Malware adware

vitalic54 -  
noctambule28 Messages postés 25275 Date d'inscription   Statut Membre Dernière intervention   -
Bonjour,

en ces fetes de noel tout le monde ce doit d aider les necessiteux, apres avoir reussi à me depettrer de plusieurs problemes sur mon ordinateur, j avoue bloquer sur ce probleme, voici mon scan, en esperant qu une ame charitable voudra bien m aider !!!
merci d avance!!

Logfile of HijackThis v1.99.1
Scan saved at 14:14:59, on 25-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Programas\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programas\Panda Software\Panda Internet Security 2007\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
c:\programas\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programas\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Programas\Ficheiros comuns\Panda Software\PavShld\pavprsrv.exe
C:\Programas\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\Programas\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programas\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE
C:\Programas\USB Disk Win98 Driver\Res.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programas\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programas\MSN Messenger\MsnMsgr.Exe
C:\Programas\Messenger\msmsgs.exe
C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programas\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
c:\programas\panda software\panda internet security 2007\WebProxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\Programas\Java\jre1.6.0_02\bin\jucheck.exe
C:\Documents and Settings\Julien\Os meus documentos\hijackthis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programas\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programas\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Programas\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [2c149b40] rundll32.exe "C:\WINDOWS\system32\jemuupdx.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programas\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Shareaza] "C:\Programas\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Router] C:\Programas\Router\Router.exe
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Programas\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programas\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Programas\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?47efb4aca7314b9e98f76b76025b3f6d
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Programas\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?47efb4aca7314b9e98f76b76025b3f6d
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C409F88E-B2BF-4E55-9044-FBD2C31E0DDF}: NameServer = 212.55.154.174
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHEI~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programas\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programas\Ficheiros comuns\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programas\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Programas\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\programas\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Programas\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Programas\Panda Software\Panda Internet Security 2007\TPSrv.exe
Configuration: Windows XP
Internet Explorer 6.0

13 réponses

  1. vitalic54
     
    le nom est malware alarm, toutes mes confuses...
    0
  2. noctambule28 Messages postés 25275 Date d'inscription   Statut Membre Dernière intervention   2 875
     
    salut

    Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
    http://www.atribune.org/ccount/click.php?id=4
    Double-clique VundoFix.exe afin de le lancer.

    Clique sur le bouton Scan for Vundo.
    Lorsque le scan est complété, clique sur le bouton Remove Vundo.
    Une invite te demandera si tu veux supprimer les fichiers, clique YES
    Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
    Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
    Démarre ton PC à nouveau.
    Copie/colle le rapport (c:\vundofix.txt) dans ta réponse

    a+
    0
  3. vitalic54
     
    merci bien, je fais le scan et j t envoi la reponse...
    0
  4. vitalic54
     
    Voili, voilou!!

    VundoFix V6.7.7

    Checking Java version...

    Sun Java not detected
    Scan started at 15:59:38 25-12-2007

    Listing files found while scanning....

    C:\WINDOWS\system32\awttqop.dll
    C:\WINDOWS\system32\hpxnuark.dll
    C:\WINDOWS\system32\jemuupdx.dll
    C:\WINDOWS\system32\kraunxph.ini
    C:\WINDOWS\system32\sstts.dll
    C:\WINDOWS\system32\xdpuumej.ini

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\awttqop.dll
    C:\WINDOWS\system32\awttqop.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\hpxnuark.dll
    C:\WINDOWS\system32\hpxnuark.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jemuupdx.dll
    C:\WINDOWS\system32\jemuupdx.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\kraunxph.ini
    C:\WINDOWS\system32\kraunxph.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\sstts.dll
    C:\WINDOWS\system32\sstts.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xdpuumej.ini
    C:\WINDOWS\system32\xdpuumej.ini Has been deleted!

    Performing Repairs to the registry.
    Done!
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. noctambule28 Messages postés 25275 Date d'inscription   Statut Membre Dernière intervention   2 875
     
    * Double-clique VundoFix.exe afin de le lancer.
    * Ne clique sur le bouton Scan for Vundo mais fais un clic droit dans la fenêtre blanche et clique "Add more files?"
    * Dans la nouvelle fenêtre qui apparait, Copie/colle le chemin du fichier suivant dans la première case (au haut):

    --chemin du dll Vundo identifié--C:\WINDOWS\system32\awttqop.dll

    * Copie/colle le chemin du fichier suivant dans la seconde case (au centre):
    C:\WINDOWS\system32\awttqop.*

    * Clique sur le bouton "Add File(s)"
    * Clique sur le bouton "Close Window"
    * Clique à nouveau sur "Remove Vundo"
    * Une invite te demandera si tu veux supprimer les fichiers, clique YES
    * Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
    * Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
    * Démarre ton PC à nouveau.
    * Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse
    0
  7. vitalic54
     
    VundoFix V6.7.7

    Checking Java version...

