Critical error occur

Résolu
jojobel -  
 jojobel10 -
Bonjour,
Je rencontre de serieux problemes avec mon ordinateur depuis deux jours. Voici le rapport hijackthis, merci de votre aide:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:09:29, on 06/03/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\sap vpn cisco\cvpnd.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
E:\Roxio\DragToDisc\DrgToDsc.exe
E:\Roxio\AudioCentral\RxMon.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
E:\Roxio\AudioCentral\Playlist.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "E:\Roxio\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "E:\Roxio\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [{CB-BA-A7-7E-DW}] C:\WINDOWS\system32\bv2\renabcom4.exe DWram
O4 - HKLM\..\Run: [382cbad1] rundll32.exe "C:\WINDOWS\System32\rsqmalgw.dll",b
O4 - HKLM\..\Run: [BM3b1f894d] Rundll32.exe "C:\WINDOWS\System32\enkjrrqo.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\bv2\renabcom4.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\sap vpn cisco\cvpnd.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

24 réponses

  • 1
  • 2
Réponse 1 / 24
Utilisateur anonyme
 
bonjour tu as une belle infection fait ceci :



Télécharger Vundofix.exe (par Atribune) sur votre Bureau : http://www.atribune.org/ccount/click.php?id=4

pour effectuer les fix deconnect toi et ferme toutes tes applications !!

* Double-cliquer sur VundoFix.exe afin de le lancer.
* Cliquer sur le bouton Scan for Vundo.
* Lorsque le scan est complété, cliquer sur le bouton Remove Vundo.
* Une invite de commande demandera si l’on souhaite supprimer les fichiers, cliquer sur YES
* Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Une nouvelle invite de commande annoncera que le PC devra s'éteindre ("shutdown"). Cliquer sur OK , puis laisser le redémarrer.
* Le contenu du rapport est situé dans C:\vundofix.txt, poste le stp



ensuite



Télécharge sur le bureau
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
=> Double clic sur VirtumundoBeGone.exe
=> Clic Continue ==> clic Start
=> Clic Oui
=> A la fin si Vundo est présent , le PC s’éteint et redémarre
- Si Ecran bleu et message : Erreur fatale .. pas de problème
=> Poster le rapport VBG.TXT qui est sur le bureau
0
jojobel
 
Merci pour la rapidité et la disponibilité. Mais c'est quoi "les fix"? (Je suis nul en informatique)
0
Réponse 2 / 24
Utilisateur anonyme
 
les fix sont des utilitaires de desinfections des outils si tu prefere telecharge les et executent les ! ton infections et generalement coriaces tu as du dejas le remarquer , plantages et autres problemes ces outils vont nettoyer ton pc . attaques et poste moi les rapports
0
jojobel10
 
j'ai tout tenté comme indiqué mais ça mouline sans cesse et quand je lui demande de remove les erreurs. Du coup quand j'essaie d'aller dans c:\vundofix.txt pour le rapport impossible y a rien.
Je fais quoi? Et pour VGB je continue ou pas?
0
Réponse 3 / 24
Utilisateur anonyme
 
oui continue avec virtumundobegone
0
jojobel10
 
ouf pour le premier c bon je continue avec le second



VundoFix V7.0.1

Scan started at 17:22:12 06/03/2008

Listing files found while scanning....


VundoFix V7.0.1

Scan started at 17:33:32 06/03/2008

Listing files found while scanning....

C:\WINDOWS\system32\knrydpft.dll
C:\WINDOWS\tk58.exe

VundoFix V7.0.1

Scan started at 17:42:34 06/03/2008

Listing files found while scanning....

C:\WINDOWS\system32\knrydpft.dll
C:\WINDOWS\tk58.exe

Beginning removal...

VundoFix V7.0.1

Scan started at 18:28:40 06/03/2008

Listing files found while scanning....


VundoFix V7.0.1

Scan started at 18:30:47 06/03/2008

Listing files found while scanning....

C:\WINDOWS\system32\knrydpft.dll

Beginning removal...

VundoFix V7.0.1

Scan started at 19:55:58 06/03/2008

Listing files found while scanning....

No infected files were found.


Beginning removal...
0
Réponse 4 / 24
Utilisateur anonyme
 
parfait continu
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 24
jojobel10
 
