26_x64.cab
2007-04-04 17:48 1,248,387 ------w C:\Programas\Feb2005_d3dx9_24_x64.cab
2007-04-04 17:48 1,156,363 ------w C:\Programas\BDANT.cab
2007-04-04 17:48 1,128,177 ------w C:\Programas\OCT2006_d3dx9_31_x86.cab
2007-04-04 17:48 1,116,109 ------w C:\Programas\Apr2006_d3dx9_30_x86.cab
2007-04-04 17:48 1,085,608 ------w C:\Programas\Feb2006_d3dx9_29_x86.cab
2007-04-04 17:48 1,080,344 ------w C:\Programas\Dec2005_d3dx9_28_x86.cab
2007-04-04 17:48 1,079,850 ------w C:\Programas\Apr2005_d3dx9_25_x86.cab
2007-04-04 17:48 1,078,532 ------w C:\Programas\Aug2005_d3dx9_27_x86.cab
2007-04-04 17:48 1,065,813 ------w C:\Programas\Jun2005_d3dx9_26_x86.cab
2007-04-04 17:48 1,014,113 ------w C:\Programas\Feb2005_d3dx9_24_x86.cab
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"MSMSGS"="C:\Programas\Messenger\msmsgs.exe" [2004-10-13 16:24]
"swg"="C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 17:42]
"NBJ"="C:\Programas\Ahead\Nero BackItUp\NBJ.exe" [2005-01-04 14:17]
"Shareaza"="C:\Programas\Shareaza\Shareaza.exe" [2007-02-05 03:05]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:57 C:\WINDOWS\system32\rundll32.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"RemoteControl"="C:\Programas\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"GrooveMonitor"="C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"APVXDWIN"="C:\Programas\Panda Software\Panda Internet Security 2007\APVXDWIN.exe" [2006-10-11 12:09]
"SCANINICIO"="C:\Programas\Panda Software\Panda Internet Security 2007\Inicio.exe" [2006-02-01 18:13]
"USB Storage Toolbox"="C:\Programas\USB Disk Win98 Driver\Res.EXE" [2005-09-14 19:44]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:57 C:\WINDOWS\system32\rundll32.exe]
"SunJavaUpdateSched"="C:\Programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"QuickTime Task"="C:\Programas\QuickTime\qttask.exe" [2007-06-29 05:24]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 13:48]
"AdslTaskBar"="stmctrl.dll" [2004-11-18 07:31 C:\WINDOWS\system32\stmctrl.dll]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-13 01:22]
"!AVG Anti-Spyware"="C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25]
"SpywareTerminator"="C:\Programas\Spyware Terminator\SpywareTerminatorShield.exe" [2007-12-25 16:44]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56]

C:\Documents and Settings\Julien\Menu Iniciar\Programas\Arranque\
Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Programas\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\
Adobe Reader Speed Launch.lnk - C:\Programas\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20]
Adobe Reader Synchronizer.lnk - C:\Programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50]
Logiciel Kodak EasyShare.lnk - C:\Programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 04:33:46]

R0 netflt;Panda Net Driver [NDIS Layer];C:\WINDOWS\system32\Drivers\NETFLT.SYS [2006-10-10 16:02]
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys [2006-03-30 18:18]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 03:38]
R3 usbstor;Controlador de armazenamento de massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
S1 APPFLT;App Filter Plugin;C:\WINDOWS\system32\Drivers\APPFLT.SYS [2006-08-03 16:37]
S1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\system32\Drivers\DSAFLT.SYS [2006-08-02 14:08]
S1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\system32\Drivers\fnetmon.SYS [2006-06-29 22:50]
S1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\system32\Drivers\IDSFLT.SYS [2006-08-02 14:10]
S1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\system32\Drivers\NETFLTDI.SYS [2006-05-11 22:26]
S1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\drivers\ShldDrv.sys [2005-08-29 13:23]
S1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\system32\Drivers\SMSFLT.SYS [2006-08-02 14:15]
S1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-12-25 16:47]
S1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\system32\Drivers\WNMFLT.SYS [2006-09-28 15:58]
S2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys [2005-08-12 14:36]
S2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2006-04-25 16:02]
S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys []
S3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys []
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []
S3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys []
S3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2005-08-19 03:23]
S3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2004-05-12 10:16]
S4 Boonty Games;Boonty Games;"C:\Programas\Ficheiros comuns\BOONTY Shared\Service\Boonty.exe" [2007-09-29 21:38]

