Critical error occur

Résolu
jojobel -  
 jojobel10 -
Bonjour,
Je rencontre de serieux problemes avec mon ordinateur depuis deux jours. Voici le rapport hijackthis, merci de votre aide:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:09:29, on 06/03/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\sap vpn cisco\cvpnd.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
E:\Roxio\DragToDisc\DrgToDsc.exe
E:\Roxio\AudioCentral\RxMon.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
E:\Roxio\AudioCentral\Playlist.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "E:\Roxio\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "E:\Roxio\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [{CB-BA-A7-7E-DW}] C:\WINDOWS\system32\bv2\renabcom4.exe DWram
O4 - HKLM\..\Run: [382cbad1] rundll32.exe "C:\WINDOWS\System32\rsqmalgw.dll",b
O4 - HKLM\..\Run: [BM3b1f894d] Rundll32.exe "C:\WINDOWS\System32\enkjrrqo.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\bv2\renabcom4.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\sap vpn cisco\cvpnd.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5957 bytes
Configuration: Windows XP
Firefox 2.0.0.12

24 réponses

  • 1
  • 2
  1. Utilisateur anonyme
     
    bonjour tu as une belle infection fait ceci :

    Télécharger Vundofix.exe (par Atribune) sur votre Bureau : http://www.atribune.org/ccount/click.php?id=4

    pour effectuer les fix deconnect toi et ferme toutes tes applications !!

    * Double-cliquer sur VundoFix.exe afin de le lancer.
    * Cliquer sur le bouton Scan for Vundo.
    * Lorsque le scan est complété, cliquer sur le bouton Remove Vundo.
    * Une invite de commande demandera si l’on souhaite supprimer les fichiers, cliquer sur YES
    * Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers.
    * Une nouvelle invite de commande annoncera que le PC devra s'éteindre ("shutdown"). Cliquer sur OK , puis laisser le redémarrer.
    * Le contenu du rapport est situé dans C:\vundofix.txt, poste le stp


    ensuite

    Télécharge sur le bureau
    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
    => Double clic sur VirtumundoBeGone.exe
    => Clic Continue ==> clic Start
    => Clic Oui
    => A la fin si Vundo est présent , le PC s’éteint et redémarre
    - Si Ecran bleu et message : Erreur fatale .. pas de problème
    => Poster le rapport VBG.TXT qui est sur le bureau
    0
    1. jojobel
       
      Merci pour la rapidité et la disponibilité. Mais c'est quoi "les fix"? (Je suis nul en informatique)
      0
  2. Utilisateur anonyme
     
    les fix sont des utilitaires de desinfections des outils si tu prefere telecharge les et executent les ! ton infections et generalement coriaces tu as du dejas le remarquer , plantages et autres problemes ces outils vont nettoyer ton pc . attaques et poste moi les rapports
    0
    1. jojobel10
       
      j'ai tout tenté comme indiqué mais ça mouline sans cesse et quand je lui demande de remove les erreurs. Du coup quand j'essaie d'aller dans c:\vundofix.txt pour le rapport impossible y a rien.
      Je fais quoi? Et pour VGB je continue ou pas?
      0
  3. Utilisateur anonyme
     
    oui continue avec virtumundobegone
    0
    1. jojobel10
       
      ouf pour le premier c bon je continue avec le second



      VundoFix V7.0.1

      Scan started at 17:22:12 06/03/2008

      Listing files found while scanning....


      VundoFix V7.0.1

      Scan started at 17:33:32 06/03/2008

      Listing files found while scanning....

      C:\WINDOWS\system32\knrydpft.dll
      C:\WINDOWS\tk58.exe

      VundoFix V7.0.1

      Scan started at 17:42:34 06/03/2008

      Listing files found while scanning....

      C:\WINDOWS\system32\knrydpft.dll
      C:\WINDOWS\tk58.exe

      Beginning removal...

      VundoFix V7.0.1

      Scan started at 18:28:40 06/03/2008

      Listing files found while scanning....


      VundoFix V7.0.1

      Scan started at 18:30:47 06/03/2008

      Listing files found while scanning....

      C:\WINDOWS\system32\knrydpft.dll

      Beginning removal...

      VundoFix V7.0.1

      Scan started at 19:55:58 06/03/2008

      Listing files found while scanning....

      No infected files were found.


      Beginning removal...
      0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. jojobel10
     
