Aide pour un rapport hijackthis
luky974
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
ya kelke temps mon internet et devenu tré lent et kelkun ma di que j'avai peu etreun virus et il ma di de telecharger hijackthis et de faire un rapport mais le raport je c pa koi en faire vou pouvai m'aider
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:48:19, on 04/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pavsrv.exe
C:\WINDOWS\system32\AVENGINE.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\LibreSystem\strpmon.exe
C:\WINDOWS\system32\RavMon.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\pavProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Ares\Ares.exe
C:\WINDOWS\SYSTEM32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Xi\NetTransport 2\NetTransport.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ask.askredir.com/...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - (no file)
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\LibreSystem\strpmon.exe" dm=http://ww25.libresystem.com/ ad=http://ww25.libresystem.com/ sd=http://ww25.repay.libresystem.com/
O4 - HKLM\..\Run: [RavMont] C:\WINDOWS\system32\RavMon.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BM2f49763d] Rundll32.exe "C:\WINDOWS\system32\hpchcstl.dll",s
O4 - HKLM\..\Run: [2c7a45a1] rundll32.exe "C:\WINDOWS\system32\gbmafabj.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm451YYRE
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\WINDOWS\SYSTEM32\pavsrv.exe
ya kelke temps mon internet et devenu tré lent et kelkun ma di que j'avai peu etreun virus et il ma di de telecharger hijackthis et de faire un rapport mais le raport je c pa koi en faire vou pouvai m'aider
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:48:19, on 04/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pavsrv.exe
C:\WINDOWS\system32\AVENGINE.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\LibreSystem\strpmon.exe
C:\WINDOWS\system32\RavMon.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\pavProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Ares\Ares.exe
C:\WINDOWS\SYSTEM32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Xi\NetTransport 2\NetTransport.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ask.askredir.com/...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - (no file)
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\LibreSystem\strpmon.exe" dm=http://ww25.libresystem.com/ ad=http://ww25.libresystem.com/ sd=http://ww25.repay.libresystem.com/
O4 - HKLM\..\Run: [RavMont] C:\WINDOWS\system32\RavMon.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BM2f49763d] Rundll32.exe "C:\WINDOWS\system32\hpchcstl.dll",s
O4 - HKLM\..\Run: [2c7a45a1] rundll32.exe "C:\WINDOWS\system32\gbmafabj.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm451YYRE
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\WINDOWS\SYSTEM32\pavsrv.exe
A voir également:
- Aide pour un rapport hijackthis
- Hijackthis - Télécharger - Antivirus & Antimalwares
- Plan d'un rapport de stage - Guide
- Rapport de crash windows - Guide
- Acheter un rapport de stage - Forum Programmation
- Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport existant ✓ - Forum Excel
8 réponses
Bonjour,
télécharge GenProc [http://www.alt-shift-return.org/Info/Fichiers/GenProc_Beta.zip sur ton bureau
dézippe le dossier, double-clique sur GenProc.bat et poste le contenu du rapport qui s'ouvre
Aide en images : [http://www.alt-shift-return.org/Info/GenProc-HowTo.html
télécharge GenProc [http://www.alt-shift-return.org/Info/Fichiers/GenProc_Beta.zip sur ton bureau
dézippe le dossier, double-clique sur GenProc.bat et poste le contenu du rapport qui s'ouvre
Aide en images : [http://www.alt-shift-return.org/Info/GenProc-HowTo.html
re on ma di de posté sa sur le forum
Rapport GenProc 1.72B [1] effectué le 04/05/2008 à 21:35:44,78 - Windows XP
Dans CCleaner, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout.
# Etape 1/ Télécharge :
- BTFix (de Bibi26) http://cluster1.easy-hebergement.net/ et dézippe l'archive sur ton Bureau.
- VundoFix.exe (par Atribune) http://www.atribune.org/ccount/click.php?id=4 sur ton Bureau
- combofix.exe (par [b]sUBs[/b]) http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau
- MSNFix.zip (de !aur3n7) http://sosvirus.changelog.fr/MSNFix.zip et décompresse-le sur le Bureau.
***** Copie ce qui suit dans un fichier texte et redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ (choisis ta session courante "Dj-wear") *****
# Etape 2/
Ouvre BTFix, puis clique sur Nettoyer. Un rapport va apparaître, sauvegarde-le sur ton bureau.