    Sun Java not detected
    Scan started at 15:59:38 25-12-2007

    Listing files found while scanning....

    C:\WINDOWS\system32\awttqop.dll
    C:\WINDOWS\system32\hpxnuark.dll
    C:\WINDOWS\system32\jemuupdx.dll
    C:\WINDOWS\system32\kraunxph.ini
    C:\WINDOWS\system32\sstts.dll
    C:\WINDOWS\system32\xdpuumej.ini

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\awttqop.dll
    C:\WINDOWS\system32\awttqop.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\hpxnuark.dll
    C:\WINDOWS\system32\hpxnuark.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jemuupdx.dll
    C:\WINDOWS\system32\jemuupdx.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\kraunxph.ini
    C:\WINDOWS\system32\kraunxph.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\sstts.dll
    C:\WINDOWS\system32\sstts.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xdpuumej.ini
    C:\WINDOWS\system32\xdpuumej.ini Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\awttqop.dll
    C:\WINDOWS\system32\awttqop.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\awttqop.dll
    C:\WINDOWS\system32\awttqop.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Logfile of HijackThis v1.99.1
    Scan saved at 17:58:25, on 25-12-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programas\Panda Software\Panda Internet Security 2007\pavsrv51.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programas\Panda Software\Panda Internet Security 2007\TPSrv.exe
    C:\WINDOWS\system32\svchost.exe
    c:\programas\panda software\panda internet security 2007\firewall\PNMSRV.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Programas\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
    C:\Programas\Ficheiros comuns\Panda Software\PavShld\pavprsrv.exe
    C:\Programas\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programas\Panda Software\Panda Internet Security 2007\PsImSvc.exe
    C:\Programas\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programas\Panda Software\Panda Internet Security 2007\apvxdwin.exe
    C:\Programas\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
    c:\programas\panda software\panda internet security 2007\WebProxy.exe
    C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
    C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Programas\USB Disk Win98 Driver\Res.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Programas\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\vsnpstd.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Programas\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Programas\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
    C:\Programas\Java\jre1.6.0_02\bin\jucheck.exe
    C:\Programas\Internet Explorer\IEXPLORE.EXE
    C:\Programas\MSN Messenger\usnsvc.exe
    C:\Documents and Settings\Julien\Os meus documentos\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\Windows Live Toolbar\msntb.dll
    O2 - BHO: {96d33500-bbf3-42c9-02c4-65c4f08dc9ef} - {fe9cd80f-4c56-4c20-9c24-3fbb00533d69} - C:\WINDOWS\system32\wxprvatb.dll
    O2 - BHO: (no name) - {FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856} - C:\WINDOWS\system32\awttqop.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar2.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Programas\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [SCANINICIO] "C:\Programas\Panda Software\Panda Internet Security 2007\Inicio.exe"
    O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Programas\USB Disk Win98 Driver\Res.EXE
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programas\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Programas\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [Shareaza] "C:\Programas\Shareaza\Shareaza.exe" -tray
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Programas\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Programas\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Programas\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?47efb4aca7314b9e98f76b76025b3f6d
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Programas\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?47efb4aca7314b9e98f76b76025b3f6d
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C409F88E-B2BF-4E55-9044-FBD2C31E0DDF}: NameServer = 212.55.154.174
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHEI~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programas\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programas\Ficheiros comuns\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programas\Panda Software\Panda Internet Security 2007\pavsrv51.exe
    O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Programas\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
    O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\programas\panda software\panda internet security 2007\firewall\PNMSRV.EXE
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Programas\Panda Software\Panda Internet Security 2007\PsImSvc.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programas\Spyware Terminator\sp_rsser.exe
    O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Programas\Panda Software\Panda Internet Security 2007\TPSrv.exe

    voila tu as tt, mais je crois qu il y a un probleme avec vundofix, si j ai bien compris!!
    0
  8. noctambule28 Messages postés 25275 Date d'inscription   Statut Membre Dernière intervention   2 875
     
    c'est pas le bon rapport, c'est le meme que tout à l'heure

    donc, il y a eu un probleme, effectivement

    donc, nous passons par autre chose

    Télécharge VirtumundoBegone sur le bureau:
    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
    Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.

    Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu
    0
  9. vitalic54
     
    j espere que ça va le faire maintenant, merci en tt cas, voici:

    Logfile of HijackThis v1.99.1
    Scan saved at 18:24:18, on 25-12-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programas\Panda Software\Panda Internet Security 2007\pavsrv51.exe
    C:\Programas\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Programas\Panda Software\Panda Internet Security 2007\TPSrv.exe
    C:\WINDOWS\system32\svchost.exe
    c:\programas\panda software\panda internet security 2007\firewall\PNMSRV.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Programas\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
    C:\Programas\Ficheiros comuns\Panda Software\PavShld\pavprsrv.exe
    C:\Programas\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programas\Panda Software\Panda Internet Security 2007\PsImSvc.exe
    C:\Programas\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programas\Panda Software\Panda Internet Security 2007\apvxdwin.exe
    C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
    C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Programas\USB Disk Win98 Driver\Res.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Programas\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\vsnpstd.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Programas\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Programas\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
    c:\programas\panda software\panda internet security 2007\WebProxy.exe
    C:\Programas\MSN Messenger\MsnMsgr.Exe
    C:\Programas\Messenger\msmsgs.exe
    C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Programas\Shareaza\Shareaza.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programas\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Documents and Settings\Julien\Os meus documentos\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\Windows Live Toolbar\msntb.dll
    O2 - BHO: {96d33500-bbf3-42c9-02c4-65c4f08dc9ef} - {fe9cd80f-4c56-4c20-9c24-3fbb00533d69} - C:\WINDOWS\system32\wxprvatb.dll
    O2 - BHO: (no name) - {FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856} - C:\WINDOWS\system32\awttqop.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar2.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Programas\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [SCANINICIO] "C:\Programas\Panda Software\Panda Internet Security 2007\Inicio.exe"
    O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Programas\USB Disk Win98 Driver\Res.EXE
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programas\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Programas\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [Shareaza] "C:\Programas\Shareaza\Shareaza.exe" -tray
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Programas\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Programas\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Programas\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?47efb4aca7314b9e98f76b76025b3f6d
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Programas\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?47efb4aca7314b9e98f76b76025b3f6d
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHEI~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programas\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programas\Ficheiros comuns\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programas\Panda Software\Panda Internet Security 2007\pavsrv51.exe
    O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Programas\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
    O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\programas\panda software\panda internet security 2007\firewall\PNMSRV.EXE
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Programas\Panda Software\Panda Internet Security 2007\PsImSvc.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programas\Spyware Terminator\sp_rsser.exe
    O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Programas\Panda Software\Panda Internet Security 2007\TPSrv.exe

    [12/25/2007, 18:14:08] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Julien\Definições locais\Temporary Internet Files\Content.IE5\OH2701ER\VirtumundoBeGone[1].exe" )
    [12/25/2007, 18:14:12] - Detected System Information:
    [12/25/2007, 18:14:12] - Windows Version: 5.1.2600, Service Pack 2
    [12/25/2007, 18:14:12] - Current Username: Julien (Admin)
    [12/25/2007, 18:14:13] - Windows is in NORMAL mode.
    [12/25/2007, 18:14:13] - Searching for Browser Helper Objects:
    [12/25/2007, 18:14:13] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} ()
    [12/25/2007, 18:14:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [12/25/2007, 18:14:13] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [12/25/2007, 18:14:13] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [12/25/2007, 18:14:13] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [12/25/2007, 18:14:13] - BHO 3: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    [12/25/2007, 18:14:13] - BHO 4: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
    [12/25/2007, 18:14:13] - BHO 5: {fe9cd80f-4c56-4c20-9c24-3fbb00533d69} ()
    [12/25/2007, 18:14:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [12/25/2007, 18:14:13] - Checking for HKLM\...\Winlogon\Notify\wxprvatb
    [12/25/2007, 18:14:14] - Key not found: HKLM\...\Winlogon\Notify\wxprvatb, continuing.
    [12/25/2007, 18:14:14] - BHO 6: {FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856} ()
    [12/25/2007, 18:14:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [12/25/2007, 18:14:14] - Checking for HKLM\...\Winlogon\Notify\awttqop
    [12/25/2007, 18:14:14] - Key not found: HKLM\...\Winlogon\Notify\awttqop, continuing.
    [12/25/2007, 18:14:14] - Finished Searching Browser Helper Objects
    [12/25/2007, 18:14:14] - Finishing up...
    [12/25/2007, 18:14:14] - Nothing found! Exiting...

    à toi maintenant!!
    0
  10. noctambule28 Messages postés 25275 Date d'inscription   Statut Membre Dernière intervention   2 875
     
    tu relance hijackthis
    mais cette fois tu clic sur do a system scan only

    puis tu coches devant les ligne suivantes

    et fix checked

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
    O2 - BHO: {96d33500-bbf3-42c9-02c4-65c4f08dc9ef} - {fe9cd80f-4c56-4c20-9c24-3fbb00533d69} - C:\WINDOWS\system32\wxprvatb.dll
    O2 - BHO: (no name) - {FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856} - C:\WINDOWS\system32\awttqop.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\Windows Live Toolbar\msntb.dll

    puis

    télécharger ComboFix ici:
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Et enregistre le sur le bureau.
    Regardes ici, si tu souhaites te familiariser avec son utilisation:
    http://mickael.barroux.free.fr/securite/combofix.php

    Sur ton bureau double clic sur Combofix.exe.
    Appuies sur la touche 1, pour que le programme commence à s'exécuter et suis les instructions à l'écran.
    En cours de nettoyage il est possible, que tu reçoives un avertissement te disant que le pc va redémarrer, laisse faire.