.
Conteúdo da pasta 'Tarefas Agendadas'
"2007-11-28 23:02:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programas\Apple Software Update\SoftwareUpdate.exe
"2007-12-25 19:51:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Programas\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-25 19:58:53
Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso
Ficheiros ocultos: 0

**************************************************************************
.
Tempo para conclusão: 2007-12-25 19:59:39
.
2007-12-25 13:54:18 --- E O F ---

Logfile of HijackThis v1.99.1
Scan saved at 20:12:42, on 25-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Panda Software\Panda Internet Security 2007\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
c:\programas\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programas\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Programas\Ficheiros comuns\Panda Software\PavShld\pavprsrv.exe
C:\Programas\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\Programas\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Panda Software\Panda Internet Security 2007\apvxdwin.exe
C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programas\USB Disk Win98 Driver\Res.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programas\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programas\Spyware Terminator\SpywareTerminatorShield.exe
C:\Programas\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
C:\Programas\Messenger\msmsgs.exe
C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\programas\panda software\panda internet security 2007\WebProxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\Programas\MSN Messenger\usnsvc.exe
C:\Programas\MSN Messenger\livecall.exe
C:\Programas\Java\jre1.6.0_02\bin\jucheck.exe
C:\Programas\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\Programas\Panda Software\Panda Internet Security 2007\psimreal.exe
C:\Programas\Panda Software\Panda Internet Security 2007\avciman.exe
C:\Documents and Settings\Julien\Os meus documentos\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programas\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programas\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Programas\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programas\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programas\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Shareaza] "C:\Programas\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Programas\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programas\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Programas\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?47efb4aca7314b9e98f76b76025b3f6d
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Programas\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?47efb4aca7314b9e98f76b76025b3f6d
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C409F88E-B2BF-4E55-9044-FBD2C31E0DDF}: NameServer = 212.55.154.174
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHEI~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programas\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programas\Ficheiros comuns\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programas\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Programas\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\programas\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Programas\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programas\Spyware Terminator\sp_rsser.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Programas\Panda Software\Panda Internet Security 2007\TPSrv.exe

en esperant que tu trouves la solution...
encore merci

noctambule28 · Answer

ok, ça avance

Télécharge ceci: (merci a S!RI pour ce programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
ou
http://siri.urz.free.fr/Fix/SmitfraudFix.php
Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.

a+

vitalic54 · Answer

re bonjour, 
j ai deja essayer avec ce programme mais si ça peut t aider...



SmitFraudFix v2.274

Scan done at 15:16:49,26, 26-12-2007
Run from C:\Documents and Settings\Julien\Ambiente de trabalho\SmitfraudFix
OS: Microsoft Windows XP [Versão 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Panda Software\Panda Internet Security 2007\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
c:\programas\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Programas\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Programas\Ficheiros comuns\Panda Software\PavShld\pavprsrv.exe
C:\Programas\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\Programas\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Panda Software\Panda Internet Security 2007\apvxdwin.exe
C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programas\USB Disk Win98 Driver\Res.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programas\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32undll32.exe
C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programas\Spyware Terminator\SpywareTerminatorShield.exe
C:\Programas\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
c:\programas\panda software\panda internet security 2007\WebProxy.exe
C:\Programas\Messenger\msmsgs.exe
C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Programas\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\Programas\Panda Software\Panda Internet Security 2007\psimreal.exe
C:\Programas\Panda Software\Panda Internet Security 2007\avciman.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Julien


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Julien\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Julien\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Programas 


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 212.55.154.174

HKLM\SYSTEM\CCS\Services\Tcpip\..\{C409F88E-B2BF-4E55-9044-FBD2C31E0DDF}: NameServer=212.55.154.174
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C409F88E-B2BF-4E55-9044-FBD2C31E0DDF}: NameServer=212.55.154.174
HKLM\SYSTEM\CS2\Services\Tcpip\..\{C409F88E-B2BF-4E55-9044-FBD2C31E0DDF}: NameServer=212.55.154.174


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

noctambule28 · Answer

en effet, rien à signaler par smitfraud

je continue à regarder le rapport de combofix, c'est un peu compliqué , encore pour moi

mais continue, avec ça

    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
    • Redémarre ton ordinateur
    • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
    • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
    • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le scrïpt.
    • Appuie sur Y pour commencer le processus de nettoyage.
    • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    • Appuie sur une touche pour redémarrer le PC.
    • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    • Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.
    • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis ! 


apres cela, dis mois ou en sont tes problemes et reposte un hijackthis aussi

Malware adware

13 réponses

Votre réponse

Discussions similaires

Newsletters