    et voila pour le second

    [03/06/2008, 20:13:08] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\admin\Bureau\VirtumundoBeGone.exe" )
    [03/06/2008, 20:13:10] - Detected System Information:
    [03/06/2008, 20:13:10] - Windows Version: 5.1.2600,
    [03/06/2008, 20:13:10] - Current Username: admin (Admin)
    [03/06/2008, 20:13:10] - Windows is in NORMAL mode.
    [03/06/2008, 20:13:10] - Searching for Browser Helper Objects:
    [03/06/2008, 20:13:10] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
    [03/06/2008, 20:13:10] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
    [03/06/2008, 20:13:10] - BHO 3: {0807F484-5EB5-45B3-199A-EE27EC9AC7EE} ()
    [03/06/2008, 20:13:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [03/06/2008, 20:13:10] - Checking for HKLM\...\Winlogon\Notify\bapubop205
    [03/06/2008, 20:13:10] - Key not found: HKLM\...\Winlogon\Notify\bapubop205, continuing.
    [03/06/2008, 20:13:10] - BHO 4: {13319591-2200-58FE-0215-2900BECADD9A} ()
    [03/06/2008, 20:13:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [03/06/2008, 20:13:10] - Checking for HKLM\...\Winlogon\Notify\tjvsrfm
    [03/06/2008, 20:13:10] - Key not found: HKLM\...\Winlogon\Notify\tjvsrfm, continuing.
    [03/06/2008, 20:13:10] - BHO 5: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
    [03/06/2008, 20:13:10] - BHO 6: {3E19B66F-644D-4252-BD79-5608502C0402} ()
    [03/06/2008, 20:13:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [03/06/2008, 20:13:10] - Checking for HKLM\...\Winlogon\Notify\jkhhh
    [03/06/2008, 20:13:10] - Key not found: HKLM\...\Winlogon\Notify\jkhhh, continuing.
    [03/06/2008, 20:13:10] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} ()
    [03/06/2008, 20:13:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [03/06/2008, 20:13:10] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [03/06/2008, 20:13:10] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [03/06/2008, 20:13:10] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [03/06/2008, 20:13:10] - BHO 9: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [03/06/2008, 20:13:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [03/06/2008, 20:13:10] - No filename found. Continuing.
    [03/06/2008, 20:13:10] - BHO 10: {88ce201a-7536-4448-bb3a-ad32975d5bce} ()
    [03/06/2008, 20:13:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [03/06/2008, 20:13:10] - Checking for HKLM\...\Winlogon\Notify\vtqkloid
    [03/06/2008, 20:13:10] - Key not found: HKLM\...\Winlogon\Notify\vtqkloid, continuing.
    [03/06/2008, 20:13:10] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    [03/06/2008, 20:13:10] - BHO 12: {A95B2816-1D7E-4561-A202-68C0DE02353A} ()
    [03/06/2008, 20:13:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [03/06/2008, 20:13:10] - No filename found. Continuing.
    [03/06/2008, 20:13:10] - BHO 13: {BDCDFB33-9767-4E22-A8A2-0008767C062B} ()
    [03/06/2008, 20:13:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [03/06/2008, 20:13:10] - Checking for HKLM\...\Winlogon\Notify\dukinet89104
    [03/06/2008, 20:13:10] - Key not found: HKLM\...\Winlogon\Notify\dukinet89104, continuing.
    [03/06/2008, 20:13:10] - BHO 14: {ED120D76-BF31-412C-A99B-783C6676E128} ()
    [03/06/2008, 20:13:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [03/06/2008, 20:13:10] - Checking for HKLM\...\Winlogon\Notify\urqqnol
    [03/06/2008, 20:13:10] - Found: HKLM\...\Winlogon\Notify\urqqnol - This is probably Virtumundo.
    [03/06/2008, 20:13:10] - Assigning {ED120D76-BF31-412C-A99B-783C6676E128} MSEvents Object
    [03/06/2008, 20:13:10] - BHO list has been changed! Starting over...
    [03/06/2008, 20:13:10] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
    [03/06/2008, 20:13:10] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
    [03/06/2008, 20:13:10] - BHO 3: {0807F484-5EB5-45B3-199A-EE27EC9AC7EE} ()
    [03/06/2008, 20:13:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [03/06/2008, 20:13:10] - Checking for HKLM\...\Winlogon\Notify\bapubop205
    [03/06/2008, 20:13:10] - Key not found: HKLM\...\Winlogon\Notify\bapubop205, continuing.
    [03/06/2008, 20:13:10] - BHO 4: {13319591-2200-58FE-0215-2900BECADD9A} ()
    [03/06/2008, 20:13:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [03/06/2008, 20:13:10] - Checking for HKLM\...\Winlogon\Notify\tjvsrfm
    [03/06/2008, 20:13:10] - Key not found: HKLM\...\Winlogon\Notify\tjvsrfm, continuing.
    [03/06/2008, 20:13:11] - BHO 5: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
    [03/06/2008, 20:13:11] - BHO 6: {3E19B66F-644D-4252-BD79-5608502C0402} ()
    [03/06/2008, 20:13:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [03/06/2008, 20:13:11] - Checking for HKLM\...\Winlogon\Notify\jkhhh
    [03/06/2008, 20:13:11] - Key not found: HKLM\...\Winlogon\Notify\jkhhh, continuing.
    [03/06/2008, 20:13:11] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} ()
    [03/06/2008, 20:13:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [03/06/2008, 20:13:11] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [03/06/2008, 20:13:11] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [03/06/2008, 20:13:11] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [03/06/2008, 20:13:11] - BHO 9: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [03/06/2008, 20:13:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [03/06/2008, 20:13:11] - No filename found. Continuing.
    [03/06/2008, 20:13:11] - BHO 10: {88ce201a-7536-4448-bb3a-ad32975d5bce} ()
    [03/06/2008, 20:13:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [03/06/2008, 20:13:11] - Checking for HKLM\...\Winlogon\Notify\vtqkloid
    [03/06/2008, 20:13:11] - Key not found: HKLM\...\Winlogon\Notify\vtqkloid, continuing.
    [03/06/2008, 20:13:11] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    [03/06/2008, 20:13:11] - BHO 12: {A95B2816-1D7E-4561-A202-68C0DE02353A} ()
    [03/06/2008, 20:13:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [03/06/2008, 20:13:11] - No filename found. Continuing.
    [03/06/2008, 20:13:11] - BHO 13: {BDCDFB33-9767-4E22-A8A2-0008767C062B} ()
    [03/06/2008, 20:13:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [03/06/2008, 20:13:11] - Checking for HKLM\...\Winlogon\Notify\dukinet89104
    [03/06/2008, 20:13:11] - Key not found: HKLM\...\Winlogon\Notify\dukinet89104, continuing.
    [03/06/2008, 20:13:11] - BHO 14: {ED120D76-BF31-412C-A99B-783C6676E128} (MSEvents Object)
    [03/06/2008, 20:13:11] - ALERT: Found MSEvents Object!
    [03/06/2008, 20:13:11] - Finished Searching Browser Helper Objects
    [03/06/2008, 20:13:11] - *** Detected MSEvents Object
    [03/06/2008, 20:13:11] - Trying to remove MSEvents Object...
    [03/06/2008, 20:13:12] - Terminating Process: IEXPLORE.EXE
    [03/06/2008, 20:13:12] - Terminating Process: RUNDLL32.EXE
    [03/06/2008, 20:13:12] - Disabling Automatic Shell Restart
    [03/06/2008, 20:13:12] - Terminating Process: EXPLORER.EXE
    [03/06/2008, 20:13:13] - Suspending the NT Session Manager System Service
    [03/06/2008, 20:13:13] - Terminating Windows NT Logon/Logoff Manager
    [03/06/2008, 20:13:14] - Re-enabling Automatic Shell Restart
    [03/06/2008, 20:13:14] - File to disable: C:\WINDOWS\System32\urqqnol.dll
    [03/06/2008, 20:13:14] - Renaming C:\WINDOWS\System32\urqqnol.dll -> C:\WINDOWS\System32\urqqnol.dll.vir
    [03/06/2008, 20:13:14] - File successfully renamed!
    [03/06/2008, 20:13:14] - Removing HKLM\...\Browser Helper Objects\{ED120D76-BF31-412C-A99B-783C6676E128}
    [03/06/2008, 20:13:14] - Removing HKCR\CLSID\{ED120D76-BF31-412C-A99B-783C6676E128}
    [03/06/2008, 20:13:14] - Adding Kill Bit for ActiveX for GUID: {ED120D76-BF31-412C-A99B-783C6676E128}
    [03/06/2008, 20:13:14] - Deleting ATLEvents/MSEvents Registry entries
    [03/06/2008, 20:13:14] - Removing HKLM\...\Winlogon\Notify\urqqnol
    [03/06/2008, 20:13:14] - Searching for Browser Helper Objects:
    [03/06/2008, 20:13:15] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
    [03/06/2008, 20:13:15] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
    [03/06/2008, 20:13:15] - BHO 3: {0807F484-5EB5-45B3-199A-EE27EC9AC7EE} ()
    [03/06/2008, 20:13:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [03/06/2008, 20:13:15] - Checking for HKLM\...\Winlogon\Notify\bapubop205
    [03/06/2008, 20:13:15] - Key not found: HKLM\...\Winlogon\Notify\bapubop205, continuing.
    [03/06/2008, 20:13:15] - BHO 4: {13319591-2200-58FE-0215-2900BECADD9A} ()
    [03/06/2008, 20:13:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [03/06/2008, 20:13:15] - Checking for HKLM\...\Winlogon\Notify\tjvsrfm
    [03/06/2008, 20:13:15] - Key not found: HKLM\...\Winlogon\Notify\tjvsrfm, continuing.
    [03/06/2008, 20:13:15] - BHO 5: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
    [03/06/2008, 20:13:15] - BHO 6: {3E19B66F-644D-4252-BD79-5608502C0402} ()
    [03/06/2008, 20:13:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [03/06/2008, 20:13:15] - Checking for HKLM\...\Winlogon\Notify\jkhhh
    [03/06/2008, 20:13:15] - Key not found: HKLM\...\Winlogon\Notify\jkhhh, continuing.
    [03/06/2008, 20:13:15] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} ()
    [03/06/2008, 20:13:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [03/06/2008, 20:13:15] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [03/06/2008, 20:13:15] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [03/06/2008, 20:13:15] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [03/06/2008, 20:13:15] - BHO 9: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [03/06/2008, 20:13:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [03/06/2008, 20:13:15] - No filename found. Continuing.
    [03/06/2008, 20:13:15] - BHO 10: {88ce201a-7536-4448-bb3a-ad32975d5bce} ()
    [03/06/2008, 20:13:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [03/06/2008, 20:13:15] - Checking for HKLM\...\Winlogon\Notify\vtqkloid
    [03/06/2008, 20:13:15] - Key not found: HKLM\...\Winlogon\Notify\vtqkloid, continuing.
    [03/06/2008, 20:13:15] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    [03/06/2008, 20:13:15] - BHO 12: {A95B2816-1D7E-4561-A202-68C0DE02353A} ()
    [03/06/2008, 20:13:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [03/06/2008, 20:13:15] - No filename found. Continuing.
    [03/06/2008, 20:13:15] - BHO 13: {BDCDFB33-9767-4E22-A8A2-0008767C062B} ()
    [03/06/2008, 20:13:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [03/06/2008, 20:13:15] - Checking for HKLM\...\Winlogon\Notify\dukinet89104
    [03/06/2008, 20:13:15] - Key not found: HKLM\...\Winlogon\Notify\dukinet89104, continuing.
    [03/06/2008, 20:13:15] - Finished Searching Browser Helper Objects
    [03/06/2008, 20:13:15] - Finishing up...
    [03/06/2008, 20:13:15] - A restart is needed.
    [03/06/2008, 20:13:30] - Attempting to Restart via STOP error (Blue Screen!)
    0
  6. Utilisateur anonyme
     