    Après le redemarrage du pc, un rapport s'ouvrira dans le Bloc notes en fin d'analyse, copie et colle tout son contenu dans ton prochain message.
    (Le fichier rapport Combofix.txt , est ensuite automatiquement sauvegardé dans C:\Combofix.txt)

    /!\ Pendant toute la durée (ça peut être assez long si le pc est très infecté) du scan de ComboFix, n'ouvres aucun programme et ne surfe pas sur le net.

    ensuite tu post le rapport de combofix, et un nouvel hijackthis

    p.s:je serais un peu absent ce soir
    0
  11. vitalic54
     
    ComboFix 07-12-21.4 - Julien 2007-12-25 19:56:06.2 - NTFSx86 MINIMAL
    Executando de: C:\Documents and Settings\Julien\Ambiente de trabalho\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\Documents and Settings\Julien\Application Data\inst.exe
    c:\Documents and Settings\Julien\Definições locais\Application Data\fspzkuunj.dat
    C:\Documents and Settings\Julien\Definições locais\Application Data\fspzkuunj.exe
    C:\Documents and Settings\Julien\Definições locais\Application Data\fspzkuunj_nav.dat
    c:\Documents and Settings\Julien\Definições locais\Application Data\fspzkuunj_navps.dat
    C:\Programas\Temporary
    C:\Programas\WinAble
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\messenger.exe
    C:\WINDOWS\mrofinu572.exe
    C:\WINDOWS\system32\awttqop.dll
    C:\WINDOWS\system32\nvs2.inf
    C:\WINDOWS\system32\pac.txt
    C:\WINDOWS\system32\sttss.ini
    C:\WINDOWS\system32\sttss.ini2
    C:\WINDOWS\system32\wxprvatb.dll

    .
    ((((((((((((((((((((((( Ficheiros criados de 2007-11-25 to 2007-12-25 ))))))))))))))))))))))))))))))))
    .

    2007-12-25 18:01 . 2007-12-25 18:01 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
    2007-12-25 17:41 . 2007-12-25 17:41 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Spyware Terminator
    2007-12-25 16:47 . 2007-12-25 16:47 135,936 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
    2007-12-25 16:45 . 2007-12-25 16:46 <DIR> d-------- C:\Programas\WinClamAVShield
    2007-12-25 16:44 . 2007-12-25 17:41 <DIR> d-------- C:\Programas\Spyware Terminator
    2007-12-25 16:44 . 2007-12-25 16:44 <DIR> d-------- C:\Programas\Crawler
    2007-12-25 16:44 . 2007-12-25 16:49 <DIR> d-------- C:\Documents and Settings\Julien\Application Data\Spyware Terminator
    2007-12-25 16:44 . 2007-12-25 16:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
    2007-12-25 15:59 . 2007-12-25 18:04 <DIR> d-------- C:\VundoFix Backups
    2007-12-23 16:49 . 2007-12-23 17:12 <DIR> d-------- C:\WINDOWS\BDOSCAN8
    2007-12-23 16:16 . 2007-12-23 16:16 <DIR> d-------- C:\Documents and Settings\Julien\Application Data\Grisoft
    2007-12-23 16:16 . 2007-12-23 16:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-12-23 16:16 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-12-23 15:53 . 2007-12-23 19:36 <DIR> d-------- C:\Program Files
    2007-12-23 15:52 . 2007-12-23 15:53 1,283,174 --a------ C:\Install
    2007-12-22 16:33 . 2007-12-23 15:42 996,825 ---hs---- C:\WINDOWS\system32\cvpehgqa.ini
    2007-12-21 16:33 . 2007-12-22 13:58 995,859 ---hs---- C:\WINDOWS\system32\wstrxxaf.ini
    2007-12-20 16:32 . 2007-12-21 16:33 995,739 ---hs---- C:\WINDOWS\system32\suvrsvga.ini
    2007-12-19 19:58 . 2007-12-19 19:58 <DIR> d-------- C:\WINDOWS\system32\99F_saver__pc dir
    2007-12-19 19:58 . 2007-12-19 19:58 203,264 --a------ C:\WINDOWS\system32\99F_saver__pc.scr
    2007-12-19 16:32 . 2007-12-20 16:32 987,634 ---hs---- C:\WINDOWS\system32\xnbhqrcs.ini
    2007-12-18 16:07 . 2007-12-18 19:49 984,900 ---hs---- C:\WINDOWS\system32\ikuiufrs.ini
    2007-12-17 15:37 . 2007-12-18 15:38 981,628 ---hs---- C:\WINDOWS\system32\mwvgdjaw.ini
    2007-12-16 03:06 . 2007-12-17 14:58 970,374 ---hs---- C:\WINDOWS\system32\boyaukqf.ini
    2007-12-15 03:05 . 2007-12-15 05:14 952,383 ---hs---- C:\WINDOWS\system32\thmiqhjf.ini
    2007-12-15 02:14 . 2007-12-25 13:51 <DIR> d-------- C:\Programas\Router
    2007-12-13 19:02 . 2007-12-13 19:02 <DIR> d-------- C:\WINDOWS\system32\ineWc01
    2007-12-13 19:01 . 2007-12-13 19:01 <DIR> d-------- C:\Temp\tpBe12
    2007-12-04 23:30 . 2007-12-04 23:30 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
    2007-12-04 23:30 . 2007-12-04 23:30 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
    2007-12-04 23:29 . 2007-12-04 23:29 <DIR> d-------- C:\WINDOWS\system32\Lang
    2007-12-01 03:01 . 2007-12-23 20:26 <DIR> d-------- C:\Programas\Windows Live Favorites