# Etape 3/
* Double-clique VundoFix.exe afin de le lancer, puis clique sur le bouton "Scan for Vundo".
Lorsque le scan est complété, clique sur le bouton "Fix Vundo", une invite te demandera si tu veux supprimer les fichiers, clique YES : le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer : clique OK
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo
* Double clique [b]combofix.exe[/b].
Tape sur la touche Y (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra
# Etape 4/
Lance le fichier MSNFix.bat qui se trouve dans le dossier MSNfix, sur le bureau.
- Exécute l'option R.
- Si l'infection est détectée, exécute l'option N.
- Sauvegarde ce rapport sur ton bureau.
# Etape 5/
Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.
# Etape 6/
Redémarre normalement et poste, dans la même réponse :
- Un nouveau rapport HijackThis, toutes fenêtres et applications fermées http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis.exe ;
- Le contenu du rapport situé dans C:\vundofix.txt ;
- Le contenu du rapport situé dans C:\Combofix.txt ;
- Le contenu du rapport MSNfix situé sur le Bureau ;
- Le contenu du rapport BTFix que tu as sauvegardé ;
Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.
Rapport GenProc 1.72B [1] effectué le 04/05/2008 à 21:35:44,78 - Windows XP
Dans CCleaner, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout.
# Etape 1/ Télécharge :
- BTFix (de Bibi26) http://cluster1.easy-hebergement.net/ et dézippe l'archive sur ton Bureau.
- VundoFix.exe (par Atribune) http://www.atribune.org/ccount/click.php?id=4 sur ton Bureau
- combofix.exe (par [b]sUBs[/b]) http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau
- MSNFix.zip (de !aur3n7) http://sosvirus.changelog.fr/MSNFix.zip et décompresse-le sur le Bureau.
***** Copie ce qui suit dans un fichier texte et redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ (choisis ta session courante "Dj-wear") *****
# Etape 2/
Ouvre BTFix, puis clique sur Nettoyer. Un rapport va apparaître, sauvegarde-le sur ton bureau.
# Etape 3/
* Double-clique VundoFix.exe afin de le lancer, puis clique sur le bouton "Scan for Vundo".
Lorsque le scan est complété, clique sur le bouton "Fix Vundo", une invite te demandera si tu veux supprimer les fichiers, clique YES : le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer : clique OK
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo
* Double clique [b]combofix.exe[/b].
Tape sur la touche Y (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra
# Etape 4/
Lance le fichier MSNFix.bat qui se trouve dans le dossier MSNfix, sur le bureau.
- Exécute l'option R.
- Si l'infection est détectée, exécute l'option N.
- Sauvegarde ce rapport sur ton bureau.
# Etape 5/
Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.
# Etape 6/
Redémarre normalement et poste, dans la même réponse :
- Un nouveau rapport HijackThis, toutes fenêtres et applications fermées http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis.exe ;
- Le contenu du rapport situé dans C:\vundofix.txt ;
- Le contenu du rapport situé dans C:\Combofix.txt ;
- Le contenu du rapport MSNfix situé sur le Bureau ;
- Le contenu du rapport BTFix que tu as sauvegardé ;
Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
resalut,
alor j'ai terminé tout les étape de GenProc,et jaimerai savoir si j'aurai encor des prob je poste lé rapport:
sa c celui de hisjackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:12:57, on 05/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RavMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\WINDOWS\system32\pavsrv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\AVENGINE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: WebPerform Object - {AB692F9B-27FE-4511-8885-ED62BB45197B} - C:\WINDOWS\system32\webperform.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - (no file)
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RavMont] C:\WINDOWS\system32\RavMon.exe
O4 - HKLM\..\Run: [BM2f49763d] Rundll32.exe "C:\WINDOWS\system32\tndexjdo.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O20 - Winlogon Notify: hgGywUkL - hgGywUkL.dll (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\WINDOWS\SYSTEM32\pavsrv.exe
alor j'ai terminé tout les étape de GenProc,et jaimerai savoir si j'aurai encor des prob je poste lé rapport:
sa c celui de hisjackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:12:57, on 05/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RavMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\WINDOWS\system32\pavsrv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\AVENGINE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: WebPerform Object - {AB692F9B-27FE-4511-8885-ED62BB45197B} - C:\WINDOWS\system32\webperform.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - (no file)
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RavMont] C:\WINDOWS\system32\RavMon.exe
O4 - HKLM\..\Run: [BM2f49763d] Rundll32.exe "C:\WINDOWS\system32\tndexjdo.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O20 - Winlogon Notify: hgGywUkL - hgGywUkL.dll (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\WINDOWS\SYSTEM32\pavsrv.exe
voila j'ai trouver celui de vundofix
VundoFix V7.0.3
Scan started at 09:51:19 05/05/2008
Listing files found while scanning....