    ok parfait , mais il reste encore beaucoup de monde dans ton pc :

    Télécharges ComboFix à partir d'un de ces liens :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    https://forospyware.com
    http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/

    Et important, enregistre le sur le bureau.

    Avant d'utiliser ComboFix :

    ► Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    ► Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    ► Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    ► Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
    0
    1. jojobel10
       
      Pour combofix


      ComboFix 08-03-05.3 - admin 2008-03-06 21:03:00.1 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.398 [GMT 1:00]
      Endroit: C:\Documents and Settings\admin\Bureau\ComboFix.exe
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\invite\Application Data\YMANTE~1
      C:\Documents and Settings\invite\Application Data\YMANTE~1\w?auclt.exe
      C:\Documents and Settings\invite\Menu Démarrer\Programmes\Outerinfo
      C:\Documents and Settings\invite\Menu Démarrer\Programmes\Outerinfo\Terms.lnk
      C:\Documents and Settings\invite\Menu Démarrer\Programmes\Outerinfo\Uninstall.lnk
      C:\Program Files\ComPlus Applications\dukinet89104.dll
      C:\Program Files\JavaCore
      C:\Program Files\JavaCore\JavaCore.exe
      C:\Program Files\JavaCore\UnInstall.exe
      C:\Program Files\NoDNS
      C:\Program Files\NoDNS\NoDNS.exe
      C:\Program Files\NoDNS\UnInstall.exe
      C:\Program Files\outerinfo
      C:\Program Files\outerinfo\FF\chrome.manifest
      C:\Program Files\outerinfo\FF\components\FF.dll
      C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
      C:\Program Files\outerinfo\FF\install.rdf
      C:\Program Files\outerinfo\Terms.rtf
      C:\Program Files\Temporary
      C:\Program Files\Temporary\InsiDERInst.exe
      C:\Program Files\Windows NT\bapubop.dll
      C:\Program Files\Windows NT\bapubop205.dll
      C:\Program Files\Windows NT\bapubop291.dll
      C:\Temp\1cb
      C:\Temp\1cb\syscheck.log
      C:\Temp\sanR24
      C:\Temp\sanR24\lDii.log
      C:\WINDOWS\BM3b1f894d.xml
      C:\WINDOWS\cookies.ini
      C:\WINDOWS\pskt.ini
      C:\WINDOWS\system32\aqrbncaw.dll
      C:\WINDOWS\system32\enkjrrqo.dll
      C:\WINDOWS\system32\eoieyhqk.dll
      C:\WINDOWS\system32\hhhkj.ini
      C:\WINDOWS\system32\hhhkj.ini2
      C:\WINDOWS\system32\iDlo01
      C:\WINDOWS\system32\iDlo01\iDlo011065.exe
      C:\WINDOWS\System32\jkhhh.dll
      C:\WINDOWS\system32\mcrh.tmp
      C:\WINDOWS\system32\mljkhhh.dll
      C:\WINDOWS\system32\msnav32.ax
      C:\WINDOWS\system32\oapytcrp.dll
      C:\WINDOWS\system32\pac.txt
      C:\WINDOWS\system32\racle~1
      C:\WINDOWS\system32\racle~1\?racle\
      C:\WINDOWS\system32\racle~1\spool32.exe
      C:\WINDOWS\system32\rsqmalgw.dll
      C:\WINDOWS\system32\tjvsrfm.dll
      C:\WINDOWS\system32\vtqkloid.dll
      C:\WINDOWS\system32\wglamqsr.ini
      C:\WINDOWS\system32\windows
      C:\WINDOWS\tk58.exe

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

      .
      -------\LEGACY_CMDSERVICE
      -------\LEGACY_NETWORK_MONITOR


      ((((((((((((((((((((((((((((( Fichiers créés 2008-02-06 to 2008-03-06 ))))))))))))))))))))))))))))))))))))
      .