    .
    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-25 19:04 337,500 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT
    2007-12-25 19:04 1,132 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG
    2007-12-23 22:01 --------- d-----w C:\Programas\SmitfraudFix
    2007-12-23 20:53 --------- d-----w C:\Programas\HardwareDetection
    2007-12-23 20:26 --------- d-----w C:\Programas\Windows Live Toolbar
    2007-12-23 20:25 --------- d-----w C:\Programas\USB Disk Win98 Driver
    2007-12-23 20:24 --------- d-----w C:\Programas\MSN Messenger
    2007-12-23 20:21 --------- d-----w C:\Programas\Google
    2007-12-23 20:00 --------- d-----w C:\Programas\DivX
    2007-12-12 22:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2007-12-01 21:28 --------- d-----w C:\Programas\Kodak
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-12 14:43 --------- d-----w C:\Programas\BoontyGames
    2007-11-12 01:05 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-11-05 23:26 --------- d-----w C:\Documents and Settings\Julien\Application Data\LimeWire
    2007-10-29 22:43 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-25 10:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
    2007-10-25 09:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-15 18:13 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
    2007-10-15 18:13 249,856 ------w C:\WINDOWS\Setup1.exe
    2007-07-21 22:25 47,360 ----a-w C:\Documents and Settings\Julien\Application Data\pcouffin.sys
    2007-06-18 17:41 868,820 ----a-w C:\Programas\SmitfraudFix.exe
    2007-06-18 17:38 798,772 ----a-w C:\Programas\SmitfraudFix.zip
    2007-04-04 18:04 702,212 ----a-w C:\Programas\APR2007_d3dx10_33_x64.cab
    2007-04-04 18:04 699,465 ----a-w C:\Programas\APR2007_d3dx10_33_x86.cab
    2007-04-04 18:04 56,902 ----a-w C:\Programas\APR2007_xinput_x86.cab
    2007-04-04 18:04 45,305 ----a-w C:\Programas\dxdllreg_x86.cab
    2007-04-04 18:04 199,366 ----a-w C:\Programas\APR2007_XACT_x64.cab
    2007-04-04 18:04 154,825 ----a-w C:\Programas\APR2007_XACT_x86.cab
    2007-04-04 18:04 100,417 ----a-w C:\Programas\APR2007_xinput_x64.cab
    2007-04-04 18:04 1,610,958 ----a-w C:\Programas\APR2007_d3dx9_33_x64.cab
    2007-04-04 18:04 1,609,639 ----a-w C:\Programas\APR2007_d3dx9_33_x86.cab
    2007-04-04 17:48 976,020 ------w C:\Programas\BDAXP.cab
    2007-04-04 17:48 917,318 ------w C:\Programas\Apr2006_MDX1_x86.cab
    2007-04-04 17:48 88,102 ------w C:\Programas\AUG2006_xinput_x64.cab
    2007-04-04 17:48 87,989 ------w C:\Programas\Apr2006_xinput_x64.cab
    2007-04-04 17:48 86,925 ------w C:\Programas\Oct2005_xinput_x64.cab
    2007-04-04 17:48 85,881 ----a-w C:\Programas\dxupdate.cab
    2007-04-04 17:48 77,160 ----a-w C:\Programas\DSETUP.dll
    2007-04-04 17:48 503,144 ----a-w C:\Programas\DXSETUP.exe
    2007-04-04 17:48 47,018 ------w C:\Programas\AUG2006_xinput_x86.cab
    2007-04-04 17:48 46,898 ------w C:\Programas\Apr2006_xinput_x86.cab
    2007-04-04 17:48 46,247 ------w C:\Programas\Oct2005_xinput_x86.cab
    2007-04-04 17:48 4,163,518 ------w C:\Programas\Apr2006_MDX1_x86_Archive.cab
    2007-04-04 17:48 213,767 ------w C:\Programas\DEC2006_d3dx10_00_x64.cab
    2007-04-04 17:48 198,275 ------w C:\Programas\FEB2007_XACT_x64.cab
    2007-04-04 17:48 193,435 ------w C:\Programas\DEC2006_XACT_x64.cab
    2007-04-04 17:48 192,680 ------w C:\Programas\DEC2006_d3dx10_00_x86.cab
    2007-04-04 17:48 183,863 ------w C:\Programas\AUG2006_XACT_x64.cab
    2007-04-04 17:48 183,321 ------w C:\Programas\OCT2006_XACT_x64.cab
    2007-04-04 17:48 181,745 ------w C:\Programas\JUN2006_XACT_x64.cab
    2007-04-04 17:48 180,021 ------w C:\Programas\Apr2006_XACT_x64.cab
    2007-04-04 17:48 179,247 ------w C:\Programas\Feb2006_XACT_x64.cab
    2007-04-04 17:48 151,583 ------w C:\Programas\FEB2007_XACT_x86.cab
    2007-04-04 17:48 146,559 ------w C:\Programas\DEC2006_XACT_x86.cab
    2007-04-04 17:48 138,977 ------w C:\Programas\OCT2006_XACT_x86.cab
    2007-04-04 17:48 138,195 ------w C:\Programas\AUG2006_XACT_x86.cab
    2007-04-04 17:48 134,631 ------w C:\Programas\JUN2006_XACT_x86.cab
    2007-04-04 17:48 133,991 ------w C:\Programas\Apr2006_XACT_x86.cab
    2007-04-04 17:48 133,297 ------w C:\Programas\Feb2006_XACT_x86.cab
    2007-04-04 17:48 13,265,040 ------w C:\Programas\dxnt.cab
    2007-04-04 17:48 1,673,576 ----a-w C:\Programas\dsetup32.dll
    2007-04-04 17:48 1,575,336 ------w C:\Programas\DEC2006_d3dx9_32_x86.cab
    2007-04-04 17:48 1,572,114 ------w C:\Programas\DEC2006_d3dx9_32_x64.cab
    2007-04-04 17:48 1,413,862 ------w C:\Programas\OCT2006_d3dx9_31_x64.cab
    2007-04-04 17:48 1,398,718 ------w C:\Programas\Apr2006_d3dx9_30_x64.cab
    2007-04-04 17:48 1,363,684 ------w C:\Programas\Feb2006_d3dx9_29_x64.cab
    2007-04-04 17:48 1,358,864 ------w C:\Programas\Dec2005_d3dx9_28_x64.cab
    2007-04-04 17:48 1,351,430 ------w C:\Programas\Aug2005_d3dx9_27_x64.cab
    2007-04-04 17:48 1,348,242 ------w C:\Programas\Apr2005_d3dx9_25_x64.cab
    2007-04-04 17:48 1,336,890 ------w C:\Programas\Jun2005_d3dx9_26_x64.cab
    2007-04-04 17:48 1,248,387 ------w C:\Programas\Feb2005_d3dx9_24_x64.cab
    2007-04-04 17:48 1,156,363 ------w C:\Programas\BDANT.cab
    2007-04-04 17:48 1,128,177 ------w C:\Programas\OCT2006_d3dx9_31_x86.cab
    2007-04-04 17:48 1,116,109 ------w C:\Programas\Apr2006_d3dx9_30_x86.cab
    2007-04-04 17:48 1,085,608 ------w C:\Programas\Feb2006_d3dx9_29_x86.cab
    2007-04-04 17:48 1,080,344 ------w C:\Programas\Dec2005_d3dx9_28_x86.cab
    2007-04-04 17:48 1,079,850 ------w C:\Programas\Apr2005_d3dx9_25_x86.cab
    2007-04-04 17:48 1,078,532 ------w C:\Programas\Aug2005_d3dx9_27_x86.cab
    2007-04-04 17:48 1,065,813 ------w C:\Programas\Jun2005_d3dx9_26_x86.cab
    2007-04-04 17:48 1,014,113 ------w C:\Programas\Feb2005_d3dx9_24_x86.cab
    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* entradas vazias & legítimas por defeito não são mostradas.