VundoFix V7.0.3
Scan started at 10:53:54 05/05/2008
Listing files found while scanning....
C:\WINDOWS\system32\abtoncxg.dll
C:\WINDOWS\system32\aqwlpltr.dll
C:\WINDOWS\system32\brpkthoo.dll
C:\WINDOWS\system32\cfcanice.dll
C:\WINDOWS\system32\cflvcdtl.dll
C:\WINDOWS\system32\cqdicrvw.dll
C:\WINDOWS\system32\dnktmpua.dll
C:\WINDOWS\system32\epdnqxye.dll
C:\WINDOWS\system32\etfocurq.dll
C:\WINDOWS\system32\fdvundln.dll
C:\WINDOWS\system32\fxthdspu.dll
C:\WINDOWS\system32\gaikeqym.dll
C:\WINDOWS\system32\hbkwsdlc.dll
C:\WINDOWS\system32\hnwraspc.dll
C:\WINDOWS\system32\hpchcstl.dll
C:\WINDOWS\system32\irogkgmb.dll
C:\WINDOWS\system32\jbkvaolv.dll
C:\WINDOWS\system32\jfbctxqk.dll
C:\WINDOWS\system32\jjxhgbqv.dll
C:\WINDOWS\system32\jkkJcyAp.dll
C:\WINDOWS\system32\lpjeivgs.dll
C:\WINDOWS\system32\mdpfsttd.dll
C:\WINDOWS\system32\mgxynrhs.dll
C:\WINDOWS\system32\nettqfwt.dll
C:\WINDOWS\system32\nvhhtvqd.dll
C:\WINDOWS\system32\oqvpgjah.dll
C:\WINDOWS\system32\owfxxaik.dll
C:\WINDOWS\system32\qsxcihgp.dll
C:\WINDOWS\system32\rjkfflvx.dll
C:\WINDOWS\system32\sdcgtpmg.dll
C:\WINDOWS\system32\sffvecuj.dll
C:\WINDOWS\system32\skfquagt.dll
C:\WINDOWS\system32\subqxvrf.dll
C:\WINDOWS\system32\tndexjdo.dll
C:\WINDOWS\system32\tuvTnNGX.dll
C:\WINDOWS\system32\uuhbtasc.dll
C:\WINDOWS\system32\wcrgvoob.dll
C:\WINDOWS\system32\wvxlmtpy.dll
C:\WINDOWS\system32\xvnhccyu.dll
C:\WINDOWS\system32\yfnsixpq.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\abtoncxg.dll
C:\WINDOWS\system32\abtoncxg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\aqwlpltr.dll
C:\WINDOWS\system32\aqwlpltr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\brpkthoo.dll
C:\WINDOWS\system32\brpkthoo.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\cfcanice.dll
C:\WINDOWS\system32\cfcanice.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\cflvcdtl.dll
C:\WINDOWS\system32\cflvcdtl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\cqdicrvw.dll
C:\WINDOWS\system32\cqdicrvw.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\dnktmpua.dll
C:\WINDOWS\system32\dnktmpua.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\epdnqxye.dll
C:\WINDOWS\system32\epdnqxye.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\etfocurq.dll
C:\WINDOWS\system32\etfocurq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fdvundln.dll
C:\WINDOWS\system32\fdvundln.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fxthdspu.dll
C:\WINDOWS\system32\fxthdspu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\gaikeqym.dll
C:\WINDOWS\system32\gaikeqym.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\hbkwsdlc.dll
C:\WINDOWS\system32\hbkwsdlc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\hnwraspc.dll
C:\WINDOWS\system32\hnwraspc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\hpchcstl.dll
C:\WINDOWS\system32\hpchcstl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\irogkgmb.dll
C:\WINDOWS\system32\irogkgmb.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jbkvaolv.dll
C:\WINDOWS\system32\jbkvaolv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jfbctxqk.dll
C:\WINDOWS\system32\jfbctxqk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjxhgbqv.dll
C:\WINDOWS\system32\jjxhgbqv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkkJcyAp.dll
C:\WINDOWS\system32\jkkJcyAp.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\lpjeivgs.dll
C:\WINDOWS\system32\lpjeivgs.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mdpfsttd.dll
C:\WINDOWS\system32\mdpfsttd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mgxynrhs.dll
C:\WINDOWS\system32\mgxynrhs.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nettqfwt.dll
C:\WINDOWS\system32\nettqfwt.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nvhhtvqd.dll
C:\WINDOWS\system32\nvhhtvqd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\oqvpgjah.dll
C:\WINDOWS\system32\oqvpgjah.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\owfxxaik.dll