et voila pour le second



[03/06/2008, 20:13:08] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\admin\Bureau\VirtumundoBeGone.exe" )
[03/06/2008, 20:13:10] - Detected System Information:
[03/06/2008, 20:13:10] - Windows Version: 5.1.2600,
[03/06/2008, 20:13:10] - Current Username: admin (Admin)
[03/06/2008, 20:13:10] - Windows is in NORMAL mode.
[03/06/2008, 20:13:10] - Searching for Browser Helper Objects:
[03/06/2008, 20:13:10] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[03/06/2008, 20:13:10] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[03/06/2008, 20:13:10] - BHO 3: {0807F484-5EB5-45B3-199A-EE27EC9AC7EE} ()
[03/06/2008, 20:13:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/06/2008, 20:13:10] - Checking for HKLM\...\Winlogon\Notify\bapubop205
[03/06/2008, 20:13:10] - Key not found: HKLM\...\Winlogon\Notify\bapubop205, continuing.
[03/06/2008, 20:13:10] - BHO 4: {13319591-2200-58FE-0215-2900BECADD9A} ()
[03/06/2008, 20:13:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/06/2008, 20:13:10] - Checking for HKLM\...\Winlogon\Notify\tjvsrfm
[03/06/2008, 20:13:10] - Key not found: HKLM\...\Winlogon\Notify\tjvsrfm, continuing.
[03/06/2008, 20:13:10] - BHO 5: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[03/06/2008, 20:13:10] - BHO 6: {3E19B66F-644D-4252-BD79-5608502C0402} ()
[03/06/2008, 20:13:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/06/2008, 20:13:10] - Checking for HKLM\...\Winlogon\Notify\jkhhh
[03/06/2008, 20:13:10] - Key not found: HKLM\...\Winlogon\Notify\jkhhh, continuing.
[03/06/2008, 20:13:10] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} ()
[03/06/2008, 20:13:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/06/2008, 20:13:10] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[03/06/2008, 20:13:10] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[03/06/2008, 20:13:10] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/06/2008, 20:13:10] - BHO 9: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[03/06/2008, 20:13:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/06/2008, 20:13:10] - No filename found. Continuing.
[03/06/2008, 20:13:10] - BHO 10: {88ce201a-7536-4448-bb3a-ad32975d5bce} ()
[03/06/2008, 20:13:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/06/2008, 20:13:10] - Checking for HKLM\...\Winlogon\Notify\vtqkloid
[03/06/2008, 20:13:10] - Key not found: HKLM\...\Winlogon\Notify\vtqkloid, continuing.
[03/06/2008, 20:13:10] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[03/06/2008, 20:13:10] - BHO 12: {A95B2816-1D7E-4561-A202-68C0DE02353A} ()
[03/06/2008, 20:13:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/06/2008, 20:13:10] - No filename found. Continuing.
[03/06/2008, 20:13:10] - BHO 13: {BDCDFB33-9767-4E22-A8A2-0008767C062B} ()
[03/06/2008, 20:13:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/06/2008, 20:13:10] - Checking for HKLM\...\Winlogon\Notify\dukinet89104
[03/06/2008, 20:13:10] - Key not found: HKLM\...\Winlogon\Notify\dukinet89104, continuing.
[03/06/2008, 20:13:10] - BHO 14: {ED120D76-BF31-412C-A99B-783C6676E128} ()
[03/06/2008, 20:13:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/06/2008, 20:13:10] - Checking for HKLM\...\Winlogon\Notify\urqqnol
[03/06/2008, 20:13:10] - Found: HKLM\...\Winlogon\Notify\urqqnol - This is probably Virtumundo.
[03/06/2008, 20:13:10] - Assigning {ED120D76-BF31-412C-A99B-783C6676E128} MSEvents Object
[03/06/2008, 20:13:10] - BHO list has been changed! Starting over...
[03/06/2008, 20:13:10] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[03/06/2008, 20:13:10] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[03/06/2008, 20:13:10] - BHO 3: {0807F484-5EB5-45B3-199A-EE27EC9AC7EE} ()
[03/06/2008, 20:13:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/06/2008, 20:13:10] - Checking for HKLM\...\Winlogon\Notify\bapubop205
[03/06/2008, 20:13:10] - Key not found: HKLM\...\Winlogon\Notify\bapubop205, continuing.
[03/06/2008, 20:13:10] - BHO 4: {13319591-2200-58FE-0215-2900BECADD9A} ()
[03/06/2008, 20:13:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/06/2008, 20:13:10] - Checking for HKLM\...\Winlogon\Notify\tjvsrfm
[03/06/2008, 20:13:10] - Key not found: HKLM\...\Winlogon\Notify\tjvsrfm, continuing.
[03/06/2008, 20:13:11] - BHO 5: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[03/06/2008, 20:13:11] - BHO 6: {3E19B66F-644D-4252-BD79-5608502C0402} ()
[03/06/2008, 20:13:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/06/2008, 20:13:11] - Checking for HKLM\...\Winlogon\Notify\jkhhh
[03/06/2008, 20:13:11] - Key not found: HKLM\...\Winlogon\Notify\jkhhh, continuing.
[03/06/2008, 20:13:11] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} ()
[03/06/2008, 20:13:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/06/2008, 20:13:11] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[03/06/2008, 20:13:11] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[03/06/2008, 20:13:11] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/06/2008, 20:13:11] - BHO 9: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[03/06/2008, 20:13:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/06/2008, 20:13:11] - No filename found. Continuing.
[03/06/2008, 20:13:11] - BHO 10: {88ce201a-7536-4448-bb3a-ad32975d5bce} ()
[03/06/2008, 20:13:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/06/2008, 20:13:11] - Checking for HKLM\...\Winlogon\Notify\vtqkloid
[03/06/2008, 20:13:11] - Key not found: HKLM\...\Winlogon\Notify\vtqkloid, continuing.
[03/06/2008, 20:13:11] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[03/06/2008, 20:13:11] - BHO 12: {A95B2816-1D7E-4561-A202-68C0DE02353A} ()
[03/06/2008, 20:13:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/06/2008, 20:13:11] - No filename found. Continuing.
[03/06/2008, 20:13:11] - BHO 13: {BDCDFB33-9767-4E22-A8A2-0008767C062B} ()
[03/06/2008, 20:13:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/06/2008, 20:13:11] - Checking for HKLM\...\Winlogon\Notify\dukinet89104
[03/06/2008, 20:13:11] - Key not found: HKLM\...\Winlogon\Notify\dukinet89104, continuing.
[03/06/2008, 20:13:11] - BHO 14: {ED120D76-BF31-412C-A99B-783C6676E128} (MSEvents Object)
[03/06/2008, 20:13:11] - ALERT: Found MSEvents Object!
[03/06/2008, 20:13:11] - Finished Searching Browser Helper Objects
[03/06/2008, 20:13:11] - *** Detected MSEvents Object
[03/06/2008, 20:13:11] - Trying to remove MSEvents Object...
[03/06/2008, 20:13:12] - Terminating Process: IEXPLORE.EXE
[03/06/2008, 20:13:12] - Terminating Process: RUNDLL32.EXE
[03/06/2008, 20:13:12] - Disabling Automatic Shell Restart
[03/06/2008, 20:13:12] - Terminating Process: EXPLORER.EXE
[03/06/2008, 20:13:13] - Suspending the NT Session Manager System Service
[03/06/2008, 20:13:13] - Terminating Windows NT Logon/Logoff Manager
[03/06/2008, 20:13:14] - Re-enabling Automatic Shell Restart
[03/06/2008, 20:13:14] - File to disable: C:\WINDOWS\System32\urqqnol.dll
[03/06/2008, 20:13:14] - Renaming C:\WINDOWS\System32\urqqnol.dll -> C:\WINDOWS\System32\urqqnol.dll.vir
[03/06/2008, 20:13:14] - File successfully renamed!
[03/06/2008, 20:13:14] - Removing HKLM\...\Browser Helper Objects\{ED120D76-BF31-412C-A99B-783C6676E128}
[03/06/2008, 20:13:14] - Removing HKCR\CLSID\{ED120D76-BF31-412C-A99B-783C6676E128}
[03/06/2008, 20:13:14] - Adding Kill Bit for ActiveX for GUID: {ED120D76-BF31-412C-A99B-783C6676E128}
[03/06/2008, 20:13:14] - Deleting ATLEvents/MSEvents Registry entries
[03/06/2008, 20:13:14] - Removing HKLM\...\Winlogon\Notify\urqqnol
[03/06/2008, 20:13:14] - Searching for Browser Helper Objects:
[03/06/2008, 20:13:15] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[03/06/2008, 20:13:15] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[03/06/2008, 20:13:15] - BHO 3: {0807F484-5EB5-45B3-199A-EE27EC9AC7EE} ()
[03/06/2008, 20:13:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/06/2008, 20:13:15] - Checking for HKLM\...\Winlogon\Notify\bapubop205
[03/06/2008, 20:13:15] - Key not found: HKLM\...\Winlogon\Notify\bapubop205, continuing.
[03/06/2008, 20:13:15] - BHO 4: {13319591-2200-58FE-0215-2900BECADD9A} ()
[03/06/2008, 20:13:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/06/2008, 20:13:15] - Checking for HKLM\...\Winlogon\Notify\tjvsrfm
[03/06/2008, 20:13:15] - Key not found: HKLM\...\Winlogon\Notify\tjvsrfm, continuing.
[03/06/2008, 20:13:15] - BHO 5: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[03/06/2008, 20:13:15] - BHO 6: {3E19B66F-644D-4252-BD79-5608502C0402} ()
[03/06/2008, 20:13:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/06/2008, 20:13:15] - Checking for HKLM\...\Winlogon\Notify\jkhhh
[03/06/2008, 20:13:15] - Key not found: HKLM\...\Winlogon\Notify\jkhhh, continuing.
[03/06/2008, 20:13:15] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} ()
[03/06/2008, 20:13:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/06/2008, 20:13:15] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[03/06/2008, 20:13:15] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[03/06/2008, 20:13:15] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/06/2008, 20:13:15] - BHO 9: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[03/06/2008, 20:13:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/06/2008, 20:13:15] - No filename found. Continuing.
[03/06/2008, 20:13:15] - BHO 10: {88ce201a-7536-4448-bb3a-ad32975d5bce} ()
[03/06/2008, 20:13:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/06/2008, 20:13:15] - Checking for HKLM\...\Winlogon\Notify\vtqkloid
[03/06/2008, 20:13:15] - Key not found: HKLM\...\Winlogon\Notify\vtqkloid, continuing.
[03/06/2008, 20:13:15] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[03/06/2008, 20:13:15] - BHO 12: {A95B2816-1D7E-4561-A202-68C0DE02353A} ()
[03/06/2008, 20:13:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/06/2008, 20:13:15] - No filename found. Continuing.
[03/06/2008, 20:13:15] - BHO 13: {BDCDFB33-9767-4E22-A8A2-0008767C062B} ()
[03/06/2008, 20:13:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/06/2008, 20:13:15] - Checking for HKLM\...\Winlogon\Notify\dukinet89104
[03/06/2008, 20:13:15] - Key not found: HKLM\...\Winlogon\Notify\dukinet89104, continuing.
[03/06/2008, 20:13:15] - Finished Searching Browser Helper Objects
[03/06/2008, 20:13:15] - Finishing up...
[03/06/2008, 20:13:15] - A restart is needed.
[03/06/2008, 20:13:30] - Attempting to Restart via STOP error (Blue Screen!)
0
Réponse 6 / 24
Utilisateur anonyme
 