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
    "MSMSGS"="C:\Programas\Messenger\msmsgs.exe" [2004-10-13 16:24]
    "swg"="C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 17:42]
    "NBJ"="C:\Programas\Ahead\Nero BackItUp\NBJ.exe" [2005-01-04 14:17]
    "Shareaza"="C:\Programas\Shareaza\Shareaza.exe" [2007-02-05 03:05]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:57 C:\WINDOWS\system32\rundll32.exe]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
    "RemoteControl"="C:\Programas\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
    "GrooveMonitor"="C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
    "APVXDWIN"="C:\Programas\Panda Software\Panda Internet Security 2007\APVXDWIN.exe" [2006-10-11 12:09]
    "SCANINICIO"="C:\Programas\Panda Software\Panda Internet Security 2007\Inicio.exe" [2006-02-01 18:13]
    "USB Storage Toolbox"="C:\Programas\USB Disk Win98 Driver\Res.EXE" [2005-09-14 19:44]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 C:\WINDOWS\soundman.exe]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:57 C:\WINDOWS\system32\rundll32.exe]
    "SunJavaUpdateSched"="C:\Programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
    "QuickTime Task"="C:\Programas\QuickTime\qttask.exe" [2007-06-29 05:24]
    "snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 13:48]
    "AdslTaskBar"="stmctrl.dll" [2004-11-18 07:31 C:\WINDOWS\system32\stmctrl.dll]
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-13 01:22]
    "!AVG Anti-Spyware"="C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25]
    "SpywareTerminator"="C:\Programas\Spyware Terminator\SpywareTerminatorShield.exe" [2007-12-25 16:44]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56]