C:\WINDOWS\system32\owfxxaik.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qsxcihgp.dll
C:\WINDOWS\system32\qsxcihgp.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\rjkfflvx.dll
C:\WINDOWS\system32\rjkfflvx.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\sdcgtpmg.dll
C:\WINDOWS\system32\sdcgtpmg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\sffvecuj.dll
C:\WINDOWS\system32\sffvecuj.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\skfquagt.dll
C:\WINDOWS\system32\skfquagt.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\subqxvrf.dll
C:\WINDOWS\system32\subqxvrf.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tndexjdo.dll
C:\WINDOWS\system32\tndexjdo.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tuvTnNGX.dll
C:\WINDOWS\system32\tuvTnNGX.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\uuhbtasc.dll
C:\WINDOWS\system32\uuhbtasc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wcrgvoob.dll
C:\WINDOWS\system32\wcrgvoob.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wvxlmtpy.dll
C:\WINDOWS\system32\wvxlmtpy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xvnhccyu.dll
C:\WINDOWS\system32\xvnhccyu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\yfnsixpq.dll
C:\WINDOWS\system32\yfnsixpq.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\tuvTnNGX.dll
C:\WINDOWS\system32\tuvTnNGX.dll Could not be deleted.
Performing Repairs to the registry.
Done!
VundoFix V7.0.3
Scan started at 11:53:15 2008-05-05
Listing files found while scanning....
C:\WINDOWS\system32\tuvTnNGX.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\tuvTnNGX.dll
C:\WINDOWS\system32\tuvTnNGX.dll Could not be deleted.
Performing Repairs to the registry.
Done!
VundoFix V7.0.3
Scan started at 09:51:19 05/05/2008
Listing files found while scanning....
VundoFix V7.0.3
Scan started at 10:53:54 05/05/2008
Listing files found while scanning....
C:\WINDOWS\system32\abtoncxg.dll
C:\WINDOWS\system32\aqwlpltr.dll
C:\WINDOWS\system32\brpkthoo.dll
C:\WINDOWS\system32\cfcanice.dll
C:\WINDOWS\system32\cflvcdtl.dll
C:\WINDOWS\system32\cqdicrvw.dll
C:\WINDOWS\system32\dnktmpua.dll
C:\WINDOWS\system32\epdnqxye.dll
C:\WINDOWS\system32\etfocurq.dll
C:\WINDOWS\system32\fdvundln.dll
C:\WINDOWS\system32\fxthdspu.dll
C:\WINDOWS\system32\gaikeqym.dll
C:\WINDOWS\system32\hbkwsdlc.dll
C:\WINDOWS\system32\hnwraspc.dll
C:\WINDOWS\system32\hpchcstl.dll
C:\WINDOWS\system32\irogkgmb.dll
C:\WINDOWS\system32\jbkvaolv.dll
C:\WINDOWS\system32\jfbctxqk.dll
C:\WINDOWS\system32\jjxhgbqv.dll
C:\WINDOWS\system32\jkkJcyAp.dll
C:\WINDOWS\system32\lpjeivgs.dll
C:\WINDOWS\system32\mdpfsttd.dll
C:\WINDOWS\system32\mgxynrhs.dll
C:\WINDOWS\system32\nettqfwt.dll
C:\WINDOWS\system32\nvhhtvqd.dll
C:\WINDOWS\system32\oqvpgjah.dll
C:\WINDOWS\system32\owfxxaik.dll
C:\WINDOWS\system32\qsxcihgp.dll
C:\WINDOWS\system32\rjkfflvx.dll
C:\WINDOWS\system32\sdcgtpmg.dll
C:\WINDOWS\system32\sffvecuj.dll
C:\WINDOWS\system32\skfquagt.dll
C:\WINDOWS\system32\subqxvrf.dll
C:\WINDOWS\system32\tndexjdo.dll
C:\WINDOWS\system32\tuvTnNGX.dll
C:\WINDOWS\system32\uuhbtasc.dll
C:\WINDOWS\system32\wcrgvoob.dll
C:\WINDOWS\system32\wvxlmtpy.dll
C:\WINDOWS\system32\xvnhccyu.dll
C:\WINDOWS\system32\yfnsixpq.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\abtoncxg.dll
C:\WINDOWS\system32\abtoncxg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\aqwlpltr.dll
C:\WINDOWS\system32\aqwlpltr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\brpkthoo.dll
C:\WINDOWS\system32\brpkthoo.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\cfcanice.dll
C:\WINDOWS\system32\cfcanice.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\cflvcdtl.dll
C:\WINDOWS\system32\cflvcdtl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\cqdicrvw.dll
C:\WINDOWS\system32\cqdicrvw.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\dnktmpua.dll