      2008-03-06 21:08 . 2008-03-06 21:08 49,162 --a------ C:\WINDOWS\system32\rwwnw64d.exe
      2008-03-06 17:49 . 2008-03-06 17:49 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
      2008-03-06 17:22 . 2008-03-06 19:50 <REP> d-------- C:\VundoFix Backups
      2008-03-06 13:06 . 2008-03-06 21:03 <REP> dr------- C:\Documents and Settings\assa\Mes documents
      2008-03-05 12:47 . 2008-03-05 12:47 <REP> d-------- C:\Program Files\nvcoi
      2008-03-05 00:20 . 2008-03-06 00:05 1,307,941 ---hs---- C:\WINDOWS\system32\hcljgshq.ini
      2008-03-05 00:17 . 2008-03-06 17:50 19,128 ---hs---- C:\WINDOWS\system32\knrydpft.dllbox
      2008-03-04 22:32 . 2008-03-04 20:32 105,984 --a------ C:\WINDOWS\b152.exe
      2008-03-04 11:19 . 2008-03-04 11:19 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconFR.ico
      2008-03-04 11:04 . 2008-03-05 20:52 <REP> d--hs---- C:\WINDOWS\eHA
      2008-03-04 11:04 . 2008-03-04 12:01 319 --ahs---- C:\WINDOWS\system32\qtstv.ini
      2008-03-04 11:01 . 2008-03-04 11:01 37,376 --a------ C:\WINDOWS\mrofinu572.exe.tmp
      2008-03-04 11:01 . 2008-03-04 11:04 37,376 --a------ C:\WINDOWS\mrofinu572.exe
      2008-03-04 11:01 . 2008-03-04 11:01 37,376 --a------ C:\WINDOWS\mrofinu1000106.exe
      2008-03-04 10:59 . 2008-03-05 19:19 <REP> d-------- C:\WINDOWS\system32\ev4
      2008-03-04 10:59 . 2008-03-04 10:59 <REP> d-------- C:\WINDOWS\system32\bv2
      2008-03-04 10:59 . 2008-03-04 10:59 <REP> d-------- C:\WINDOWS\system32\ax9
      2008-03-04 10:58 . 2008-03-06 21:03 <REP> d-------- C:\Temp
      2008-03-04 10:58 . 2008-03-04 10:58 212,118 --a------ C:\Temp\txNog4220.exe
      2008-03-04 10:58 . 2008-03-04 10:58 36,352 --a------ C:\WINDOWS\system32\urqqnol.dll.vir
      2008-03-04 00:02 . 2008-03-04 00:05 <REP> d-------- C:\Documents and Settings\invite\Application Data\Canon
      2008-03-02 17:26 . 2008-03-02 15:26 73,728 --a------ C:\WINDOWS\b153.exe
      2008-03-01 20:59 . 2008-03-01 20:59 <REP> d-------- C:\Documents and Settings\invite\Application Data\Yahoo!
      2008-02-29 16:17 . 2008-02-29 16:17 <REP> d-------- C:\Documents and Settings\invite\Application Data\MSN6
      2008-02-29 16:17 . 2008-02-29 16:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
      2008-02-29 11:11 . 2008-02-29 11:11 25,713 --a------ C:\WINDOWS\CSTBox.INI
      2008-02-29 00:41 . 2008-02-29 00:41 268 --ah----- C:\sqmdata19.sqm
      2008-02-29 00:41 . 2008-02-29 00:41 244 --ah----- C:\sqmnoopt19.sqm
      2008-02-28 23:15 . 2008-02-28 23:20 <REP> d-------- C:\Documents and Settings\admin\Application Data\Canon
      2008-02-28 17:56 . 2008-02-28 18:33 <REP> d-------- C:\Documents and Settings\assa\Application Data\Canon
      2008-02-27 20:25 . 2002-05-24 03:04 389,180 --a------ C:\WINDOWS\system32\UCS32P.DLL
      2008-02-27 20:25 . 2003-09-17 17:35 339,968 --a------ C:\WINDOWS\system32\N067UFW.DLL
      2008-02-27 20:25 . 2002-09-12 01:07 36,864 --a------ C:\WINDOWS\system32\CNQU70.DLL
      2008-02-26 19:48 . 2008-02-26 19:48 <REP> d--h----- C:\WINDOWS\PIF
      2008-02-26 16:47 . 2008-03-04 10:53 <REP> d-------- C:\Program Files\Ares
      2008-02-25 16:00 . 2008-02-25 14:00 81,920 --a------ C:\WINDOWS\b154.exe
      2008-02-23 15:40 . 2008-02-23 15:40 <REP> d-------- C:\Documents and Settings\invite\Application Data\vlc
      2008-02-17 16:22 . 2008-02-17 16:22 <REP> d-------- C:\WINDOWS\Sun
      2008-02-17 16:20 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
      2008-02-17 16:19 . 2008-02-17 16:20 <REP> d-------- C:\Program Files\Java
      2008-02-17 16:19 . 2008-02-17 16:19 <REP> d-------- C:\Program Files\Fichiers communs\Java
      2008-02-15 20:37 . 2008-02-15 20:37 1,024 --a------ C:\.rnd
      2008-02-15 20:24 . 2008-02-15 20:24 <REP> d-------- C:\Program Files\CitizenLab
      2008-02-15 13:22 . 2008-02-15 13:22 268 --ah----- C:\sqmdata18.sqm
      2008-02-15 13:22 . 2008-02-15 13:22 244 --ah----- C:\sqmnoopt18.sqm
      2008-02-14 23:32 . 2008-02-14 23:32 268 --ah----- C:\sqmdata17.sqm
      2008-02-14 23:32 . 2008-02-14 23:32 244 --ah----- C:\sqmnoopt17.sqm
      2008-02-14 15:07 . 2008-02-14 15:07 268 --ah----- C:\sqmdata16.sqm
      2008-02-14 15:07 . 2008-02-14 15:07 244 --ah----- C:\sqmnoopt16.sqm
      2008-02-14 01:45 . 2008-03-06 14:29 292 --ah----- C:\sqmdata15.sqm
      2008-02-14 01:45 . 2008-02-14 01:45 244 --ah----- C:\sqmnoopt15.sqm
      2008-02-13 18:27 . 2008-03-02 22:36 268 --ah----- C:\sqmdata14.sqm
      2008-02-13 18:27 . 2008-03-06 14:29 244 --ah----- C:\sqmnoopt14.sqm
      2008-02-13 12:28 . 2008-03-01 23:54 268 --ah----- C:\sqmdata13.sqm
      2008-02-13 12:28 . 2008-03-02 22:36 244 --ah----- C:\sqmnoopt13.sqm
      2008-02-13 00:45 . 2008-03-01 12:41 268 --ah----- C:\sqmdata12.sqm
      2008-02-13 00:45 . 2008-03-01 23:54 244 --ah----- C:\sqmnoopt12.sqm
      2008-02-12 16:04 . 2008-03-01 12:41 244 --ah----- C:\sqmnoopt11.sqm
      2008-02-12 16:04 . 2008-03-01 11:30 148 --ah----- C:\sqmdata11.sqm
      2008-02-12 14:17 . 2008-03-01 11:30 268 --ah----- C:\sqmdata10.sqm
      2008-02-12 14:17 . 2008-03-01 11:30 136 --ah----- C:\sqmnoopt10.sqm
      2008-02-12 00:15 . 2008-03-01 00:46 268 --ah----- C:\sqmdata09.sqm
      2008-02-12 00:15 . 2008-03-01 00:46 244 --ah----- C:\sqmnoopt09.sqm
      2008-02-12 00:15 . 2008-02-29 22:37 244 --ah----- C:\sqmnoopt08.sqm
      2008-02-12 00:15 . 2008-02-29 22:37 232 --ah----- C:\sqmdata08.sqm
      2008-02-10 21:38 . 2008-02-10 21:38 <REP> d-------- C:\Documents and Settings\invite\Application Data\Leadertech
      2008-02-07 20:51 . 2008-02-07 20:51 <REP> d-------- C:\Documents and Settings\invite\Application Data\Creative
      2008-02-06 22:49 . 2001-08-23 17:47 286,720 --a------ C:\WINDOWS\system32\msh263.drv
      2008-02-06 22:49 . 2001-08-23 17:47 50,688 --a------ C:\WINDOWS\system32\vfwwdm32.dll
      2008-02-06 22:49 . 2001-08-23 17:47 50,688 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
      2008-02-06 22:49 . 2001-08-23 17:47 45,568 --a------ C:\WINDOWS\system32\iyuv_32.dll
      2008-02-06 22:49 . 2001-08-23 17:47 45,568 --a--c--- C:\WINDOWS\system32\dllcache\iyuv_32.dll
      2008-02-06 22:49 . 2001-08-23 17:47 8,192 --a------ C:\WINDOWS\system32\tsbyuv.dll
      2008-02-06 22:49 . 2001-08-23 17:47 8,192 --a--c--- C:\WINDOWS\system32\dllcache\tsbyuv.dll
      2008-02-06 22:39 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd
      2008-02-06 22:38 . 1999-10-10 18:00 41,984 --------- C:\WINDOWS\Ctregrun.exe
      2008-02-06 22:36 . 1998-11-13 13:16 308,224 --a------ C:\WINDOWS\IsUn040c.exe
      2008-02-06 22:34 . 2008-02-06 23:06 <REP> d-------- C:\Program Files\Creative

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-03-06 19:13 2,130,432 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
      2008-03-06 18:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-03-06 12:05 --------- d-----w C:\Program Files\MSN Messenger
      2008-03-05 21:52 --------- d-----w C:\Documents and Settings\invite\Application Data\Roxio
      2008-03-05 18:08 --------- d-----w C:\Program Files\Google
      2008-03-05 18:07 2,108,416 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
      2008-03-05 17:08 --------- d-----w C:\Documents and Settings\invite\Application Data\Skype
      2008-03-05 15:08 --------- d-----w C:\Documents and Settings\invite\Application Data\skypePM
      2008-03-05 11:58 10 ----a-w C:\Program Files\.autoreg
      2008-03-04 09:53 --------- d-----w C:\Documents and Settings\invite\Application Data\MailFrontier
      2008-03-03 20:05 --------- d-----w C:\Documents and Settings\admin\Application Data\Roxio
      2008-03-03 18:00 2,034,688 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
      2008-03-03 18:00 1,284,096 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
      2008-03-01 22:50 --------- d-----w C:\Documents and Settings\admin\Application Data\Skype
      2008-03-01 22:20 --------- d-----w C:\Documents and Settings\assa\Application Data\Skype
      2008-03-01 19:21 --------- d-----w C:\Documents and Settings\assa\Application Data\skypePM
      2008-03-01 16:51 --------- d-----w C:\Documents and Settings\admin\Application Data\skypePM
      2008-02-27 22:19 --------- d-----w C:\Program Files\Fichiers communs\Roxio Shared
      2008-02-27 19:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-02-26 18:54 1,995,776 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
      2008-02-26 18:46 1,994,752 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
      2008-02-26 12:20 --------- d-----w C:\Program Files\adslTV
      2008-02-16 16:29 --------- d-----w C:\Program Files\Fichiers communs\Adobe
      2008-02-03 23:37 1,605,632 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
      2008-02-03 11:34 --------- d-----w C:\Documents and Settings\assa\Application Data\MailFrontier
      2008-02-02 21:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
      2008-02-02 21:39 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
      2008-01-26 17:50 --------- d-----w C:\Program Files\Athan
      2008-01-26 17:49 737,280 ----a-w C:\WINDOWS\iun6002.exe
      2008-01-07 21:02 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE
      2008-01-07 20:59 --------- d-----w C:\Program Files\Hewlett-Packard
      2008-01-07 20:56 --------- d-----w C:\Program Files\Fichiers communs\SWF Studio
      2008-01-06 17:00 --------- d-----w C:\Program Files\Microsoft Works
      2007-12-22 14:59 512 ----a-w C:\ScanSectorLog.dat
      2007-12-14 14:55 1,567,744 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
      2007-11-28 18:09 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
      2005-07-29 15:24 472 --sha-r C:\WINDOWS\eHA\yJE.vbs
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-28 11:00 13312]
      "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
      "ares"="C:\Program Files\Ares\Ares.exe" [2007-12-31 15:29 962560]
      "nvcoi"="C:\Program Files\nvcoi\nvcoi.exe" [2008-03-05 12:47 57344]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2001-08-28 11:00 208949]
      "PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2001-08-28 11:00 737360]
      "PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2001-08-28 11:00 737360]
      "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [ ]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
      "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54 919016]
      "StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 16:51 36864]
      "TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 19:28 155648]
      "Athan"="C:\Program Files\Athan\Athan.exe" [2007-09-06 20:25 1003520]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
      "RoxioEngineUtility"="C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe" [2003-05-01 18:44 65536]
      "RoxioDragToDisc"="E:\Roxio\DragToDisc\DrgToDsc.exe" [2003-06-25 00:18 868352]
      "RoxioAudioCentral"="E:\Roxio\AudioCentral\RxMon.exe" [2003-06-23 21:12 319488]
      "{CB-BA-A7-7E-DW}"="c:\windows\system32\rwwnw64d.exe" [2008-03-06 21:08 49162]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 11:00 13312]

      R3 ati2mpaa;ati2mpaa;C:\WINDOWS\System32\DRIVERS\ati2mpaa.sys [2001-08-23 16:59]
      R3 IBMTRP;Carte IBM PCI Token Ring (générique);C:\WINDOWS\System32\DRIVERS\IBMTRP.SYS [2001-08-17 20:12]
      S3 MSControlService;Microsoft cache control;C:\WINDOWS\System32\windows []
      S3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\System32\DRIVERS\V0260Vid.sys [2006-11-03 23:45]

      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-03-06 21:09:37
      Windows 5.1.2600 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************

      [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSControlService]
      "ImagePath"="C:\WINDOWS\System32\windows"
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\Program Files\Cisco Systems\VPN Client\sap vpn cisco\cvpnd.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\System32\MsPMSPSv.exe
      C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
      E:\Roxio\AudioCentral\Playlist.exe
      .
      **************************************************************************
      .
      Temps d'accomplissement: 2008-03-06 21:11:43 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-03-06 20:11:39
      .
      2008-03-05 11:46:37 --- E O F ---
      0
  7. Utilisateur anonyme
     
    il reste encore un tout petit peu de nettoyage a faire, j'analyse ton rapport , je vais manger et je t'informe de la manip .
    0
  8. Utilisateur anonyme
     
    merci tu as accumulee un certain nombres d'infections

    1) Suppression d'un service malveillant

    « Démarrer » / « Exécuter» / puis tape

    sc stop MSControlService valide par ok.

    « Démarrer » / « Exécuter» / puis tape

    sc delete MSControlService valide par ok.

    2)ComboFix avec CFScript :

    * Sélectionne le texte suivant (en gras) dans son intégralité :

    file::
    C:\WINDOWS\system32\rwwnw64d.exe
    C:\WINDOWS\system32\hcljgshq.ini
    C:\WINDOWS\system32\knrydpft.dllbox
    C:\WINDOWS\b152.exe
    C:\WINDOWS\system32\qtstv.ini
    C:\WINDOWS\mrofinu572.exe.tmp
    C:\WINDOWS\mrofinu572.exe
    C:\WINDOWS\mrofinu1000106.exe
    C:\Temp\txNog4220.exe
    C:\WINDOWS\system32\urqqnol.dll.vir
    C:\WINDOWS\b153.exe
    C:\WINDOWS\CSTBox.INI
    C:\WINDOWS\b154.exe
    C:\WINDOWS\system32\audiopid.vxd


    * Copie le texte sélectionné (CTRL+C).
    * Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
    * Colle le texte copié dans ce bloc-notes (CTRL+V).
    * Sauvegarde ce fichier sous le nom de CFScript.txt

    Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement

    * Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

    * Une fenêtre bleue va apparaître: au message qui apparaît Type 1 to continue, or 2 to abort , tape 1 puis valide.

    * Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    * Une fois le scan achevé, un rapport va s'afficher : Poste son contenu et un nouveau rapport HijackThis

    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
    0
    1. jojobel10
       
      ComboFix 08-03-05.3 - admin 2008-03-06 23:02:45.4 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.413 [GMT 1:00]
      Endroit: C:\Documents and Settings\admin\Bureau\ComboFix.exe
      Command switches used :: C:\Documents and Settings\admin\Bureau\CFScript.txt
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

      FILE ::
      C:\Temp\txNog4220.exe
      C:\WINDOWS\b152.exe
      C:\WINDOWS\b153.exe
      C:\WINDOWS\b154.exe
      C:\WINDOWS\CSTBox.INI
      C:\WINDOWS\mrofinu1000106.exe
      C:\WINDOWS\mrofinu572.exe
      C:\WINDOWS\mrofinu572.exe.tmp
      C:\WINDOWS\system32\audiopid.vxd
      C:\WINDOWS\system32\hcljgshq.ini
      C:\WINDOWS\system32\knrydpft.dllbox
      C:\WINDOWS\system32\qtstv.ini
      C:\WINDOWS\system32\rwwnw64d.exe
      C:\WINDOWS\system32\urqqnol.dll.vir
      .