    C:\Documents and Settings\Julien\Menu Iniciar\Programas\Arranque\
    Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Programas\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]

    C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\
    Adobe Reader Speed Launch.lnk - C:\Programas\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20]
    Adobe Reader Synchronizer.lnk - C:\Programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50]
    Logiciel Kodak EasyShare.lnk - C:\Programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 04:33:46]

    R0 netflt;Panda Net Driver [NDIS Layer];C:\WINDOWS\system32\Drivers\NETFLT.SYS [2006-10-10 16:02]
    R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys [2006-03-30 18:18]
    R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 03:38]
    R3 usbstor;Controlador de armazenamento de massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
    S1 APPFLT;App Filter Plugin;C:\WINDOWS\system32\Drivers\APPFLT.SYS [2006-08-03 16:37]
    S1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\system32\Drivers\DSAFLT.SYS [2006-08-02 14:08]
    S1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\system32\Drivers\fnetmon.SYS [2006-06-29 22:50]
    S1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\system32\Drivers\IDSFLT.SYS [2006-08-02 14:10]
    S1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\system32\Drivers\NETFLTDI.SYS [2006-05-11 22:26]
    S1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\drivers\ShldDrv.sys [2005-08-29 13:23]
    S1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\system32\Drivers\SMSFLT.SYS [2006-08-02 14:15]
    S1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-12-25 16:47]
    S1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\system32\Drivers\WNMFLT.SYS [2006-09-28 15:58]
    S2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys [2005-08-12 14:36]
    S2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2006-04-25 16:02]
    S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys []
    S3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys []
    S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []
    S3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys []
    S3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2005-08-19 03:23]
    S3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2004-05-12 10:16]
    S4 Boonty Games;Boonty Games;"C:\Programas\Ficheiros comuns\BOONTY Shared\Service\Boonty.exe" [2007-09-29 21:38]

    .
    Conteúdo da pasta 'Tarefas Agendadas'
    "2007-11-28 23:02:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Programas\Apple Software Update\SoftwareUpdate.exe
    "2007-12-25 19:51:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - C:\Programas\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-25 19:58:53
    Windows 5.1.2600 Service Pack 2 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros ocultos ...

    Varredura completada com sucesso
    Ficheiros ocultos: 0

    **************************************************************************
    .
    Tempo para conclusão: 2007-12-25 19:59:39
    .
    2007-12-25 13:54:18 --- E O F ---