ok parfait , mais il reste encore beaucoup de monde dans ton pc :


Télécharges ComboFix à partir d'un de ces liens :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
https://forospyware.com
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/

Et important, enregistre le sur le bureau.

Avant d'utiliser ComboFix :

► Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

► Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.


Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

► Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

► Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
0
jojobel10
 
Pour combofix


ComboFix 08-03-05.3 - admin 2008-03-06 21:03:00.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.398 [GMT 1:00]
Endroit: C:\Documents and Settings\admin\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\invite\Application Data\YMANTE~1
C:\Documents and Settings\invite\Application Data\YMANTE~1\w?auclt.exe
C:\Documents and Settings\invite\Menu Démarrer\Programmes\Outerinfo
C:\Documents and Settings\invite\Menu Démarrer\Programmes\Outerinfo\Terms.lnk
C:\Documents and Settings\invite\Menu Démarrer\Programmes\Outerinfo\Uninstall.lnk
C:\Program Files\ComPlus Applications\dukinet89104.dll
C:\Program Files\JavaCore
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\JavaCore\UnInstall.exe
C:\Program Files\NoDNS
C:\Program Files\NoDNS\NoDNS.exe
C:\Program Files\NoDNS\UnInstall.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\Temporary
C:\Program Files\Temporary\InsiDERInst.exe
C:\Program Files\Windows NT\bapubop.dll
C:\Program Files\Windows NT\bapubop205.dll
C:\Program Files\Windows NT\bapubop291.dll
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\sanR24
C:\Temp\sanR24\lDii.log
C:\WINDOWS\BM3b1f894d.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aqrbncaw.dll
C:\WINDOWS\system32\enkjrrqo.dll
C:\WINDOWS\system32\eoieyhqk.dll
C:\WINDOWS\system32\hhhkj.ini
C:\WINDOWS\system32\hhhkj.ini2
C:\WINDOWS\system32\iDlo01
C:\WINDOWS\system32\iDlo01\iDlo011065.exe
C:\WINDOWS\System32\jkhhh.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mljkhhh.dll
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\oapytcrp.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\racle~1
C:\WINDOWS\system32\racle~1\?racle\
C:\WINDOWS\system32\racle~1\spool32.exe
C:\WINDOWS\system32\rsqmalgw.dll
C:\WINDOWS\system32\tjvsrfm.dll
C:\WINDOWS\system32\vtqkloid.dll
C:\WINDOWS\system32\wglamqsr.ini
C:\WINDOWS\system32\windows
C:\WINDOWS\tk58.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR


((((((((((((((((((((((((((((( Fichiers créés 2008-02-06 to 2008-03-06 ))))))))))))))))))))))))))))))))))))
.

2008-03-06 21:08 . 2008-03-06 21:08 49,162 --a------ C:\WINDOWS\system32\rwwnw64d.exe
2008-03-06 17:49 . 2008-03-06 17:49 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-03-06 17:22 . 2008-03-06 19:50 <REP> d-------- C:\VundoFix Backups
2008-03-06 13:06 . 2008-03-06 21:03 <REP> dr------- C:\Documents and Settings\assa\Mes documents
2008-03-05 12:47 . 2008-03-05 12:47 <REP> d-------- C:\Program Files\nvcoi
2008-03-05 00:20 . 2008-03-06 00:05 1,307,941 ---hs---- C:\WINDOWS\system32\hcljgshq.ini
2008-03-05 00:17 . 2008-03-06 17:50 19,128 ---hs---- C:\WINDOWS\system32\knrydpft.dllbox
2008-03-04 22:32 . 2008-03-04 20:32 105,984 --a------ C:\WINDOWS\b152.exe
2008-03-04 11:19 . 2008-03-04 11:19 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconFR.ico
2008-03-04 11:04 . 2008-03-05 20:52 <REP> d--hs---- C:\WINDOWS\eHA
2008-03-04 11:04 . 2008-03-04 12:01 319 --ahs---- C:\WINDOWS\system32\qtstv.ini
2008-03-04 11:01 . 2008-03-04 11:01 37,376 --a------ C:\WINDOWS\mrofinu572.exe.tmp
2008-03-04 11:01 . 2008-03-04 11:04 37,376 --a------ C:\WINDOWS\mrofinu572.exe
2008-03-04 11:01 . 2008-03-04 11:01 37,376 --a------ C:\WINDOWS\mrofinu1000106.exe
2008-03-04 10:59 . 2008-03-05 19:19 <REP> d-------- C:\WINDOWS\system32\ev4
2008-03-04 10:59 . 2008-03-04 10:59 <REP> d-------- C:\WINDOWS\system32\bv2
2008-03-04 10:59 . 2008-03-04 10:59 <REP> d-------- C:\WINDOWS\system32\ax9
2008-03-04 10:58 . 2008-03-06 21:03 <REP> d-------- C:\Temp
2008-03-04 10:58 . 2008-03-04 10:58 212,118 --a------ C:\Temp\txNog4220.exe
2008-03-04 10:58 . 2008-03-04 10:58 36,352 --a------ C:\WINDOWS\system32\urqqnol.dll.vir
2008-03-04 00:02 . 2008-03-04 00:05 <REP> d-------- C:\Documents and Settings\invite\Application Data\Canon
2008-03-02 17:26 . 2008-03-02 15:26 73,728 --a------ C:\WINDOWS\b153.exe
2008-03-01 20:59 . 2008-03-01 20:59 <REP> d-------- C:\Documents and Settings\invite\Application Data\Yahoo!
2008-02-29 16:17 . 2008-02-29 16:17 <REP> d-------- C:\Documents and Settings\invite\Application Data\MSN6
2008-02-29 16:17 . 2008-02-29 16:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-02-29 11:11 . 2008-02-29 11:11 25,713 --a------ C:\WINDOWS\CSTBox.INI
2008-02-29 00:41 . 2008-02-29 00:41 268 --ah----- C:\sqmdata19.sqm
2008-02-29 00:41 . 2008-02-29 00:41 244 --ah----- C:\sqmnoopt19.sqm
2008-02-28 23:15 . 2008-02-28 23:20 <REP> d-------- C:\Documents and Settings\admin\Application Data\Canon
2008-02-28 17:56 . 2008-02-28 18:33 <REP> d-------- C:\Documents and Settings\assa\Application Data\Canon
2008-02-27 20:25 . 2002-05-24 03:04 389,180 --a------ C:\WINDOWS\system32\UCS32P.DLL
2008-02-27 20:25 . 2003-09-17 17:35 339,968 --a------ C:\WINDOWS\system32\N067UFW.DLL
2008-02-27 20:25 . 2002-09-12 01:07 36,864 --a------ C:\WINDOWS\system32\CNQU70.DLL
2008-02-26 19:48 . 2008-02-26 19:48 <REP> d--h----- C:\WINDOWS\PIF
2008-02-26 16:47 . 2008-03-04 10:53 <REP> d-------- C:\Program Files\Ares
2008-02-25 16:00 . 2008-02-25 14:00 81,920 --a------ C:\WINDOWS\b154.exe
2008-02-23 15:40 . 2008-02-23 15:40 <REP> d-------- C:\Documents and Settings\invite\Application Data\vlc
2008-02-17 16:22 . 2008-02-17 16:22 <REP> d-------- C:\WINDOWS\Sun
2008-02-17 16:20 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-17 16:19 . 2008-02-17 16:20 <REP> d-------- C:\Program Files\Java
2008-02-17 16:19 . 2008-02-17 16:19 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-02-15 20:37 . 2008-02-15 20:37 1,024 --a------ C:\.rnd
2008-02-15 20:24 . 2008-02-15 20:24 <REP> d-------- C:\Program Files\CitizenLab
2008-02-15 13:22 . 2008-02-15 13:22 268 --ah----- C:\sqmdata18.sqm
2008-02-15 13:22 . 2008-02-15 13:22 244 --ah----- C:\sqmnoopt18.sqm
2008-02-14 23:32 . 2008-02-14 23:32 268 --ah----- C:\sqmdata17.sqm
2008-02-14 23:32 . 2008-02-14 23:32 244 --ah----- C:\sqmnoopt17.sqm
2008-02-14 15:07 . 2008-02-14 15:07 268 --ah----- C:\sqmdata16.sqm
2008-02-14 15:07 . 2008-02-14 15:07 244 --ah----- C:\sqmnoopt16.sqm
2008-02-14 01:45 . 2008-03-06 14:29 292 --ah----- C:\sqmdata15.sqm
2008-02-14 01:45 . 2008-02-14 01:45 244 --ah----- C:\sqmnoopt15.sqm
2008-02-13 18:27 . 2008-03-02 22:36 268 --ah----- C:\sqmdata14.sqm
2008-02-13 18:27 . 2008-03-06 14:29 244 --ah----- C:\sqmnoopt14.sqm
2008-02-13 12:28 . 2008-03-01 23:54 268 --ah----- C:\sqmdata13.sqm
2008-02-13 12:28 . 2008-03-02 22:36 244 --ah----- C:\sqmnoopt13.sqm
2008-02-13 00:45 . 2008-03-01 12:41 268 --ah----- C:\sqmdata12.sqm
2008-02-13 00:45 . 2008-03-01 23:54 244 --ah----- C:\sqmnoopt12.sqm
2008-02-12 16:04 . 2008-03-01 12:41 244 --ah----- C:\sqmnoopt11.sqm
2008-02-12 16:04 . 2008-03-01 11:30 148 --ah----- C:\sqmdata11.sqm
2008-02-12 14:17 . 2008-03-01 11:30 268 --ah----- C:\sqmdata10.sqm
2008-02-12 14:17 . 2008-03-01 11:30 136 --ah----- C:\sqmnoopt10.sqm
2008-02-12 00:15 . 2008-03-01 00:46 268 --ah----- C:\sqmdata09.sqm
2008-02-12 00:15 . 2008-03-01 00:46 244 --ah----- C:\sqmnoopt09.sqm
2008-02-12 00:15 . 2008-02-29 22:37 244 --ah----- C:\sqmnoopt08.sqm
2008-02-12 00:15 . 2008-02-29 22:37 232 --ah----- C:\sqmdata08.sqm
2008-02-10 21:38 . 2008-02-10 21:38 <REP> d-------- C:\Documents and Settings\invite\Application Data\Leadertech
2008-02-07 20:51 . 2008-02-07 20:51 <REP> d-------- C:\Documents and Settings\invite\Application Data\Creative
2008-02-06 22:49 . 2001-08-23 17:47 286,720 --a------ C:\WINDOWS\system32\msh263.drv
2008-02-06 22:49 . 2001-08-23 17:47 50,688 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-02-06 22:49 . 2001-08-23 17:47 50,688 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-02-06 22:49 . 2001-08-23 17:47 45,568 --a------ C:\WINDOWS\system32\iyuv_32.dll
2008-02-06 22:49 . 2001-08-23 17:47 45,568 --a--c--- C:\WINDOWS\system32\dllcache\iyuv_32.dll
2008-02-06 22:49 . 2001-08-23 17:47 8,192 --a------ C:\WINDOWS\system32\tsbyuv.dll
2008-02-06 22:49 . 2001-08-23 17:47 8,192 --a--c--- C:\WINDOWS\system32\dllcache\tsbyuv.dll
2008-02-06 22:39 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd
2008-02-06 22:38 . 1999-10-10 18:00 41,984 --------- C:\WINDOWS\Ctregrun.exe
2008-02-06 22:36 . 1998-11-13 13:16 308,224 --a------ C:\WINDOWS\IsUn040c.exe
2008-02-06 22:34 . 2008-02-06 23:06 <REP> d-------- C:\Program Files\Creative

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-06 19:13 2,130,432 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-03-06 18:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-06 12:05 --------- d-----w C:\Program Files\MSN Messenger
2008-03-05 21:52 --------- d-----w C:\Documents and Settings\invite\Application Data\Roxio
2008-03-05 18:08 --------- d-----w C:\Program Files\Google
2008-03-05 18:07 2,108,416 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-03-05 17:08 --------- d-----w C:\Documents and Settings\invite\Application Data\Skype
2008-03-05 15:08 --------- d-----w C:\Documents and Settings\invite\Application Data\skypePM
2008-03-05 11:58 10 ----a-w C:\Program Files\.autoreg
2008-03-04 09:53 --------- d-----w C:\Documents and Settings\invite\Application Data\MailFrontier
2008-03-03 20:05 --------- d-----w C:\Documents and Settings\admin\Application Data\Roxio
2008-03-03 18:00 2,034,688 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-03-03 18:00 1,284,096 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-03-01 22:50 --------- d-----w C:\Documents and Settings\admin\Application Data\Skype
2008-03-01 22:20 --------- d-----w C:\Documents and Settings\assa\Application Data\Skype
2008-03-01 19:21 --------- d-----w C:\Documents and Settings\assa\Application Data\skypePM
2008-03-01 16:51 --------- d-----w C:\Documents and Settings\admin\Application Data\skypePM
2008-02-27 22:19 --------- d-----w C:\Program Files\Fichiers communs\Roxio Shared
2008-02-27 19:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-26 18:54 1,995,776 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-02-26 18:46 1,994,752 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-26 12:20 --------- d-----w C:\Program Files\adslTV
2008-02-16 16:29 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-03 23:37 1,605,632 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-02-03 11:34 --------- d-----w C:\Documents and Settings\assa\Application Data\MailFrontier
2008-02-02 21:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-02 21:39 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-26 17:50 --------- d-----w C:\Program Files\Athan
2008-01-26 17:49 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-01-07 21:02 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE
2008-01-07 20:59 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-07 20:56 --------- d-----w C:\Program Files\Fichiers communs\SWF Studio
2008-01-06 17:00 --------- d-----w C:\Program Files\Microsoft Works
2007-12-22 14:59 512 ----a-w C:\ScanSectorLog.dat
2007-12-14 14:55 1,567,744 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2007-11-28 18:09 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2005-07-29 15:24 472 --sha-r C:\WINDOWS\eHA\yJE.vbs
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-28 11:00 13312]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-12-31 15:29 962560]
"nvcoi"="C:\Program Files\nvcoi\nvcoi.exe" [2008-03-05 12:47 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2001-08-28 11:00 208949]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2001-08-28 11:00 737360]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2001-08-28 11:00 737360]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54 919016]
"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 16:51 36864]
"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 19:28 155648]
"Athan"="C:\Program Files\Athan\Athan.exe" [2007-09-06 20:25 1003520]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"RoxioEngineUtility"="C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe" [2003-05-01 18:44 65536]
"RoxioDragToDisc"="E:\Roxio\DragToDisc\DrgToDsc.exe" [2003-06-25 00:18 868352]
"RoxioAudioCentral"="E:\Roxio\AudioCentral\RxMon.exe" [2003-06-23 21:12 319488]
"{CB-BA-A7-7E-DW}"="c:\windows\system32\rwwnw64d.exe" [2008-03-06 21:08 49162]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 11:00 13312]

R3 ati2mpaa;ati2mpaa;C:\WINDOWS\System32\DRIVERS\ati2mpaa.sys [2001-08-23 16:59]
R3 IBMTRP;Carte IBM PCI Token Ring (générique);C:\WINDOWS\System32\DRIVERS\IBMTRP.SYS [2001-08-17 20:12]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\System32\windows []
S3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\System32\DRIVERS\V0260Vid.sys [2006-11-03 23:45]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-06 21:09:37
Windows 5.1.2600 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSControlService]
"ImagePath"="C:\WINDOWS\System32\windows"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Cisco Systems\VPN Client\sap vpn cisco\cvpnd.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
E:\Roxio\AudioCentral\Playlist.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-06 21:11:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-06 20:11:39
.
2008-03-05 11:46:37 --- E O F ---
0
Réponse 7 / 24
Utilisateur anonyme
 
il reste encore un tout petit peu de nettoyage a faire, j'analyse ton rapport , je vais manger et je t'informe de la manip .
0
Réponse 8 / 24
jojobel10
 
Merci bien.
Bon appétit
0
Réponse 9 / 24
Utilisateur anonyme
 
merci tu as accumulee un certain nombres d'infections


1) Suppression d'un service malveillant

« Démarrer » / « Exécuter» / puis tape

sc stop MSControlService valide par ok.

« Démarrer » / « Exécuter» / puis tape

sc delete MSControlService valide par ok.




2)ComboFix avec CFScript :

* Sélectionne le texte suivant (en gras) dans son intégralité :


file::
C:\WINDOWS\system32\rwwnw64d.exe
C:\WINDOWS\system32\hcljgshq.ini
C:\WINDOWS\system32\knrydpft.dllbox
C:\WINDOWS\b152.exe
C:\WINDOWS\system32\qtstv.ini
C:\WINDOWS\mrofinu572.exe.tmp
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\mrofinu1000106.exe
C:\Temp\txNog4220.exe
C:\WINDOWS\system32\urqqnol.dll.vir
C:\WINDOWS\b153.exe
C:\WINDOWS\CSTBox.INI
C:\WINDOWS\b154.exe
C:\WINDOWS\system32\audiopid.vxd




* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt

Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement

* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

* Une fenêtre bleue va apparaître: au message qui apparaît Type 1 to continue, or 2 to abort , tape 1 puis valide.

* Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu et un nouveau rapport HijackThis

* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
0
jojobel10
 
ComboFix 08-03-05.3 - admin 2008-03-06 23:02:45.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.413 [GMT 1:00]
Endroit: C:\Documents and Settings\admin\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\admin\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\Temp\txNog4220.exe
C:\WINDOWS\b152.exe
C:\WINDOWS\b153.exe
C:\WINDOWS\b154.exe
C:\WINDOWS\CSTBox.INI
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\mrofinu572.exe.tmp
C:\WINDOWS\system32\audiopid.vxd
C:\WINDOWS\system32\hcljgshq.ini
C:\WINDOWS\system32\knrydpft.dllbox
C:\WINDOWS\system32\qtstv.ini
C:\WINDOWS\system32\rwwnw64d.exe
C:\WINDOWS\system32\urqqnol.dll.vir
.

((((((((((((((((((((((((((((( Fichiers créés 2008-02-06 to 2008-03-06 ))))))))))))))))))))))))))))))))))))
.

2008-03-06 21:18 . 2008-03-06 21:18 200,778 --a------ C:\WINDOWS\system32\mcntxwb.exe
2008-03-06 17:49 . 2008-03-06 17:49 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-03-06 17:22 . 2008-03-06 19:50 <REP> d-------- C:\VundoFix Backups
2008-03-06 13:06 . 2008-03-06 21:03 <REP> dr------- C:\Documents and Settings\assa\Mes documents
2008-03-05 12:47 . 2008-03-05 12:47 <REP> d-------- C:\Program Files\nvcoi
2008-03-04 11:19 . 2008-03-04 11:19 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconFR.ico
2008-03-04 11:04 . 2008-03-05 20:52 <REP> d--hs---- C:\WINDOWS\eHA
2008-03-04 10:59 . 2008-03-05 19:19 <REP> d-------- C:\WINDOWS\system32\ev4
2008-03-04 10:59 . 2008-03-04 10:59 <REP> d-------- C:\WINDOWS\system32\bv2
2008-03-04 10:59 . 2008-03-04 10:59 <REP> d-------- C:\WINDOWS\system32\ax9
2008-03-04 10:58 . 2008-03-06 22:58 <REP> d-------- C:\Temp
2008-03-04 00:02 . 2008-03-04 00:05 <REP> d-------- C:\Documents and Settings\invite\Application Data\Canon
2008-03-01 20:59 . 2008-03-01 20:59 <REP> d-------- C:\Documents and Settings\invite\Application Data\Yahoo!
2008-02-29 16:17 . 2008-02-29 16:17 <REP> d-------- C:\Documents and Settings\invite\Application Data\MSN6
2008-02-29 16:17 . 2008-02-29 16:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-02-29 00:41 . 2008-02-29 00:41 268 --ah----- C:\sqmdata19.sqm
2008-02-29 00:41 . 2008-02-29 00:41 244 --ah----- C:\sqmnoopt19.sqm
2008-02-28 23:15 . 2008-02-28 23:20 <REP> d-------- C:\Documents and Settings\admin\Application Data\Canon
2008-02-28 17:56 . 2008-02-28 18:33 <REP> d-------- C:\Documents and Settings\assa\Application Data\Canon
2008-02-27 20:25 . 2002-05-24 03:04 389,180 --a------ C:\WINDOWS\system32\UCS32P.DLL
2008-02-27 20:25 . 2003-09-17 17:35 339,968 --a------ C:\WINDOWS\system32\N067UFW.DLL
2008-02-27 20:25 . 2002-09-12 01:07 36,864 --a------ C:\WINDOWS\system32\CNQU70.DLL
2008-02-26 19:48 . 2008-02-26 19:48 <REP> d--h----- C:\WINDOWS\PIF
2008-02-26 16:47 . 2008-03-04 10:53 <REP> d-------- C:\Program Files\Ares
2008-02-23 15:40 . 2008-02-23 15:40 <REP> d-------- C:\Documents and Settings\invite\Application Data\vlc
2008-02-17 16:22 . 2008-02-17 16:22 <REP> d-------- C:\WINDOWS\Sun
2008-02-17 16:20 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-17 16:19 . 2008-02-17 16:20 <REP> d-------- C:\Program Files\Java
2008-02-17 16:19 . 2008-02-17 16:19 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-02-15 20:37 . 2008-02-15 20:37 1,024 --a------ C:\.rnd
2008-02-15 20:24 . 2008-02-15 20:24 <REP> d-------- C:\Program Files\CitizenLab
2008-02-15 13:22 . 2008-02-15 13:22 268 --ah----- C:\sqmdata18.sqm
2008-02-15 13:22 . 2008-02-15 13:22 244 --ah----- C:\sqmnoopt18.sqm
2008-02-14 23:32 . 2008-02-14 23:32 268 --ah----- C:\sqmdata17.sqm
2008-02-14 23:32 . 2008-02-14 23:32 244 --ah----- C:\sqmnoopt17.sqm
2008-02-14 15:07 . 2008-02-14 15:07 268 --ah----- C:\sqmdata16.sqm
2008-02-14 15:07 . 2008-02-14 15:07 244 --ah----- C:\sqmnoopt16.sqm
2008-02-14 01:45 . 2008-03-06 14:29 292 --ah----- C:\sqmdata15.sqm
2008-02-14 01:45 . 2008-02-14 01:45 244 --ah----- C:\sqmnoopt15.sqm
2008-02-13 18:27 . 2008-03-02 22:36 268 --ah----- C:\sqmdata14.sqm
2008-02-13 18:27 . 2008-03-06 14:29 244 --ah----- C:\sqmnoopt14.sqm
2008-02-13 12:28 . 2008-03-01 23:54 268 --ah----- C:\sqmdata13.sqm
2008-02-13 12:28 . 2008-03-02 22:36 244 --ah----- C:\sqmnoopt13.sqm
2008-02-13 00:45 . 2008-03-01 12:41 268 --ah----- C:\sqmdata12.sqm
2008-02-13 00:45 . 2008-03-01 23:54 244 --ah----- C:\sqmnoopt12.sqm
2008-02-12 16:04 . 2008-03-01 12:41 244 --ah----- C:\sqmnoopt11.sqm
2008-02-12 16:04 . 2008-03-01 11:30 148 --ah----- C:\sqmdata11.sqm
2008-02-12 14:17 . 2008-03-01 11:30 268 --ah----- C:\sqmdata10.sqm
2008-02-12 14:17 . 2008-03-01 11:30 136 --ah----- C:\sqmnoopt10.sqm
2008-02-12 00:15 . 2008-03-01 00:46 268 --ah----- C:\sqmdata09.sqm
2008-02-12 00:15 . 2008-03-01 00:46 244 --ah----- C:\sqmnoopt09.sqm
2008-02-12 00:15 . 2008-02-29 22:37 244 --ah----- C:\sqmnoopt08.sqm
2008-02-12 00:15 . 2008-02-29 22:37 232 --ah----- C:\sqmdata08.sqm
2008-02-10 21:38 . 2008-02-10 21:38 <REP> d-------- C:\Documents and Settings\invite\Application Data\Leadertech
2008-02-07 20:51 . 2008-02-07 20:51 <REP> d-------- C:\Documents and Settings\invite\Application Data\Creative
2008-02-06 22:49 . 2001-08-23 17:47 286,720 --a------ C:\WINDOWS\system32\msh263.drv
2008-02-06 22:49 . 2001-08-23 17:47 50,688 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-02-06 22:49 . 2001-08-23 17:47 50,688 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-02-06 22:49 . 2001-08-23 17:47 45,568 --a------ C:\WINDOWS\system32\iyuv_32.dll
2008-02-06 22:49 . 2001-08-23 17:47 45,568 --a--c--- C:\WINDOWS\system32\dllcache\iyuv_32.dll
2008-02-06 22:49 . 2001-08-23 17:47 8,192 --a------ C:\WINDOWS\system32\tsbyuv.dll
2008-02-06 22:49 . 2001-08-23 17:47 8,192 --a--c--- C:\WINDOWS\system32\dllcache\tsbyuv.dll
2008-02-06 22:38 . 1999-10-10 18:00 41,984 --------- C:\WINDOWS\Ctregrun.exe
2008-02-06 22:36 . 1998-11-13 13:16 308,224 --a------ C:\WINDOWS\IsUn040c.exe
2008-02-06 22:34 . 2008-02-06 23:06 <REP> d-------- C:\Program Files\Creative

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-06 19:13 2,130,432 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-03-06 18:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-06 12:05 --------- d-----w C:\Program Files\MSN Messenger
2008-03-05 21:52 --------- d-----w C:\Documents and Settings\invite\Application Data\Roxio
2008-03-05 18:08 --------- d-----w C:\Program Files\Google
2008-03-05 18:07 2,108,416 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-03-05 17:08 --------- d-----w C:\Documents and Settings\invite\Application Data\Skype
2008-03-05 15:08 --------- d-----w C:\Documents and Settings\invite\Application Data\skypePM
2008-03-05 11:58 10 ----a-w C:\Program Files\.autoreg
2008-03-04 09:53 --------- d-----w C:\Documents and Settings\invite\Application Data\MailFrontier
2008-03-03 20:05 --------- d-----w C:\Documents and Settings\admin\Application Data\Roxio
2008-03-03 18:00 2,034,688 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-03-03 18:00 1,284,096 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-03-01 22:50 --------- d-----w C:\Documents and Settings\admin\Application Data\Skype
2008-03-01 22:20 --------- d-----w C:\Documents and Settings\assa\Application Data\Skype
2008-03-01 19:21 --------- d-----w C:\Documents and Settings\assa\Application Data\skypePM
2008-03-01 16:51 --------- d-----w C:\Documents and Settings\admin\Application Data\skypePM
2008-02-27 22:19 --------- d-----w C:\Program Files\Fichiers communs\Roxio Shared
2008-02-27 19:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-26 18:54 1,995,776 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-02-26 18:46 1,994,752 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-26 12:20 --------- d-----w C:\Program Files\adslTV
2008-02-16 16:29 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-03 23:37 1,605,632 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-02-03 11:34 --------- d-----w C:\Documents and Settings\assa\Application Data\MailFrontier
2008-02-02 21:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-02 21:39 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-26 17:50 --------- d-----w C:\Program Files\Athan
2008-01-26 17:49 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-01-07 21:02 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE
2008-01-07 20:59 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-07 20:56 --------- d-----w C:\Program Files\Fichiers communs\SWF Studio
2008-01-06 17:00 --------- d-----w C:\Program Files\Microsoft Works
2007-12-22 14:59 512 ----a-w C:\ScanSectorLog.dat
2007-12-14 14:55 1,567,744 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2007-11-28 18:09 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2005-07-29 15:24 472 --sha-r C:\WINDOWS\eHA\yJE.vbs
.

((((((((((((((((((((((((((((( snapshot@2008-03-06_21.11.20.90 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-04 09:54:28 40,836 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-06 20:15:09 40,836 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-04 09:54:28 49,494 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-03-06 20:15:09 49,494 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-03-04 09:54:28 314,508 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-06 20:15:09 314,508 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-03-04 09:54:28 370,414 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-03-06 20:15:09 370,414 ----a-w C:\WINDOWS\system32\perfh00C.dat
- 2008-03-06 19:16:36 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
+ 2008-03-06 20:14:22 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-28 11:00 13312]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-12-31 15:29 962560]
"nvcoi"="C:\Program Files\nvcoi\nvcoi.exe" [2008-03-05 12:47 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2001-08-28 11:00 208949]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2001-08-28 11:00 737360]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2001-08-28 11:00 737360]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 11:45 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54 919016]
"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 16:51 36864]
"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 19:28 155648]
"Athan"="C:\Program Files\Athan\Athan.exe" [2007-09-06 20:25 1003520]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"RoxioEngineUtility"="C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe" [2003-05-01 18:44 65536]
"RoxioDragToDisc"="E:\Roxio\DragToDisc\DrgToDsc.exe" [2003-06-25 00:18 868352]
"RoxioAudioCentral"="E:\Roxio\AudioCentral\RxMon.exe" [2003-06-23 21:12 319488]
"{CB-BA-A7-7E-DW}"="c:\windows\system32\rwwnw64d.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 11:00 13312]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
VPN Client.lnk - C:\WINDOWS\Installer\{8A3A2363-2129-43FB-8DFC-F237DA58038C}\Icon3E5562ED7.ico [2007-12-22 16:11:26 6144]

R3 ati2mpaa;ati2mpaa;C:\WINDOWS\System32\DRIVERS\ati2mpaa.sys [2001-08-23 16:59]
R3 IBMTRP;Carte IBM PCI Token Ring (générique);C:\WINDOWS\System32\DRIVERS\IBMTRP.SYS [2001-08-17 20:12]
S3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\System32\DRIVERS\V0260Vid.sys [2006-11-03 23:45]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-06 23:03:42
Windows 5.1.2600 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-06 23:04:36
ComboFix-quarantined-files.txt 2008-03-06 22:04:22
ComboFix2.txt 2008-03-06 21:55:48
ComboFix3.txt 2008-03-06 20:11:44
.
2008-03-05 11:46:37 --- E O F ---
0
Réponse 10 / 24
jojobel10
 
hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:08:54, on 06/03/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\sap vpn cisco\cvpnd.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
E:\Roxio\DragToDisc\DrgToDsc.exe
E:\Roxio\AudioCentral\RxMon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\nvcoi\nvcoi.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
E:\Roxio\AudioCentral\Playlist.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\mcntxwb.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\admin\MESDOC~1\spybot\install\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "E:\Roxio\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "E:\Roxio\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [{CB-BA-A7-7E-DW}] c:\windows\system32\rwwnw64d.exe DWram
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [nvcoi] C:\Program Files\nvcoi\nvcoi.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\sap vpn cisco\cvpnd.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
0
Réponse 11 / 24
Utilisateur anonyme
 
instal , configure et met a jour avira antivir , puis effectue un scan avec antivir en mode sans echec


anti virus : antivir

https://www.malekal.com/avira-free-security-antivirus-gratuit/

http://mickael.barroux.free.fr/securite/antivir.php <- tutoriel + complet


voici pour t'aider a redemarrer en mode sans echec : https://www.malekal.com/demarrer-windows-mode-sans-echec/
0
Réponse 12 / 24
jojobel10
 
Merci pour tout champion. Je vais me coucher et faire le scan demain si tout va bien. Puis-je essayer les mêmes outils sur mon ordinateur portable qui plante aussi parfois?
0
Réponse 13 / 24
Utilisateur anonyme
 
bonjour non surtout de pas effectuer les memes manip , il faut cibler le probleme puis utiliser les bon outils .
0
Réponse 14 / 24
jojobel10
 
ok.
0
Réponse 15 / 24
jojobel10
 
ça y est! J'ai fait le scan en mode sans échec: 8 virus détectés t deleted. L'ordi semble fonctionner sans problèmes. J'ai zone alarme sur la machine, dois-je le garder en même temps qu'antivir? Celuici n'est-il grantuit que 3 mois?
Par ailleurs, j'ai lancé un scan avec Norton en mode sans echec sur mon ordi portable dont je vous ai parlé hier. Peute etre devrais-je ouvrir un autre topic pour ses problemes de lenteurs.
En tout cas félicitations, merci et big up!!!
0
Réponse 16 / 24
Utilisateur anonyme
 
poste un rapport hijacthis stp apres on regarderas l'autre pc
0
Réponse 17 / 24
jojobel10
 
En redemarrant l'antivirus a fait un scan en mode normal dont voici le rapport (le hijack viendra par la suite):


AntiVir PersonalEdition Classic
Report file date: vendredi 7 mars 2008 13:12

Scanning for 1136109 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (plain) [5.1.2600]
Username: SYSTEM
Computer name: MB

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 22:59:17
ANTIVIR2.VDF : 7.0.2.181 1993728 Bytes 24/02/2008 22:59:18
ANTIVIR3.VDF : 7.0.2.245 216576 Bytes 06/03/2008 22:59:18
AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 06/03/2008 22:59:20
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 06/03/2008 22:59:21
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: vendredi 7 mars 2008 13:12

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MsPMSPSv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'cvpnd.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'Playlist.exe' - '1' Module(s) have been scanned
Scan process 'javaw.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'nvcoi.exe' - '1' Module(s) have been scanned
Scan process 'Ares.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'RxMon.exe' - '1' Module(s) have been scanned
Scan process 'DrgToDsc.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'Athan.exe' - '1' Module(s) have been scanned
Scan process 'StatusClient.exe' - '1' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'Reader_SL.exe' - '1' Module(s) have been scanned
Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
39 processes with 39 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '29' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP110\A0030913.exe
[DETECTION] Is the Trojan horse TR/Spy.Banbra.df.199
[INFO] The file was deleted!
C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP110\A0030915.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ezc.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP110\A0030916.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.22016.4
[INFO] The file was deleted!
C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP110\A0030920.exe
[DETECTION] Is the Trojan horse TR/Dldr.CWS.gen.2
[INFO] The file was deleted!
C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP110\A0030921.exe
[DETECTION] Is the Trojan horse TR/BHO.AB.4
[INFO] The file was deleted!
C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP110\A0030922.dll
[DETECTION] Is the Trojan horse TR/BHO.AB.6
[INFO] The file was deleted!
C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP110\A0030923.dll
[DETECTION] Is the Trojan horse TR/BHO.AB.6
[INFO] The file was deleted!
C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP110\A0030924.dll
[DETECTION] Is the Trojan horse TR/BHO.AB.6
[INFO] The file was deleted!
C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP110\A0030925.dll
[DETECTION] Is the Trojan horse TR/BHO.AB.6
[INFO] The file was deleted!
C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP110\A0030999.vbs
[DETECTION] Is the Trojan horse TR/Small.WY
[INFO] The file was deleted!
C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP110\A0031000.exe
[DETECTION] Contains detection pattern of the dropper DR/PurityScan.GP
[INFO] The file was deleted!
C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP110\A0031001.exe
[DETECTION] Is the Trojan horse TR/Dldr.Purity.BV.7
[INFO] The file was deleted!
C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP110\A0031008.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.hcn
[INFO] The file was deleted!
C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP110\A0031033.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.cgd.2
[INFO] The file was deleted!
C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP110\A0032021.exe
[DETECTION] Is the Trojan horse TR/BHO.AB.4
[INFO] The file was deleted!
C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP110\A0034006.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP110\A0034103.dll
[DETECTION] Is the Trojan horse TR/Vundo.DWB
[INFO] The file was deleted!
C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP110\A0034104.exe
[DETECTION] Is the Trojan horse TR/BHO.AB.4
[INFO] The file was deleted!
C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP112\A0036154.exe
[DETECTION] Is the Trojan horse TR/Dldr.VB.caw.6
[INFO] The file was deleted!
C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP112\A0036157.exe
[DETECTION] Is the Trojan horse TR/Agent.AHBF
[INFO] The file was deleted!
C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP112\A0036162.exe
[DETECTION] Is the Trojan horse TR/Dldr.PurityScan.FJ
[INFO] The file was deleted!
C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP112\A0036165.exe
[DETECTION] Is the Trojan horse TR/BHO.AB.4
[INFO] The file was deleted!
C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP112\A0036168.dll
[DETECTION] Is the Trojan horse TR/BHO.AB.6
[INFO] The file was deleted!
C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP112\A0036169.dll
[DETECTION] Is the Trojan horse TR/BHO.AB.6
[INFO] The file was deleted!
C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP112\A0036170.dll
[DETECTION] Is the Trojan horse TR/BHO.AB.6
[INFO] The file was deleted!
C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP112\A0036171.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP112\A0036172.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP112\A0036173.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP112\A0036175.dll
[DETECTION] Is the Trojan horse TR/Vundo.DWB
[INFO] The file was deleted!
C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP112\A0036176.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP112\A0036177.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP112\A0036187.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP112\A0036270.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP112\A0036271.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP112\A0036274.exe
[DETECTION] Is the Trojan horse TR/Matcash.DLN
[INFO] The file was deleted!
C:\System Volume Information\_restore{151798A8-8F78-4105-8CCB-10B03A930032}\RP116\A0037421.exe
[DETECTION] Contains detection pattern of the dropper DR/TTC.D
[INFO] The file was deleted!
Begin scan in 'E:\'


End of the scan: vendredi 7 mars 2008 14:36
Used time: 1:24:28 min

The scan has been done completely.

3116 Scanning directories
211023 Files were scanned
36 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
36 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
210987 Files not concerned
1390 Archives were scanned
2 Warnings
1 Notes
0
Réponse 18 / 24
jojobel10
 
hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:53:44, on 07/03/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
E:\Roxio\DragToDisc\DrgToDsc.exe
E:\Roxio\AudioCentral\RxMon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\nvcoi\nvcoi.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
E:\Roxio\AudioCentral\Playlist.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Cisco Systems\VPN Client\sap vpn cisco\cvpnd.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\admin\MESDOC~1\spybot\install\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "E:\Roxio\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "E:\Roxio\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [{CB-BA-A7-7E-DW}] c:\windows\system32\rwwnw64d.exe DWram
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [nvcoi] C:\Program Files\nvcoi\nvcoi.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\sap vpn cisco\cvpnd.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
0
Réponse 19 / 24
Utilisateur anonyme
 
il reste une saletée :


télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :


c:\windows\system32\rwwnw64d.exe DWram
c:\windows\system32\rwwnw64d.exe


clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
copie et colle le rapport ici
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

ensuite poste un nouveau rapport hijackthis
0
jojobel10
 
File/Folder c:\windows\system32\rwwnw64d.exe DWram not found.
File/Folder c:\windows\system32\rwwnw64d.exe not found.

OTMoveIt2 v1.0.20 log created on 03072008_153445
0
Réponse 20 / 24
jojobel10
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:38:40, on 07/03/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
E:\Roxio\DragToDisc\DrgToDsc.exe
E:\Roxio\AudioCentral\RxMon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\nvcoi\nvcoi.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
E:\Roxio\AudioCentral\Playlist.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Cisco Systems\VPN Client\sap vpn cisco\cvpnd.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\admin\MESDOC~1\spybot\install\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "E:\Roxio\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "E:\Roxio\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [{CB-BA-A7-7E-DW}] c:\windows\system32\rwwnw64d.exe DWram
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [nvcoi] C:\Program Files\nvcoi\nvcoi.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\sap vpn cisco\cvpnd.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
0

Discussions similaires

Critical low batterie
annemarie -
bazfile -

1 réponse
PC acer critical low battery mais battery neuve
Pento_57 -
cathyqiu -

9 réponses
Iptv smarters pro Network error occured! Please try again
Franck -
bazfile -

4 réponses
Ordi ne charge plus
Laneige -
ilyesbrihi -

3 réponses
Ordi lenovo fan error
citadin6 -
citadin6 -

4 réponses