      ((((((((((((((((((((((((((((( Fichiers créés 2008-02-06 to 2008-03-06 ))))))))))))))))))))))))))))))))))))
      .

      2008-03-06 21:18 . 2008-03-06 21:18 200,778 --a------ C:\WINDOWS\system32\mcntxwb.exe
      2008-03-06 17:49 . 2008-03-06 17:49 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
      2008-03-06 17:22 . 2008-03-06 19:50 <REP> d-------- C:\VundoFix Backups
      2008-03-06 13:06 . 2008-03-06 21:03 <REP> dr------- C:\Documents and Settings\assa\Mes documents
      2008-03-05 12:47 . 2008-03-05 12:47 <REP> d-------- C:\Program Files\nvcoi
      2008-03-04 11:19 . 2008-03-04 11:19 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconFR.ico
      2008-03-04 11:04 . 2008-03-05 20:52 <REP> d--hs---- C:\WINDOWS\eHA
      2008-03-04 10:59 . 2008-03-05 19:19 <REP> d-------- C:\WINDOWS\system32\ev4
      2008-03-04 10:59 . 2008-03-04 10:59 <REP> d-------- C:\WINDOWS\system32\bv2
      2008-03-04 10:59 . 2008-03-04 10:59 <REP> d-------- C:\WINDOWS\system32\ax9
      2008-03-04 10:58 . 2008-03-06 22:58 <REP> d-------- C:\Temp
      2008-03-04 00:02 . 2008-03-04 00:05 <REP> d-------- C:\Documents and Settings\invite\Application Data\Canon
      2008-03-01 20:59 . 2008-03-01 20:59 <REP> d-------- C:\Documents and Settings\invite\Application Data\Yahoo!
      2008-02-29 16:17 . 2008-02-29 16:17 <REP> d-------- C:\Documents and Settings\invite\Application Data\MSN6
      2008-02-29 16:17 . 2008-02-29 16:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
      2008-02-29 00:41 . 2008-02-29 00:41 268 --ah----- C:\sqmdata19.sqm
      2008-02-29 00:41 . 2008-02-29 00:41 244 --ah----- C:\sqmnoopt19.sqm
      2008-02-28 23:15 . 2008-02-28 23:20 <REP> d-------- C:\Documents and Settings\admin\Application Data\Canon
      2008-02-28 17:56 . 2008-02-28 18:33 <REP> d-------- C:\Documents and Settings\assa\Application Data\Canon
      2008-02-27 20:25 . 2002-05-24 03:04 389,180 --a------ C:\WINDOWS\system32\UCS32P.DLL
      2008-02-27 20:25 . 2003-09-17 17:35 339,968 --a------ C:\WINDOWS\system32\N067UFW.DLL
      2008-02-27 20:25 . 2002-09-12 01:07 36,864 --a------ C:\WINDOWS\system32\CNQU70.DLL
      2008-02-26 19:48 . 2008-02-26 19:48 <REP> d--h----- C:\WINDOWS\PIF
      2008-02-26 16:47 . 2008-03-04 10:53 <REP> d-------- C:\Program Files\Ares
      2008-02-23 15:40 . 2008-02-23 15:40 <REP> d-------- C:\Documents and Settings\invite\Application Data\vlc
      2008-02-17 16:22 . 2008-02-17 16:22 <REP> d-------- C:\WINDOWS\Sun
      2008-02-17 16:20 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
      2008-02-17 16:19 . 2008-02-17 16:20 <REP> d-------- C:\Program Files\Java
      2008-02-17 16:19 . 2008-02-17 16:19 <REP> d-------- C:\Program Files\Fichiers communs\Java
      2008-02-15 20:37 . 2008-02-15 20:37 1,024 --a------ C:\.rnd
      2008-02-15 20:24 . 2008-02-15 20:24 <REP> d-------- C:\Program Files\CitizenLab
      2008-02-15 13:22 . 2008-02-15 13:22 268 --ah----- C:\sqmdata18.sqm
      2008-02-15 13:22 . 2008-02-15 13:22 244 --ah----- C:\sqmnoopt18.sqm
      2008-02-14 23:32 . 2008-02-14 23:32 268 --ah----- C:\sqmdata17.sqm
      2008-02-14 23:32 . 2008-02-14 23:32 244 --ah----- C:\sqmnoopt17.sqm
      2008-02-14 15:07 . 2008-02-14 15:07 268 --ah----- C:\sqmdata16.sqm
      2008-02-14 15:07 . 2008-02-14 15:07 244 --ah----- C:\sqmnoopt16.sqm
      2008-02-14 01:45 . 2008-03-06 14:29 292 --ah----- C:\sqmdata15.sqm
      2008-02-14 01:45 . 2008-02-14 01:45 244 --ah----- C:\sqmnoopt15.sqm
      2008-02-13 18:27 . 2008-03-02 22:36 268 --ah----- C:\sqmdata14.sqm
      2008-02-13 18:27 . 2008-03-06 14:29 244 --ah----- C:\sqmnoopt14.sqm
      2008-02-13 12:28 . 2008-03-01 23:54 268 --ah----- C:\sqmdata13.sqm
      2008-02-13 12:28 . 2008-03-02 22:36 244 --ah----- C:\sqmnoopt13.sqm
      2008-02-13 00:45 . 2008-03-01 12:41 268 --ah----- C:\sqmdata12.sqm
      2008-02-13 00:45 . 2008-03-01 23:54 244 --ah----- C:\sqmnoopt12.sqm
      2008-02-12 16:04 . 2008-03-01 12:41 244 --ah----- C:\sqmnoopt11.sqm
      2008-02-12 16:04 . 2008-03-01 11:30 148 --ah----- C:\sqmdata11.sqm
      2008-02-12 14:17 . 2008-03-01 11:30 268 --ah----- C:\sqmdata10.sqm
      2008-02-12 14:17 . 2008-03-01 11:30 136 --ah----- C:\sqmnoopt10.sqm
      2008-02-12 00:15 . 2008-03-01 00:46 268 --ah----- C:\sqmdata09.sqm
      2008-02-12 00:15 . 2008-03-01 00:46 244 --ah----- C:\sqmnoopt09.sqm
      2008-02-12 00:15 . 2008-02-29 22:37 244 --ah----- C:\sqmnoopt08.sqm
      2008-02-12 00:15 . 2008-02-29 22:37 232 --ah----- C:\sqmdata08.sqm
      2008-02-10 21:38 . 2008-02-10 21:38 <REP> d-------- C:\Documents and Settings\invite\Application Data\Leadertech
      2008-02-07 20:51 . 2008-02-07 20:51 <REP> d-------- C:\Documents and Settings\invite\Application Data\Creative
      2008-02-06 22:49 . 2001-08-23 17:47 286,720 --a------ C:\WINDOWS\system32\msh263.drv
      2008-02-06 22:49 . 2001-08-23 17:47 50,688 --a------ C:\WINDOWS\system32\vfwwdm32.dll
      2008-02-06 22:49 . 2001-08-23 17:47 50,688 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
      2008-02-06 22:49 . 2001-08-23 17:47 45,568 --a------ C:\WINDOWS\system32\iyuv_32.dll
      2008-02-06 22:49 . 2001-08-23 17:47 45,568 --a--c--- C:\WINDOWS\system32\dllcache\iyuv_32.dll
      2008-02-06 22:49 . 2001-08-23 17:47 8,192 --a------ C:\WINDOWS\system32\tsbyuv.dll
      2008-02-06 22:49 . 2001-08-23 17:47 8,192 --a--c--- C:\WINDOWS\system32\dllcache\tsbyuv.dll
      2008-02-06 22:38 . 1999-10-10 18:00 41,984 --------- C:\WINDOWS\Ctregrun.exe
      2008-02-06 22:36 . 1998-11-13 13:16 308,224 --a------ C:\WINDOWS\IsUn040c.exe
      2008-02-06 22:34 . 2008-02-06 23:06 <REP> d-------- C:\Program Files\Creative

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-03-06 19:13 2,130,432 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
      2008-03-06 18:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-03-06 12:05 --------- d-----w C:\Program Files\MSN Messenger
      2008-03-05 21:52 --------- d-----w C:\Documents and Settings\invite\Application Data\Roxio
      2008-03-05 18:08 --------- d-----w C:\Program Files\Google
      2008-03-05 18:07 2,108,416 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
      2008-03-05 17:08 --------- d-----w C:\Documents and Settings\invite\Application Data\Skype
      2008-03-05 15:08 --------- d-----w C:\Documents and Settings\invite\Application Data\skypePM
      2008-03-05 11:58 10 ----a-w C:\Program Files\.autoreg
      2008-03-04 09:53 --------- d-----w C:\Documents and Settings\invite\Application Data\MailFrontier
      2008-03-03 20:05 --------- d-----w C:\Documents and Settings\admin\Application Data\Roxio
      2008-03-03 18:00 2,034,688 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
      2008-03-03 18:00 1,284,096 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
      2008-03-01 22:50 --------- d-----w C:\Documents and Settings\admin\Application Data\Skype
      2008-03-01 22:20 --------- d-----w C:\Documents and Settings\assa\Application Data\Skype
      2008-03-01 19:21 --------- d-----w C:\Documents and Settings\assa\Application Data\skypePM
      2008-03-01 16:51 --------- d-----w C:\Documents and Settings\admin\Application Data\skypePM
      2008-02-27 22:19 --------- d-----w C:\Program Files\Fichiers communs\Roxio Shared
      2008-02-27 19:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-02-26 18:54 1,995,776 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
      2008-02-26 18:46 1,994,752 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
      2008-02-26 12:20 --------- d-----w C:\Program Files\adslTV
      2008-02-16 16:29 --------- d-----w C:\Program Files\Fichiers communs\Adobe
      2008-02-03 23:37 1,605,632 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
      2008-02-03 11:34 --------- d-----w C:\Documents and Settings\assa\Application Data\MailFrontier
      2008-02-02 21:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
      2008-02-02 21:39 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
      2008-01-26 17:50 --------- d-----w C:\Program Files\Athan
      2008-01-26 17:49 737,280 ----a-w C:\WINDOWS\iun6002.exe
      2008-01-07 21:02 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE
      2008-01-07 20:59 --------- d-----w C:\Program Files\Hewlett-Packard
      2008-01-07 20:56 --------- d-----w C:\Program Files\Fichiers communs\SWF Studio
      2008-01-06 17:00 --------- d-----w C:\Program Files\Microsoft Works
      2007-12-22 14:59 512 ----a-w C:\ScanSectorLog.dat
      2007-12-14 14:55 1,567,744 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
      2007-11-28 18:09 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
      2005-07-29 15:24 472 --sha-r C:\WINDOWS\eHA\yJE.vbs
      .

      ((((((((((((((((((((((((((((( snapshot@2008-03-06_21.11.20.90 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2008-03-04 09:54:28 40,836 ----a-w C:\WINDOWS\system32\perfc009.dat
      + 2008-03-06 20:15:09 40,836 ----a-w C:\WINDOWS\system32\perfc009.dat
      - 2008-03-04 09:54:28 49,494 ----a-w C:\WINDOWS\system32\perfc00C.dat
      + 2008-03-06 20:15:09 49,494 ----a-w C:\WINDOWS\system32\perfc00C.dat
      - 2008-03-04 09:54:28 314,508 ----a-w C:\WINDOWS\system32\perfh009.dat
      + 2008-03-06 20:15:09 314,508 ----a-w C:\WINDOWS\system32\perfh009.dat
      - 2008-03-04 09:54:28 370,414 ----a-w C:\WINDOWS\system32\perfh00C.dat
      + 2008-03-06 20:15:09 370,414 ----a-w C:\WINDOWS\system32\perfh00C.dat
      - 2008-03-06 19:16:36 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
      + 2008-03-06 20:14:22 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-28 11:00 13312]
      "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
      "ares"="C:\Program Files\Ares\Ares.exe" [2007-12-31 15:29 962560]
      "nvcoi"="C:\Program Files\nvcoi\nvcoi.exe" [2008-03-05 12:47 57344]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2001-08-28 11:00 208949]
      "PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2001-08-28 11:00 737360]
      "PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2001-08-28 11:00 737360]
      "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 11:45 63712]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
      "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54 919016]
      "StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 16:51 36864]
      "TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 19:28 155648]
      "Athan"="C:\Program Files\Athan\Athan.exe" [2007-09-06 20:25 1003520]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
      "RoxioEngineUtility"="C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe" [2003-05-01 18:44 65536]
      "RoxioDragToDisc"="E:\Roxio\DragToDisc\DrgToDsc.exe" [2003-06-25 00:18 868352]
      "RoxioAudioCentral"="E:\Roxio\AudioCentral\RxMon.exe" [2003-06-23 21:12 319488]
      "{CB-BA-A7-7E-DW}"="c:\windows\system32\rwwnw64d.exe" [ ]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 11:00 13312]

      C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
      VPN Client.lnk - C:\WINDOWS\Installer\{8A3A2363-2129-43FB-8DFC-F237DA58038C}\Icon3E5562ED7.ico [2007-12-22 16:11:26 6144]

      R3 ati2mpaa;ati2mpaa;C:\WINDOWS\System32\DRIVERS\ati2mpaa.sys [2001-08-23 16:59]
      R3 IBMTRP;Carte IBM PCI Token Ring (générique);C:\WINDOWS\System32\DRIVERS\IBMTRP.SYS [2001-08-17 20:12]
      S3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\System32\DRIVERS\V0260Vid.sys [2006-11-03 23:45]

      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-03-06 23:03:42
      Windows 5.1.2600 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      Temps d'accomplissement: 2008-03-06 23:04:36
      ComboFix-quarantined-files.txt 2008-03-06 22:04:22
      ComboFix2.txt 2008-03-06 21:55:48
      ComboFix3.txt 2008-03-06 20:11:44
      .
      2008-03-05 11:46:37 --- E O F ---
      0
  9. jojobel10
     
    hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:08:54, on 06/03/2008
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Cisco Systems\VPN Client\sap vpn cisco\cvpnd.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
    C:\Program Files\Athan\Athan.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    E:\Roxio\DragToDisc\DrgToDsc.exe
    E:\Roxio\AudioCentral\RxMon.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\nvcoi\nvcoi.exe
    C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
    E:\Roxio\AudioCentral\Playlist.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\System32\mcntxwb.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\admin\MESDOC~1\spybot\install\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
    O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
    O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "E:\Roxio\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "E:\Roxio\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [{CB-BA-A7-7E-DW}] c:\windows\system32\rwwnw64d.exe DWram
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [nvcoi] C:\Program Files\nvcoi\nvcoi.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: VPN Client.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\sap vpn cisco\cvpnd.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
    0
  10. jojobel10
     
    Merci pour tout champion. Je vais me coucher et faire le scan demain si tout va bien. Puis-je essayer les mêmes outils sur mon ordinateur portable qui plante aussi parfois?
    0
  11. Utilisateur anonyme
     
    bonjour non surtout de pas effectuer les memes manip , il faut cibler le probleme puis utiliser les bon outils .
    0
  12. jojobel10
     
    ça y est! J'ai fait le scan en mode sans échec: 8 virus détectés t deleted. L'ordi semble fonctionner sans problèmes. J'ai zone alarme sur la machine, dois-je le garder en même temps qu'antivir? Celuici n'est-il grantuit que 3 mois?
    Par ailleurs, j'ai lancé un scan avec Norton en mode sans echec sur mon ordi portable dont je vous ai parlé hier. Peute etre devrais-je ouvrir un autre topic pour ses problemes de lenteurs.
    En tout cas félicitations, merci et big up!!!
    0
  13. Utilisateur anonyme
     
    poste un rapport hijacthis stp apres on regarderas l'autre pc
    0
  14. jojobel10
     
    En redemarrant l'antivirus a fait un scan en mode normal dont voici le rapport (le hijack viendra par la suite):

    AntiVir PersonalEdition Classic
    Report file date: vendredi 7 mars 2008 13:12

    Scanning for 1136109 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (plain) [5.1.2600]
    Username: SYSTEM
    Computer name: MB

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 22:59:17
    ANTIVIR2.VDF : 7.0.2.181 1993728 Bytes 24/02/2008 22:59:18
    ANTIVIR3.VDF : 7.0.2.245 216576 Bytes 06/03/2008 22:59:18
    AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 06/03/2008 22:59:20
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 06/03/2008 22:59:21
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: E:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: vendredi 7 mars 2008 13:12

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'MsPMSPSv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'MDM.EXE' - '1' Module(s) have been scanned
    Scan process 'cvpnd.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'Playlist.exe' - '1' Module(s) have been scanned
    Scan process 'javaw.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'nvcoi.exe' - '1' Module(s) have been scanned
    Scan process 'Ares.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'RxMon.exe' - '1' Module(s) have been scanned
    Scan process 'DrgToDsc.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'Athan.exe' - '1' Module(s) have been scanned
    Scan process 'StatusClient.exe' - '1' Module(s) have been scanned
    Scan process 'zlclient.exe' - '0' Module(s) have been scanned
    Scan process 'Reader_SL.exe' - '1' Module(s) have been scanned
    Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'aawservice.exe' - '1' Module(s) have been scanned
    Scan process 'vsmon.exe' - '0' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    39 processes with 39 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'E:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '29' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP110\A0030913.exe
    [DETECTION] Is the Trojan horse TR/Spy.Banbra.df.199
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP110\A0030915.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.ezc.1
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP110\A0030916.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.22016.4
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP110\A0030920.exe
    [DETECTION] Is the Trojan horse TR/Dldr.CWS.gen.2
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP110\A0030921.exe
    [DETECTION] Is the Trojan horse TR/BHO.AB.4
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP110\A0030922.dll
    [DETECTION] Is the Trojan horse TR/BHO.AB.6
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP110\A0030923.dll
    [DETECTION] Is the Trojan horse TR/BHO.AB.6
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP110\A0030924.dll
    [DETECTION] Is the Trojan horse TR/BHO.AB.6
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP110\A0030925.dll
    [DETECTION] Is the Trojan horse TR/BHO.AB.6
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP110\A0030999.vbs
    [DETECTION] Is the Trojan horse TR/Small.WY
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP110\A0031000.exe
    [DETECTION] Contains detection pattern of the dropper DR/PurityScan.GP
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP110\A0031001.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Purity.BV.7
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP110\A0031008.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.hcn
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP110\A0031033.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.cgd.2
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP110\A0032021.exe
    [DETECTION] Is the Trojan horse TR/BHO.AB.4
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP110\A0034006.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP110\A0034103.dll
    [DETECTION] Is the Trojan horse TR/Vundo.DWB
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP110\A0034104.exe
    [DETECTION] Is the Trojan horse TR/BHO.AB.4
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP112\A0036154.exe
    [DETECTION] Is the Trojan horse TR/Dldr.VB.caw.6
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP112\A0036157.exe
    [DETECTION] Is the Trojan horse TR/Agent.AHBF
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP112\A0036162.exe
    [DETECTION] Is the Trojan horse TR/Dldr.PurityScan.FJ
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP112\A0036165.exe
    [DETECTION] Is the Trojan horse TR/BHO.AB.4
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP112\A0036168.dll
    [DETECTION] Is the Trojan horse TR/BHO.AB.6
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP112\A0036169.dll
    [DETECTION] Is the Trojan horse TR/BHO.AB.6
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP112\A0036170.dll
    [DETECTION] Is the Trojan horse TR/BHO.AB.6
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP112\A0036171.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP112\A0036172.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP112\A0036173.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP112\A0036175.dll
    [DETECTION] Is the Trojan horse TR/Vundo.DWB
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP112\A0036176.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP112\A0036177.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP112\A0036187.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP112\A0036270.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP112\A0036271.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP112\A0036274.exe
    [DETECTION] Is the Trojan horse TR/Matcash.DLN
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP116\A0037421.exe
    [DETECTION] Contains detection pattern of the dropper DR/TTC.D
    [INFO] The file was deleted!
    Begin scan in 'E:\'

    End of the scan: vendredi 7 mars 2008 14:36
    Used time: 1:24:28 min

    The scan has been done completely.

    3116 Scanning directories
    211023 Files were scanned
    36 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    36 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    210987 Files not concerned
    1390 Archives were scanned
    2 Warnings
    1 Notes
    0
  15. jojobel10
     
    hijack

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:53:44, on 07/03/2008
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
    C:\Program Files\Athan\Athan.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    E:\Roxio\DragToDisc\DrgToDsc.exe
    E:\Roxio\AudioCentral\RxMon.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\nvcoi\nvcoi.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
    E:\Roxio\AudioCentral\Playlist.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Cisco Systems\VPN Client\sap vpn cisco\cvpnd.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\admin\MESDOC~1\spybot\install\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
    O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
    O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "E:\Roxio\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "E:\Roxio\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [{CB-BA-A7-7E-DW}] c:\windows\system32\rwwnw64d.exe DWram
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [nvcoi] C:\Program Files\nvcoi\nvcoi.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: VPN Client.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\sap vpn cisco\cvpnd.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
    0
  16. Utilisateur anonyme
     
    il reste une saletée :

    télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    c:\windows\system32\rwwnw64d.exe DWram
    c:\windows\system32\rwwnw64d.exe

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
    copie et colle le rapport ici
    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    ensuite poste un nouveau rapport hijackthis
    0
    1. jojobel10
       
      File/Folder c:\windows\system32\rwwnw64d.exe DWram not found.
      File/Folder c:\windows\system32\rwwnw64d.exe not found.

      OTMoveIt2 v1.0.20 log created on 03072008_153445
      0
  17. jojobel10
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:38:40, on 07/03/2008
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
    C:\Program Files\Athan\Athan.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    E:\Roxio\DragToDisc\DrgToDsc.exe
    E:\Roxio\AudioCentral\RxMon.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\nvcoi\nvcoi.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
    E:\Roxio\AudioCentral\Playlist.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Cisco Systems\VPN Client\sap vpn cisco\cvpnd.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\admin\MESDOC~1\spybot\install\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
    O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
    O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "E:\Roxio\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "E:\Roxio\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [{CB-BA-A7-7E-DW}] c:\windows\system32\rwwnw64d.exe DWram
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [nvcoi] C:\Program Files\nvcoi\nvcoi.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: VPN Client.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\sap vpn cisco\cvpnd.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
    0
  • 1
  • 2