    Logfile of HijackThis v1.99.1
    Scan saved at 20:12:42, on 25-12-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programas\Panda Software\Panda Internet Security 2007\pavsrv51.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programas\Panda Software\Panda Internet Security 2007\TPSrv.exe
    C:\WINDOWS\system32\svchost.exe
    c:\programas\panda software\panda internet security 2007\firewall\PNMSRV.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Programas\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
    C:\Programas\Ficheiros comuns\Panda Software\PavShld\pavprsrv.exe
    C:\Programas\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programas\Panda Software\Panda Internet Security 2007\PsImSvc.exe
    C:\Programas\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programas\Panda Software\Panda Internet Security 2007\apvxdwin.exe
    C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Programas\USB Disk Win98 Driver\Res.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Programas\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\vsnpstd.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Programas\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Programas\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
    C:\Programas\Messenger\msmsgs.exe
    C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    c:\programas\panda software\panda internet security 2007\WebProxy.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Programas\Internet Explorer\IEXPLORE.EXE
    C:\Programas\MSN Messenger\usnsvc.exe
    C:\Programas\MSN Messenger\livecall.exe
    C:\Programas\Java\jre1.6.0_02\bin\jucheck.exe
    C:\Programas\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
    C:\Programas\Panda Software\Panda Internet Security 2007\psimreal.exe
    C:\Programas\Panda Software\Panda Internet Security 2007\avciman.exe
    C:\Documents and Settings\Julien\Os meus documentos\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar2.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Programas\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [SCANINICIO] "C:\Programas\Panda Software\Panda Internet Security 2007\Inicio.exe"
    O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Programas\USB Disk Win98 Driver\Res.EXE
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programas\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Programas\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [Shareaza] "C:\Programas\Shareaza\Shareaza.exe" -tray
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Programas\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Programas\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Programas\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?47efb4aca7314b9e98f76b76025b3f6d
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Programas\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?47efb4aca7314b9e98f76b76025b3f6d
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C409F88E-B2BF-4E55-9044-FBD2C31E0DDF}: NameServer = 212.55.154.174
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHEI~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programas\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programas\Ficheiros comuns\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programas\Panda Software\Panda Internet Security 2007\pavsrv51.exe
    O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Programas\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
    O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\programas\panda software\panda internet security 2007\firewall\PNMSRV.EXE
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Programas\Panda Software\Panda Internet Security 2007\PsImSvc.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programas\Spyware Terminator\sp_rsser.exe
    O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Programas\Panda Software\Panda Internet Security 2007\TPSrv.exe

    en esperant que tu trouves la solution...
    encore merci
    0
  12. noctambule28 Messages postés 25275 Date d'inscription   Statut Membre Dernière intervention   2 875
     
    ok, ça avance

    Télécharge ceci: (merci a S!RI pour ce programme).
    http://siri.urz.free.fr/Fix/SmitfraudFix.zip
    ou
    http://siri.urz.free.fr/Fix/SmitfraudFix.php
    Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport
    Copie/colle le sur le poste stp.

    a+
    0
  13. vitalic54
     
    re bonjour,
    j ai deja essayer avec ce programme mais si ça peut t aider...

    SmitFraudFix v2.274

    Scan done at 15:16:49,26, 26-12-2007
    Run from C:\Documents and Settings\Julien\Ambiente de trabalho\SmitfraudFix
    OS: Microsoft Windows XP [Versão 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programas\Panda Software\Panda Internet Security 2007\pavsrv51.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programas\Panda Software\Panda Internet Security 2007\TPSrv.exe
    C:\WINDOWS\system32\svchost.exe
    c:\programas\panda software\panda internet security 2007\firewall\PNMSRV.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Programas\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
    C:\Programas\Ficheiros comuns\Panda Software\PavShld\pavprsrv.exe
    C:\Programas\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programas\Panda Software\Panda Internet Security 2007\PsImSvc.exe
    C:\Programas\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programas\Panda Software\Panda Internet Security 2007\apvxdwin.exe
    C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
    C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Programas\USB Disk Win98 Driver\Res.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Programas\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\vsnpstd.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Programas\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Programas\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
    c:\programas\panda software\panda internet security 2007\WebProxy.exe
    C:\Programas\Messenger\msmsgs.exe
    C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Programas\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Programas\Internet Explorer\IEXPLORE.EXE
    C:\Programas\Panda Software\Panda Internet Security 2007\psimreal.exe
    C:\Programas\Panda Software\Panda Internet Security 2007\avciman.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Julien

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Julien\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Julien\FAVORI~1

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Programas

    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, following keys are not inevitably infected!!!

    IEDFix.exe by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Rustock

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: WAN (PPP/SLIP) Interface
    DNS Server Search Order: 212.55.154.174

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{C409F88E-B2BF-4E55-9044-FBD2C31E0DDF}: NameServer=212.55.154.174
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{C409F88E-B2BF-4E55-9044-FBD2C31E0DDF}: NameServer=212.55.154.174
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{C409F88E-B2BF-4E55-9044-FBD2C31E0DDF}: NameServer=212.55.154.174

    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

    »»»»»»»»»»»»»»»»»»»»»»»» End
    0
  14. noctambule28 Messages postés 25275 Date d'inscription   Statut Membre Dernière intervention   2 875
     
    en effet, rien à signaler par smitfraud

    je continue à regarder le rapport de combofix, c'est un peu compliqué , encore pour moi

    mais continue, avec ça

    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
    • Redémarre ton ordinateur
    • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
    • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
    • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le scrïpt.
    • Appuie sur Y pour commencer le processus de nettoyage.
    • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    • Appuie sur une touche pour redémarrer le PC.
    • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    • Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.
    • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

    apres cela, dis mois ou en sont tes problemes et reposte un hijackthis aussi
    0