C:\WINDOWS\system32\dnktmpua.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\epdnqxye.dll
C:\WINDOWS\system32\epdnqxye.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\etfocurq.dll
C:\WINDOWS\system32\etfocurq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fdvundln.dll
C:\WINDOWS\system32\fdvundln.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fxthdspu.dll
C:\WINDOWS\system32\fxthdspu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\gaikeqym.dll
C:\WINDOWS\system32\gaikeqym.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\hbkwsdlc.dll
C:\WINDOWS\system32\hbkwsdlc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\hnwraspc.dll
C:\WINDOWS\system32\hnwraspc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\hpchcstl.dll
C:\WINDOWS\system32\hpchcstl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\irogkgmb.dll
C:\WINDOWS\system32\irogkgmb.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jbkvaolv.dll
C:\WINDOWS\system32\jbkvaolv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jfbctxqk.dll
C:\WINDOWS\system32\jfbctxqk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjxhgbqv.dll
C:\WINDOWS\system32\jjxhgbqv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkkJcyAp.dll
C:\WINDOWS\system32\jkkJcyAp.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\lpjeivgs.dll
C:\WINDOWS\system32\lpjeivgs.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mdpfsttd.dll
C:\WINDOWS\system32\mdpfsttd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mgxynrhs.dll
C:\WINDOWS\system32\mgxynrhs.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nettqfwt.dll
C:\WINDOWS\system32\nettqfwt.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nvhhtvqd.dll
C:\WINDOWS\system32\nvhhtvqd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\oqvpgjah.dll
C:\WINDOWS\system32\oqvpgjah.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\owfxxaik.dll
C:\WINDOWS\system32\owfxxaik.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qsxcihgp.dll
C:\WINDOWS\system32\qsxcihgp.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\rjkfflvx.dll
C:\WINDOWS\system32\rjkfflvx.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\sdcgtpmg.dll
C:\WINDOWS\system32\sdcgtpmg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\sffvecuj.dll
C:\WINDOWS\system32\sffvecuj.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\skfquagt.dll
C:\WINDOWS\system32\skfquagt.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\subqxvrf.dll
C:\WINDOWS\system32\subqxvrf.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tndexjdo.dll
C:\WINDOWS\system32\tndexjdo.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tuvTnNGX.dll
C:\WINDOWS\system32\tuvTnNGX.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\uuhbtasc.dll
C:\WINDOWS\system32\uuhbtasc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wcrgvoob.dll
C:\WINDOWS\system32\wcrgvoob.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wvxlmtpy.dll
C:\WINDOWS\system32\wvxlmtpy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xvnhccyu.dll
C:\WINDOWS\system32\xvnhccyu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\yfnsixpq.dll
C:\WINDOWS\system32\yfnsixpq.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\tuvTnNGX.dll
C:\WINDOWS\system32\tuvTnNGX.dll Could not be deleted.
Performing Repairs to the registry.
Done!
VundoFix V7.0.3
Scan started at 11:53:15 2008-05-05
Listing files found while scanning....
C:\WINDOWS\system32\tuvTnNGX.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\tuvTnNGX.dll
C:\WINDOWS\system32\tuvTnNGX.dll Could not be deleted.
Performing Repairs to the registry.
Done!
***************************
ça c'est louche :
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKLM\..\Run: [BM2f49763d] Rundll32.exe "C:\WINDOWS\system32\hpchcstl.dll",s
O4 - HKLM\..\Run: [2c7a45a1] rundll32.exe "C:\WINDOWS\system32\gbmafabj.dll",b
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe