j'ai un vundo@dll.trj Fermé

Question

Bonjour,

j'ai un cheval de troie qui me lache plus...
vundofix ne trouve rien 
j'ai lancer un scan avec hijackthis et je ne sais pas quoi faire du résultat le voila merci pour l'aide


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:41, on 28/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\dnetc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\SEBELM~1\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {29AB2B5B-392D-45C9-B323-CF4F65B07E7F} - C:\WINDOWS\system32\mlJDttuv.dll (file missing)
O2 - BHO: (no name) - {43FFFA70-B75A-4EDE-9B27-380F4B61B200} - C:\WINDOWS\system32\qoMghFvw.dll (file missing)
O2 - BHO: (no name) - {4AA5DEF4-A3F5-406E-B4B6-BA981B331C26} - C:\WINDOWS\system32\pmnoOGWN.dll (file missing)
O2 - BHO: (no name) - {522E0112-EDD9-413D-A99E-C311A54B6676} - C:\WINDOWS\system32\cbXPiFxv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {86959FE0-462B-4162-9ED9-402A78B7C9F9} - (no file)
O2 - BHO: (no name) - {87EAA548-F021-4B07-872E-309CF96E204A} - C:\WINDOWS\system32\opnKDwuR.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: (no name) - {D2750932-B7C1-4B2C-A2C9-32CA193D702E} - (no file)
O2 - BHO: (no name) - {E335D7C5-C8B8-41EC-AAAF-A75DEA707C93} - C:\WINDOWS\system32\jkkLETKc.dll (file missing)
O2 - BHO: (no name) - {F43C3FF0-479C-495C-AA43-5275FA825372} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [94d4f9f9] rundll32.exe "C:\WINDOWS\system32\asxpmbdj.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe"  -osboot
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [qmoclya] c:\documents and settings\seb elmon\local settings\application data\qmoclya.exe qmoclya
O4 - HKCU\..\Run: [hhmgkkoc] c:\documents and settings\seb elmon\local settings\application data\hhmgkkoc.exe hhmgkkoc
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: cbXPiFxv - C:\WINDOWS\SYSTEM32\cbXPiFxv.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: distributed.net client (dnetc) - Distributed Computing Technologies, Inc. - C:\WINDOWS\dnetc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

Utilisateur anonyme · Answer

salut seb :



Telecharge malwarebytes 

-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

Tu l´instale; le programme va se mettre automatiquement a jour. 

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression". 

Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet". 

Puis click sur "rechercher". 

Laisse le scanner le pc... 

Si des elements on ete trouvés > click sur supprimer la selection. 

si il t´es demandé de redemarrer > click sur "yes". 

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum. 

Copie et colle le rapport stp.

Utilisateur anonyme · Answer

ok

VIRUS_KILLER · Answer

Bonjour,pour suivre,,,,,,
Pour ce qui concerne vundo telecharge et installe Vundofix : http://ftpclubic47.clubic.com/...
Ensuite installe le logiciel.
Clique ensuite sur "scan for vundo" et si il trouve des choses tu poura passer a "remove vundo"

Utilisateur anonyme · Answer

Redémarre le pc si ça n a pas été fais 

réouvre malewarebyte
va sur quarantaine 
supprime tout 


Télécharge clean.zip, de Malekal 
http://www.malekal.com/download/clean.zip 

comment l'utiliser 
Tuto 
http://mickael.barroux.free.fr/securite/clean.php 

(1) Dézippe-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean. 

(2) Ouvre le dossier clean qui se trouve sur ton bureau, et double-clic sur clean.cmd 

une fenêtre noire va apparaître pendant un instant, laisse la ouverte. 

(3) Choisis l'option 1 puis patiente 
Poste le rapport obtenu 


pour retrouver le rapport : double clique sur > C > double clique sur " rapport_clean txt. 
et copie/colle le sur ta prochaine réponse . 

Ne passe pas à l'option 2 sans notre avis !

Utilisateur anonyme · Answer

oui continue

Utilisateur anonyme · Answer

réouvre clean 

passe l option 2 et envoi le rapport + un rapport hijackthis fais apres passage de clean option 2

Utilisateur anonyme · Answer

un rapport hiajckthis stp

seb · Answer

voila le rapport je n'avait pas compris pardon

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:57:14, on 28/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\dnetc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\DOCUME~1\SEBELM~1\LOCALS~1\Temp\Répertoire temporaire 2 pour HiJackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {29AB2B5B-392D-45C9-B323-CF4F65B07E7F} - C:\WINDOWS\system32\mlJDttuv.dll (file missing)
O2 - BHO: (no name) - {43FFFA70-B75A-4EDE-9B27-380F4B61B200} - C:\WINDOWS\system32\qoMghFvw.dll (file missing)
O2 - BHO: (no name) - {4AA5DEF4-A3F5-406E-B4B6-BA981B331C26} - C:\WINDOWS\system32\pmnoOGWN.dll (file missing)
O2 - BHO: (no name) - {522E0112-EDD9-413D-A99E-C311A54B6676} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {86959FE0-462B-4162-9ED9-402A78B7C9F9} - (no file)
O2 - BHO: (no name) - {87EAA548-F021-4B07-872E-309CF96E204A} - C:\WINDOWS\system32\opnKDwuR.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: (no name) - {D2750932-B7C1-4B2C-A2C9-32CA193D702E} - (no file)
O2 - BHO: (no name) - {E335D7C5-C8B8-41EC-AAAF-A75DEA707C93} - C:\WINDOWS\system32\jkkLETKc.dll (file missing)
O2 - BHO: (no name) - {F43C3FF0-479C-495C-AA43-5275FA825372} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [94d4f9f9] rundll32.exe "C:\WINDOWS\system32\asxpmbdj.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe"  -osboot
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [qmoclya] c:\documents and settings\seb elmon\local settings\application data\qmoclya.exe qmoclya
O4 - HKCU\..\Run: [hhmgkkoc] c:\documents and settings\seb elmon\local settings\application data\hhmgkkoc.exe hhmgkkoc
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: distributed.net client (dnetc) - Distributed Computing Technologies, Inc. - C:\WINDOWS\dnetc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

Utilisateur anonyme · Answer

y a encore des petites bebetes 

Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe 


-> Double clique combofix.exe. 
-> Tape sur la touche 1 (Yes) pour démarrer le scan. 
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt 

Avant d'utiliser ComboFix : 

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours. 

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil. 

Une fois fait, sur ton bureau double-clic sur Combofix.exe. 

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc. 

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes. 

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire. 

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt) 

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet. 

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message. 

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Utilisateur anonyme · Answer

ok 

refais un scan hijackthis et poste le rapport stp

ensuite je regarde tout ça et je te dis la suite

seb · Answer

voila
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:12:25, on 28/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\dnetc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\SEBELM~1\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {29AB2B5B-392D-45C9-B323-CF4F65B07E7F} - C:\WINDOWS\system32\mlJDttuv.dll (file missing)
O2 - BHO: (no name) - {43FFFA70-B75A-4EDE-9B27-380F4B61B200} - C:\WINDOWS\system32\qoMghFvw.dll (file missing)
O2 - BHO: (no name) - {4AA5DEF4-A3F5-406E-B4B6-BA981B331C26} - C:\WINDOWS\system32\pmnoOGWN.dll (file missing)
O2 - BHO: (no name) - {522E0112-EDD9-413D-A99E-C311A54B6676} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {86959FE0-462B-4162-9ED9-402A78B7C9F9} - (no file)
O2 - BHO: (no name) - {87EAA548-F021-4B07-872E-309CF96E204A} - C:\WINDOWS\system32\opnKDwuR.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: (no name) - {D2750932-B7C1-4B2C-A2C9-32CA193D702E} - (no file)
O2 - BHO: (no name) - {E335D7C5-C8B8-41EC-AAAF-A75DEA707C93} - C:\WINDOWS\system32\jkkLETKc.dll (file missing)
O2 - BHO: (no name) - {F43C3FF0-479C-495C-AA43-5275FA825372} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [94d4f9f9] rundll32.exe "C:\WINDOWS\system32\asxpmbdj.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe"  -osboot
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: distributed.net client (dnetc) - Distributed Computing Technologies, Inc. - C:\WINDOWS\dnetc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

Utilisateur anonyme · Answer

Copie le texte ci-dessous : 


File:: 
c:\Documents and Settings\Seb Elmon\Local Settings\Application Data\hhmgkkoc.dat 
c:\Documents and Settings\Seb Elmon\Local Settings\Application Data\hhmgkkoc_nav.dat 
c:\Documents and Settings\Seb Elmon\Local Settings\Application Data\hhmgkkoc_navps.dat 
C:\WINDOWS\system32\AdMWaccf.ini2 
C:\WINDOWS\system32\cKTELkkj.ini2 
C:\WINDOWS\system32\gPXaaGgh.ini2 
C:\WINDOWS\system32\NWGOonmp.ini2 
C:\WINDOWS\system32\RuwDKnpo.ini2 
C:\WINDOWS\system32\vuttDJlm.ini2 
C:\WINDOWS\system32\wvFhgMoq.ini2 
C:\WINDOWS\system32\ddMWFfhk.ini2 
C:\WINDOWS\system32\AD353251F9.sys 
C:\WINDOWS\system32\KGyGaAvL.sys 
C:\WINDOWS\system32\asxpmbdj.dll
C:\WINDOWS\system32\mlJDttuv.dll 
C:\WINDOWS\system32\qoMghFvw.dll 
C:\WINDOWS\system32\pmnoOGWN.dll
C:\WINDOWS\system32\opnKDwuR.dll 
C:\WINDOWS\system32\jkkLETKc.dll 



Folder:: 
C:\WINDOWS\system32\kr_done1de 


Registry:: 
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29AB2B5B-392D-45C9-B323-CF4F65B07E7F}] 
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43FFFA70-B75A-4EDE-9B27-380F4B61B200}] 
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4AA5DEF4-A3F5-406E-B4B6-BA981B331C26}] 
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87EAA548-F021-4B07-872E-309CF96E204A}] 
[HEY_LOCAL_MACHINE\~\Browser Helper Objects\{E335D7C5-C8B8-41EC-AAAF-A75DEA707C93}] 






Ouvre le Bloc-Notes puis colle le texte copié. 
(Démarrer\Tous les programmes\Accessoires\Bloc notes.) 
Sauvegarde ce fichier sous le nom de CFScript.txt. 

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous : 

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif 

Cela va relancer Combofix, 

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide. 

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal! 

Ne touche à rien tant que le scan n'est pas terminé. 

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis. 

S'il n'y a pas de rédémarrage, poste quand même les rapports.

seb · Answer

pas de redemarage ComboFix 08-05-27.4 - Seb Elmon 2008-05-28 18:37:42.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.564 [GMT 2:00] Endroit: C:\Documents and Settings\Seb Elmon\Mes documents\logiciel ordi\ComboFix.exe Command switches used :: C:\CFScript.txt..txt * Création d'un nouveau point de restauration [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] FILE :: c:\Documents and Settings\Seb Elmon\Local Settings\Application Data\hhmgkkoc.dat c:\Documents and Settings\Seb Elmon\Local Settings\Application Data\hhmgkkoc_nav.dat c:\Documents and Settings\Seb Elmon\Local Settings\Application Data\hhmgkkoc_navps.dat C:\WINDOWS\system32\AD353251F9.sys C:\WINDOWS\system32\AdMWaccf.ini2 C:\WINDOWS\system32\asxpmbdj.dll C:\WINDOWS\system32\cKTELkkj.ini2 C:\WINDOWS\system32\ddMWFfhk.ini2 C:\WINDOWS\system32\gPXaaGgh.ini2 C:\WINDOWS\system32\jkkLETKc.dll C:\WINDOWS\system32\KGyGaAvL.sys C:\WINDOWS\system32\mlJDttuv.dll C:\WINDOWS\system32\NWGOonmp.ini2 C:\WINDOWS\system32\opnKDwuR.dll C:\WINDOWS\system32\pmnoOGWN.dll C:\WINDOWS\system32\qoMghFvw.dll C:\WINDOWS\system32\RuwDKnpo.ini2 C:\WINDOWS\system32\vuttDJlm.ini2 C:\WINDOWS\system32\wvFhgMoq.ini2 . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\AD353251F9.sys C:\WINDOWS\system32\KGyGaAvL.sys C:\WINDOWS\system32\kr_done1de\ . ((((((((((((((((((((((((((((( Fichiers créés 2008-04-28 to 2008-05-28 )))))))))))))))))))))))))))))))))))) . 2008-05-28 15:03 . 2008-05-28 15:03 640,432 --a------ C:\upload_moi_ELMON.tar.gz 2008-05-28 12:26 . 2008-05-28 12:26 d-------- C:\Documents and Settings\Seb Elmon\Application Data\Malwarebytes 2008-05-28 12:25 . 2008-05-28 12:25 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-28 12:25 . 2008-05-28 12:25 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-05-28 12:25 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-05-28 12:25 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-05-22 11:18 . 2008-05-22 11:18 d-------- C:\kav 2008-05-21 19:56 . 2008-05-21 19:56 d-------- C:\VundoFix Backups 2008-05-10 15:00 . 2008-05-10 15:00 1 --a------ C:\WINDOWS\system32\kr_done1de 2008-05-08 14:41 . 2008-05-08 14:41 d-------- C:\Program Files\FileZilla FTP Client 2008-05-08 14:41 . 2008-05-08 15:16 d-------- C:\Documents and Settings\Seb Elmon\Application Data\FileZilla 2008-04-28 18:42 . 2008-04-28 18:42 d-------- C:\Program Files\Spybot - Search & Destroy 2008-04-28 18:42 . 2008-04-28 18:44 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-04-28 16:41 . 2008-04-28 16:41 d-------- C:\Program Files\Lavasoft 2008-04-28 16:41 . 2008-04-28 16:41 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-04-28 16:41 . 2008-04-28 16:42 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-22 09:20 --------- d-----w C:\Documents and Settings\Seb Elmon\Application Data\uTorrent 2008-05-22 08:18 --------- d-----w C:\Program Files\eMule 2008-05-15 08:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-05-09 10:51 --------- d-----w C:\Program Files\Luxor 3 2008-05-02 10:21 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-24 13:10 --------- d-----w C:\Program Files\Services en ligne 2008-04-24 11:35 --------- d-----w C:\Documents and Settings\Seb Elmon\Application Data\Flying Pig Systems 2008-04-24 11:31 --------- d-----w C:\Program Files\Flying Pig Systems 2008-04-24 11:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Flying Pig Systems 2008-04-19 09:26 --------- d-----w C:\Documents and Settings\Lucie Mothes\Application Data\Samsung 2008-04-18 16:06 --------- d-----w C:\Program Files\MSBuild 2008-04-18 16:03 --------- d-----w C:\Program Files\Microsoft Visual Studio 8 2008-04-17 23:43 --------- d-----w C:\Documents and Settings\Seb Elmon\Application Data\Samsung 2008-04-17 23:41 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-17 23:36 --------- d-----w C:\Program Files\Samsung 2008-04-17 23:35 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-04-17 23:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters 2008-04-14 23:01 --------- d-----w C:\Program Files\Microsoft.NET 2008-04-14 23:01 --------- d-----w C:\Program Files\Microsoft Works 2008-04-14 22:48 --------- d-----w C:\Program Files\uTorrent 2008-04-14 22:35 --------- d-----w C:\Program Files\Dell 2008-04-14 22:28 --------- d-----w C:\Program Files\Windows Live Toolbar 2008-04-14 22:25 --------- d-----w C:\Program Files\Windows Desktop Search 2008-04-14 22:17 --------- d-----w C:\Program Files\Java 2008-04-14 22:16 --------- d-----w C:\Program Files\Google 2008-04-13 16:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-04-09 18:19 --------- d-----w C:\Program Files\Resco 2008-04-09 18:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\MGS 2008-04-09 18:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microgaming 2008-04-09 17:32 --------- d-----w C:\Program Files\Jewel Quest 2008-04-09 13:59 --------- d-----w C:\Program Files\MSN Messenger 2008-04-09 13:26 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-04-09 13:10 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-04-04 18:11 --------- d-----w C:\Program Files\Yacht 2008-03-31 11:00 --------- d-----w C:\Program Files\WYSIWYG 2008-03-31 09:04 --------- d-----w C:\Program Files\PDFCreator 2008-03-31 09:03 253,116 ----a-w C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_1890.exe 2008-03-31 09:03 15,397 ----a-w C:\Program Files\settings.dat 2008-03-31 09:03 --------- d-----w C:\Program Files\PDFCreator Toolbar 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-25 04:51 194,144 ------w C:\WINDOWS\system32\dllcache\msjint40.dll 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys 2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-02-29 08:57 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29AB2B5B-392D-45C9-B323-CF4F65B07E7F}] C:\WINDOWS\system32\mlJDttuv.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43FFFA70-B75A-4EDE-9B27-380F4B61B200}] C:\WINDOWS\system32\qoMghFvw.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4AA5DEF4-A3F5-406E-B4B6-BA981B331C26}] C:\WINDOWS\system32\pmnoOGWN.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{522E0112-EDD9-413D-A99E-C311A54B6676}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86959FE0-462B-4162-9ED9-402A78B7C9F9}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87EAA548-F021-4B07-872E-309CF96E204A}] C:\WINDOWS\system32\opnKDwuR.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D2750932-B7C1-4B2C-A2C9-32CA193D702E}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E335D7C5-C8B8-41EC-AAAF-A75DEA707C93}] C:\WINDOWS\system32\jkkLETKc.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F43C3FF0-479C-495C-AA43-5275FA825372}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ] "MsgCenterExe"="C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" [ ] "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 10:42 202088] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 01:20 1211176] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05 344064] "ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920] "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 03:10 409600] "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [ ] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] "94d4f9f9"="C:\WINDOWS\system32\asxpmbdj.dll" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\uTorrent\utorrent.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\eMule\emule.exe"= "C:\Program Files\WYSIWYG\Bin\Wyg.exe"= "C:\Program Files\MA Lighting Technologies\grandMA 3D\GrandMA 3D.exe"= "C:\Program Files\Messenger\msmsgs.exe"= "C:\Program Files\Microsoft ActiveSync apimgr.exe"= C:\Program Files\Microsoft ActiveSync apimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"= "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"= "C:\Program Files\Flying Pig Systems\Hog3PC\launcher-win32-golden.exe"= "C:\Program Files\Flying Pig Systems\Hog3PC\server-win32-golden.exe"= "C:\Program Files\Flying Pig Systems\Hog3PC\ob2000-win32-golden.exe"= "C:\Program Files\Flying Pig Systems\Hog3PC\desktop-win32-golden.exe"= "C:\Program Files\Flying Pig Systems\Hog3PC\critical-win32-golden.exe"= "C:\Program Files\Flying Pig Systems\Hog3PC\livecache-win32-golden.exe"= "C:\kav\kav7.0\english\setup.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] R3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 17:23] R3 msloop;FPS Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 21:53] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2006-06-07 14:45:11 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job" - C:\WINDOWS\system32\OOBE\oobebaln.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-28 18:38:34 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-05-28 18:39:19 ComboFix-quarantined-files.txt 2008-05-28 16:39:07 ComboFix2.txt 2008-05-28 14:25:48 Pre-Run: 113,749,393,408 octets libres Post-Run: 113,741,541,376 octets libres 195 --- E O F --- 2008-05-28 09:46:02 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:50:06, on 28/05/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\dnetc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\stsystra.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1 apimgr.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32 otepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe C:\DOCUME~1\SEBELM~1\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {29AB2B5B-392D-45C9-B323-CF4F65B07E7F} - C:\WINDOWS\system32\mlJDttuv.dll (file missing) O2 - BHO: (no name) - {43FFFA70-B75A-4EDE-9B27-380F4B61B200} - C:\WINDOWS\system32\qoMghFvw.dll (file missing) O2 - BHO: (no name) - {4AA5DEF4-A3F5-406E-B4B6-BA981B331C26} - C:\WINDOWS\system32\pmnoOGWN.dll (file missing) O2 - BHO: (no name) - {522E0112-EDD9-413D-A99E-C311A54B6676} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {86959FE0-462B-4162-9ED9-402A78B7C9F9} - (no file) O2 - BHO: (no name) - {87EAA548-F021-4B07-872E-309CF96E204A} - C:\WINDOWS\system32\opnKDwuR.dll (file missing) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O2 - BHO: (no name) - {D2750932-B7C1-4B2C-A2C9-32CA193D702E} - (no file) O2 - BHO: (no name) - {E335D7C5-C8B8-41EC-AAAF-A75DEA707C93} - C:\WINDOWS\system32\jkkLETKc.dll (file missing) O2 - BHO: (no name) - {F43C3FF0-479C-495C-AA43-5275FA825372} - (no file) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [94d4f9f9] rundll32.exe "C:\WINDOWS\system32\asxpmbdj.dll",b O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: distributed.net client (dnetc) - Distributed Computing Technologies, Inc. - C:\WINDOWS\dnetc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

Utilisateur anonyme · Answer

ok il reste un truc a verifé .....

mais avant un peux de ménage s impose :

réouvre hijackthis 
fais scan only 
coche toutes ces lignes :


O2 - BHO: (no name) - {29AB2B5B-392D-45C9-B323-CF4F65B07E7F} - C:\WINDOWS\system32\mlJDttuv.dll (file missing) 
O2 - BHO: (no name) - {43FFFA70-B75A-4EDE-9B27-380F4B61B200} - C:\WINDOWS\system32\qoMghFvw.dll (file missing) 
O2 - BHO: (no name) - {4AA5DEF4-A3F5-406E-B4B6-BA981B331C26} - C:\WINDOWS\system32\pmnoOGWN.dll (file missing) 
O2 - BHO: (no name) - {522E0112-EDD9-413D-A99E-C311A54B6676} - (no file) 

O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file) 

O2 - BHO: (no name) - {86959FE0-462B-4162-9ED9-402A78B7C9F9} - (no file) 
O2 - BHO: (no name) - {87EAA548-F021-4B07-872E-309CF96E204A} - C:\WINDOWS\system32\opnKDwuR.dll (file missing) 

O2 - BHO: (no name) - {D2750932-B7C1-4B2C-A2C9-32CA193D702E} - (no file) 
O2 - BHO: (no name) - {E335D7C5-C8B8-41EC-AAAF-A75DEA707C93} - C:\WINDOWS\system32\jkkLETKc.dll (file missing) 
O2 - BHO: (no name) - {F43C3FF0-479C-495C-AA43-5275FA825372} - (no file) 


O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) 

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') 
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') 
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') 
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') 

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) 

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab 


tu les coches et tu clic sur fix checked 

ensuite désinstal java car pas a jours et telecharge et instal cette version :

https://www.java.com/fr/download/manual.jsp

ensuite :


regarde ceci concernant avast : 

antivir vs avast : 

-> http://forum.malekal.com/ftopic3528.php 

alors je te conseille de le desinstaller et d´installer antivir a la place 

Telecharge et instales l'antivirus Antivir Personal Edition Classic : 

->https://www.malekal.com/avira-free-security-antivirus-gratuit/ 

https://www.avira.com/en/prime 

http://mickael.barroux.free.fr/securite/antivir.php 
http://speedweb1.free.fr/frames2.php?page=tuto5 


Pour désinstaller Avast telecharge cet outil

https://www.avast.com/fr-fr/uninstall-utility



telecharge Ccleaner :

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

instal le sans la barre yahoo 

fais lancer le nettoyage

repete l opération jusqu a ce qu il trouve rien 

ensuite fais registre

fais chercher les erreures 

ensuite fais corriger les erreures 

repete l opération jusqu a ce qu il trouve rien 


et pour finir :


Rend toi sur ce site : 
http://www.virustotal.com/xhtml/virustotal_en.html 
Clik sur parcourir 
Recherche ceci : 

C:\WINDOWS\system32\asxpmbdj.dll

Clik send et colle le rapport sur le forum stp

seb · Answer

j'ai tout fait sauf la fin car je ne trouve pas C:\WINDOWS\system32\asxpmbdj.dll dans parcourir du logiciel fourni par ton lien

Utilisateur anonyme · Answer

parfais 


j ai fais ma recherche de mon coté a son sujet 


télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. 
double-clique sur OTMoveIt.exe pour le lancer. 
copie la ligne qui se trouve ci-dessous, 
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved. 

 
C:\WINDOWS\system32\asxpmbdj.dll 




clique sur MoveIt! pour lancer la suppression. 
le résultat apparaitra dans le cadre "Results". 
clique sur Exit pour fermer. 
poste le rapport situé dans C:\_OTMoveIt\MovedFiles. 

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

seb · Answer

File/Folder C:\WINDOWS\system32\asxpmbdj.dll not found.
 
OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05282008_204237

Utilisateur anonyme · Answer

ok refais un scan hijackthis et poste le rapport stp

seb · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51:36, on 28/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\dnetc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\SEBELM~1\LOCALS~1\Temp\Répertoire temporaire 3 pour HiJackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [94d4f9f9] rundll32.exe "C:\WINDOWS\system32\asxpmbdj.dll",b
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe"  -osboot
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: distributed.net client (dnetc) - Distributed Computing Technologies, Inc. - C:\WINDOWS\dnetc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

Utilisateur anonyme · Answer

réouvre hijackthis fais scan only 

coche ces lignes :

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) 

O4 - HKLM\..\Run: [94d4f9f9] rundll32.exe "C:\WINDOWS\system32\asxpmbdj.dll",b 

coche les et clic sur fix checked 

ensuite verifie ça 

va dans poste de travail 
entre dans le disque C
entre dans le dossier windows 

recherche ce fichier : asxpmbdj.dll

si il est present supprime le 


ensuite suis cette procédure :



_Maintenant , nous allons supprimer les logiciels de désinfection que je t'ai fait téléchargé. 
En effet , s'en servir est dangereux pour le pc si l'on ne s'y connais pas. 
De plus ils sont mis régulièrement à jours. 


? Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau. 


http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

? Double clique sur ToolsCleaner2.exe > 
? Clique sur .Recherche 
? puis sur Suppression quand la liste est trouvée. 
? Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\). 


(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller ) 

Note : ton bureau RISQUE de disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante : 

CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches. 
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter" 

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau 

Tuto : https://www.commentcamarche.net/list 8341 toolscleaner suppression des fix de force brute ( merci espion3004 )

seb · Answer

lorsque je redemare l'ordi 

une fenetre souvre 

RUNDLL
erreur de chargement de C:\WINDOWS\system32\asxpmbdj.dll
le module spécifié est introuvable

Utilisateur anonyme · Answer

faus positif rrrr

va sur ce site :

https://www.dll-files.com/request/

met ton mail 

tu recevra un message et t aura la dll 

il te suffira de la mettre dans le dossier system32

poste de travail dossier windows dossier system32

Utilisateur anonyme · Answer

DANS filename met : asxpmbdj.dll

Utilisateur anonyme · Answer

en fait cette dll 

j ai fais des recherche et elle etait declaré nefaste 

mais au final dans ton system elle est légitime sorry

Utilisateur anonyme · Answer

Maintenat c est fini ton pc est propre 

faudra attendre le mail pour la dll tu aura un lien pour la telecharger 

voila 

ciao et @+

Utilisateur anonyme · Answer

Je garde ton sujet dans mes intervention au cas ou y un soucis avec cette dll

Utilisateur anonyme · Answer

Salut ,
Non dans son système ( comme dans tout les systèmes ) , elle n'est pas légitime.

Seb , supprime ce fichier :

C:\WINDOWS\system32\asxpmbdj.dll 

Si tu ne le trouve pas , cela veut dire qu'il y a des clés de registres infectées à supprimer.

 (Chiquitine > d'ailleurs dans le CFScript , la syntaxe pour registry est incorrècte )




A++

Utilisateur anonyme · Answer

telecharge Ccleaner :

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

instal le sans la barre yahoo 

fais lancer le nettoyage

repete l opération jusqu a ce qu il trouve rien 

ensuite fais registre

fais chercher les erreures 

ensuite fais corriger les erreures 

repete l opération jusqu a ce qu il trouve rien

Utilisateur anonyme · Answer

Va dans poste de travail

fais un clic droit sur le disque C
choisi propriete
va sur outil
chosi defragmenter 

ouvre la commande executer 
tape msconfig
va sur demarrage

décoche les programmes inutiles clic sur appliquer et redémarre apres la defragmentation

sinon fais moi la liste des programmes je te dirais quoi decocher

Utilisateur anonyme · Answer

manuellement sorry

Utilisateur anonyme · Answer

decoche ça :

stsystra 
jusched 
reader_sl 
asxpmbdj 

clic sur appliqué et redémarre 

dis moi si t as encore le soucis de dll

Utilisateur anonyme · Answer

fais ctrl + alt + suprr

ouvre le gestionnaire des taches et regarde quelle application te prend le plus de ressources

Utilisateur anonyme · Answer

Salut ,
On va arrêter là le massacre.

Seb > Tu es encore infecté.

******************************************

&#8594; Télécharge TrendMicro™ HijackThis™



Place le dans '  C:\programmes\  '

PUIS ,,

&#8594; Télécharge sur ton bureau DSS (ex Comboscan) de Deckard:

(choisis enregistrer, puis Bureau comme emplacement)

Ferme toutes les applications en cours.

&#8594; Double-clic sur DSS.exe pour lancer l'outil.

&#8594; Une fenêtre s'ouvre, invitant à fermer toutes les applications, clique sur OK.

&#8594; A la fin de l'analyse, une fenêtre s'ouvre, clique sur OK.

Le rapport main.txt va s'afficher, copie le dans ta prochaine réponse.
Si un rapport complémentaire a été créé, poste le aussi dans ta réponse.


(CTRL+A Pour tout selectionner  , CTRL+C pour copier et CTRL+V pour coller )


******************************************

Télécharge http://www.suspectfile.com/systemscan/   ( Systemscan )
  

&#8594; Double clic dessus (ferme ton antivirus le temps du téléchargement s'il te détecte quoi que ce soit et réactive le après)

&#8594; Clique sur Unselect all

Coche uniquement ces cases :

_ Recent Files, 30 days

_ Registry run keys

_ Suspicious files


Puis clique sur scan now, sois patient.
Une fois le scan terminé, un rapport va s'ouvrir, copie et colle son contenu ici et vérifie qu'il soit bien en entier, si besoin crée deux messages.

(CTRL+A Pour tout selectionner  , CTRL+C pour copier et CTRL+V pour coller )


******************************************


Bonne chance
A++

seb · Answer

voici le report.txt SystemScan - www.suspectfile.com - ver. 3.5.5 (code: holifay & bReAkdOWn) Running on: Windows XP PROFESSIONAL Edition, Service Pack 2 (2600.5.1) System directory: C:\WINDOWS SystemScan file: C:\Documents and Settings\Seb Elmon\Mes documents\logiciel ordi\sys92499.exe Running in: User mode Date: 29/05/2008 Time: 23:18:20 Output limited to: -Recent files -Registry Run Keys -Suspicious Files ===================== RECENT FILES ===================== Showing files newer than 30 days ----- recent files in C:\ 10/05/2008 14:59:38 (DIR) 0 byte 19 days old -- System Volume Information 15/05/2008 14:06:30 (DIR) 0 byte 14 days old -- i386 22/05/2008 11:18:14 (DIR) 0 byte 7 days old -- kav 23/05/2008 19:26:53 969 byte 6 days old -- VundoFix.txt 28/05/2008 15:03:41 640432 byte 1 days old -- upload_moi_ELMON.tar.gz 28/05/2008 15:30:47 198 byte 1 days old -- resultat_clean.txt 28/05/2008 15:32:50 637 byte 1 days old -- rapport_clean.txt 28/05/2008 18:39:20 13463 byte 1 days old -- ComboFix.txt 28/05/2008 18:54:04 (DIR) 0 byte 1 days old -- RECYCLER 28/05/2008 19:31:57 (DIR) 0 byte 1 days old -- Config.Msi 28/05/2008 21:15:45 3103 byte 1 days old -- TCleaner.txt 29/05/2008 22:04:22 209 byte 0 days old -- boot.ini 29/05/2008 22:24:00 1610612736 byte 0 days old -- pagefile.sys 29/05/2008 22:24:02 (DIR)1071796224 byte 0 days old -- hiberfil.sys 29/05/2008 22:26:18 (DIR) 0 byte 0 days old -- WINDOWS 29/05/2008 23:05:09 (DIR) 0 byte 0 days old -- Program Files 29/05/2008 23:06:06 (DIR) 0 byte 0 days old -- Deckard ----- recent files in C:\WINDOWS\ 15/05/2008 11:49:17 1208 byte 14 days old -- wininit.ini 19/05/2008 20:24:27 (DIR) 0 byte 10 days old -- $NtUninstallKB950749$ 22/05/2008 11:36:24 614 byte 7 days old -- BM97e7ca65.txt 28/05/2008 10:31:38 (DIR) 0 byte 1 days old -- $hf_mig$ 28/05/2008 11:45:54 (DIR) 0 byte 1 days old -- $NtUninstallKB932823-v3$ 28/05/2008 11:46:01 (DIR) 0 byte 1 days old -- inf 28/05/2008 15:15:20 (DIR) 0 byte 1 days old -- network diagnostic 28/05/2008 19:34:14 (DIR) 0 byte 1 days old -- Installer 28/05/2008 20:19:50 (DIR) 0 byte 1 days old -- Debug 28/05/2008 20:19:50 (DIR) 0 byte 1 days old -- Minidump 29/05/2008 08:29:06 (DIR) 0 byte 0 days old -- pss 29/05/2008 15:56:21 (DIR) 0 byte 0 days old -- system32 29/05/2008 22:00:35 4776 byte 0 days old -- ModemLog_SoftV90 Data Fax Modem.txt 29/05/2008 22:04:22 227 byte 0 days old -- system.ini 29/05/2008 22:04:22 699 byte 0 days old -- win.ini 29/05/2008 22:23:07 32512 byte 0 days old -- SchedLgU.Txt 29/05/2008 22:24:04 2048 byte 0 days old -- bootstat.dat 29/05/2008 22:24:19 50 byte 0 days old -- wiaservc.log 29/05/2008 22:24:20 159 byte 0 days old -- wiadebug.log 29/05/2008 22:24:20 (DIR) 0 byte 0 days old -- Registration 29/05/2008 22:25:04 0 byte 0 days old -- 0.log 29/05/2008 22:28:45 32 byte 0 days old -- buff-out.r72 29/05/2008 23:05:03 1381167 byte 0 days old -- WindowsUpdate.log 29/05/2008 23:05:03 1212 byte 0 days old -- wmsetup.log 29/05/2008 23:06:15 (DIR) 0 byte 0 days old -- erdnt 29/05/2008 23:17:16 (DIR) 0 byte 0 days old -- Temp 29/05/2008 23:17:36 (DIR) 0 byte 0 days old -- Prefetch 29/05/2008 23:17:55 384 byte 0 days old -- jantje 29/05/2008 23:17:55 8304 byte 0 days old -- buff-in.ogf 29/05/2008 23:17:55 208 byte 0 days old -- buff-out.ogf 29/05/2008 23:17:55 32 byte 0 days old -- buff-in.r72 ----- recent files in C:\WINDOWS\Downloaded Program Files\ ----- recent files in C:\WINDOWS\system\ ----- recent files in C:\WINDOWS\system32\ 09/05/2008 23:35:04 16863864 byte 20 days old -- MRT.exe 10/05/2008 14:59:38 (DIR) 0 byte 19 days old -- Restore 10/05/2008 15:00:33 1 byte 19 days old -- kr_done1de 22/05/2008 11:35:17 0 byte 7 days old -- clkcnt.txt 28/05/2008 11:45:55 (DIR) 0 byte 1 days old -- dllcache 28/05/2008 16:12:57 (DIR) 0 byte 1 days old -- config 28/05/2008 19:14:36 (DIR) 0 byte 1 days old -- FlashAX 28/05/2008 19:31:37 6508 byte 1 days old -- jupdate-1.6.0_06-b02.log 28/05/2008 19:45:17 3072 byte 1 days old -- CONFIG.NT 28/05/2008 19:58:03 (DIR) 0 byte 1 days old -- drivers 29/05/2008 22:24:20 (DIR) 0 byte 0 days old -- CatRoot2 29/05/2008 22:26:12 2206 byte 0 days old -- wpa.dbl ----- recent files in C:\WINDOWS\system32\drivers\ 05/05/2008 20:46:32 15864 byte 24 days old -- mbam.sys 05/05/2008 20:46:36 27048 byte 24 days old -- mbamcatchme.sys 28/05/2008 20:12:24 79424 byte 1 days old -- avipbb.sys 28/05/2008 23:19:07 (DIR) 0 byte 1 days old -- etc ----- recent files in C:\WINDOWS emp\ ----- recent files in C:\Program Files\ 08/05/2008 14:41:33 (DIR) 0 byte 21 days old -- FileZilla FTP Client 09/05/2008 12:51:18 (DIR) 0 byte 20 days old -- Luxor 3 22/05/2008 10:18:57 (DIR) 0 byte 7 days old -- eMule 28/05/2008 12:25:53 (DIR) 0 byte 1 days old -- Malwarebytes' Anti-Malware 28/05/2008 19:30:08 (DIR) 0 byte 1 days old -- Fichiers communs 28/05/2008 19:31:37 (DIR) 0 byte 1 days old -- Java 28/05/2008 19:31:56 (DIR) 0 byte 1 days old -- Sun 28/05/2008 19:45:42 (DIR) 0 byte 1 days old -- Alwil Software 28/05/2008 19:58:02 (DIR) 0 byte 1 days old -- Avira 28/05/2008 20:18:39 (DIR) 0 byte 1 days old -- CCleaner 28/05/2008 20:21:52 (DIR) 0 byte 1 days old -- Yahoo! 29/05/2008 23:05:09 (DIR) 0 byte 0 days old -- Trend Micro ----- recent files in C:\Program Files\Fichiers communs\ 28/05/2008 19:30:08 (DIR) 0 byte 1 days old -- Java ----- recent files in C:\Documents and Settings\Seb Elmon\Application Data\ 02/05/2008 10:32:58 (DIR) 0 byte 27 days old -- Mozilla 07/05/2008 11:36:09 (DIR) 0 byte 22 days old -- Microsoft 08/05/2008 15:16:36 (DIR) 0 byte 21 days old -- FileZilla 11/05/2008 19:12:52 196 byte 18 days old -- G-Force Prefs (WindowsMediaPlayer).txt 22/05/2008 11:20:30 (DIR) 0 byte 7 days old -- uTorrent 28/05/2008 12:26:03 (DIR) 0 byte 1 days old -- Malwarebytes ----- recent files in C:\DOCUME~1\SEBELM~1\LOCALS~1\Temp\ 29/05/2008 22:32:56 75460 byte 0 days old -- WCESLog.log 29/05/2008 23:17:26 25850 byte 0 days old -- WCESMgr.log 29/05/2008 23:17:26 16384 byte 0 days old -- ~DF3433.tmp 29/05/2008 23:17:26 76 byte 0 days old -- systemscan.ini 29/05/2008 23:17:26 (DIR) 0 byte 0 days old -- nsw29.tmp ===================== REGISTRY SCAN ===================== -----HKLM\Software\Microsoft\Windows\CurrentVersion\Run----- [run] "ISUSScheduler"="\"C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe\" -start" "ISUSPM Startup"="\"C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe\" -startup" "GrooveMonitor"="\"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe\"" "ehTray"="C:\WINDOWS\ehome\ehtray.exe" "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon" "avgnt"="\"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe\" /min" "ATIPTA"="\"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe\"" "94d4f9f9"="rundll32.exe \"C:\WINDOWS\system32\asxpmbdj.dll\",b" [run\OptionalComponents] @="" [run\OptionalComponents\IMAIL] @="" [run\OptionalComponents\MAPI] @="" [run\OptionalComponents\MSFS] @="" -----HKCU\Software\Microsoft\Windows\CurrentVersion\Run----- [Run] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" "H/PC Connection Agent"="\"C:\Program Files\Microsoft ActiveSync\wcescomm.exe\"" -----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run----- [Run] -----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run----- [Run] -----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run----- [Run] -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows----- [Windows] "AppInit_DLLs"="" -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad----- [ShellServiceObjectDelayLoad] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" #### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" #### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" #### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"C:\WINDOWS\system32\webcheck.dll" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" #### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\system32\stobject.dll" "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" #### HKCR\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32 @="C:\WINDOWS\system32\WPDShServiceObj.dll" -----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks----- [ShellExecuteHooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" #### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll" "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook" #### HKCR\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InprocServer32 @="C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" -----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon----- [Winlogon] "Shell"="Explorer.exe" "System"="" "Userinit"="C:\WINDOWS\system32\userinit.exe," "VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\"" "UIHost"=expand:"logonui.exe" "LogonType"=dword:00000001 "WinStationsDisabled"="0" [Winlogon\GPExtensions] [Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}] "@="Sans fil" "DllName"=expand:"gptext.dll" [Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}] "@="Folder Redirection" "DllName"=expand:"fdeploy.dll" [Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}] "@="Quota du disque Microsoft" "DllName"=expand:"dskquota.dll" [Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}] "@="Planificateur de paquets QoS" "DllName"=expand:"gptext.dll" [Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}] "@="Scripts" "DllName"=expand:"gptext.dll" [Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}] "@="Internet Explorer Zonemapping" "DllName"=expand:"iedkcs32.dll" [Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}] "DllName"=expand:"scecli.dll" "@="Security" [Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}] "DllName"="iedkcs32.dll" "@="Internet Explorer Branding" [Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}] "DllName"=expand:"scecli.dll" "@="EFS recovery" [Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}] "@="Microsoft Offline Files" "DllName"=expand:"%SystemRoot%\System32\cscui.dll" [Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}] "@="Installation de logiciel" "DllName"=expand:"appmgmts.dll" [Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}] "@="Sécurité IP" "DllName"=expand:"gptext.dll" [Winlogon\Notify] [Winlogon\Notify\crypt32chain] "DllName"=expand:"crypt32.dll" [Winlogon\Notify\cryptnet] "DllName"=expand:"cryptnet.dll" [Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" [Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" [Winlogon\Notify\Schedule] "DllName"=expand:"wlnotify.dll" [Winlogon\Notify\sclgntfy] "DllName"=expand:"sclgntfy.dll" [Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" [Winlogon\Notify ermsrv] "DllName"=expand:"wlnotify.dll" [Winlogon\Notify\WgaLogon] "DllName"=expand:"WgaLogon.dll" [Winlogon\Notify\WgaLogon\Settings] [Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" [Winlogon\SCLogon] [Winlogon\SpecialAccounts] [Winlogon\SpecialAccounts\UserList] "HelpAssistant"=dword:00000000 "TsInternetUser"=dword:00000000 "SQLAgentCmdExec"=dword:00000000 "NetShowServices"=dword:00000000 "IWAM_"=dword:00010000 "IUSR_"=dword:00010000 "VUSR_"=dword:00010000 "ASPNET"=dword:00000000 -----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon----- [Winlogon] "ParseAutoexec"="1" "ExcludeProfileDirs"="Local Settings;Temporary Internet Files;Historique;Temp" "BuildNumber"=dword:00000a28 -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options----- [Image File Execution Options\Your Image File Name Here without a path] "Debugger"="ntsd -d" -----HKLM\System\CurrentControlSet\Control\Session Manager\----- [Session Manager] "BootExecute"=multi:"autocheck autochk *\00lsdelete\00\00" [Session Manager\SubSystems] "Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16" -----HKLM\SYSTEM\CurrentControlSet\Control\WOW----- [WOW] "cmdline"=expand:"%SystemRoot%\system32 tvdm.exe" "wowcmdline"=expand:"%SystemRoot%\system32 tvdm.exe -a %SystemRoot%\system32\krnl386" -----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run----- -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce----- [RunOnce] -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx----- -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices----- [RunServices] -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce----- [RunServicesOnce] -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce----- [RunOnce] -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx----- -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices----- [RunServices] -----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run----- -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce----- [RunServicesOnce] -----HKLM\Software\Microsoft\Command Processor\Autorun----- -----HKCU\Software\Microsoft\Command Processor\Autorun----- -----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load----- -----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup----- -----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon----- -----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon----- -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce----- -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run----- -----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds dpwd\StartupPrograms----- -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce----- -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler----- [SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" #### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" #### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll" -----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects----- [Browser Helper Objects] [Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] [Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] #### HKCR\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\InprocServer32 @="C:\PROGRA~1\SPYBOT~1\SDHelper.dll" [Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] #### HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InprocServer32 @="C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll" [Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] #### HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32 @="C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll" [Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}] #### HKCR\CLSID\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}\InprocServer32 @="C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll" -----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks----- [URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="" #### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\WINDOWS\system32\ieframe.dll" "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"="" -----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig----- [MSConfig] [MSConfig\services] [MSConfig\startupfolder] [MSConfig\startupreg] [MSConfig\startupreg\94d4f9f9] "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "item"="asxpmbdj" "hkey"="HKLM" "command"="rundll32.exe \"C:\WINDOWS\system32\asxpmbdj.dll\",b" "inimapping"="0" [MSConfig\startupreg\Adobe Reader Speed Launcher] "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "item"="Reader_sl" "hkey"="HKLM" "command"="\"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe\"" "inimapping"="0" [MSConfig\startupreg\SigmatelSysTrayApp] "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "item"="stsystra" "hkey"="HKLM" "command"="stsystra.exe" "inimapping"="0" [MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "item"="jusched" "hkey"="HKLM" "command"="\"C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe\"" "inimapping"="0" [MSConfig\state] "system.ini"=dword:00000000 "win.ini"=dword:00000000 "bootini"=dword:00000000 "services"=dword:00000000 "startup"=dword:00000002 -----HKCU\Control Panel\Desktop\----- [Desktop] [Desktop\WindowMetrics] -----HKEY_CLASSES_ROOT\exefile\shell\open\command----- [command] @="\"%1\" %*" -----HKEY_CLASSES_ROOT\comfile\shell\open\command----- [command] @="\"%1\" %*" -----HKEY_CLASSES_ROOT\batfile\shell\open\command----- [command] @="\"%1\" %*" -----HKEY_CLASSES_ROOT\piffile\shell\open\command----- [command] @="\"%1\" %*" -----HKEY_CLASSES_ROOT\scrFile\shell\open\command----- [command] @="\"%1\" /S" -----HKEY_CLASSES_ROOT\htafile\shell\open\command----- [Command] @="C:\WINDOWS\system32\mshta.exe \"%1\" %*" -----HKEY_CLASSES_ROOT\logfile\shell\open\command----- -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL----- [URL] [URL\DefaultPrefix] @="http://" [URL\Prefixes] "ftp"="ftp://" "gopher"="gopher://" "home"="http://" "mosaic"="http://" "www"="http://" -----HKLM\SYSTEM\CurrentControlSet\Control\Lsa----- [Lsa] [Lsa\AccessProviders] [Lsa\AccessProviders\Windows NT Access Provider] "ProviderPath"=expand:"%SystemRoot%\system32 tmarta.dll" [Lsa\Audit] [Lsa\Audit\PerUserAuditing] [Lsa\Audit\PerUserAuditing\System] [Lsa\Data] [Lsa\SSO] [Lsa\SSO\Passport1.4] "SSOURL"="http://www.passport.com" [Lsa\SspiCache] [Lsa\SspiCache\digest.dll] "Name"="Digest" "Comment"="Digest SSPI Authentication Package" [Lsa\SspiCache\msapsspc.dll] "Name"="DPA" "Comment"="DPA Security Package" [Lsa\SspiCache\msnsspc.dll] "Name"="MSN" "Comment"="MSN Security Package" -----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess----- [SharedAccess] "DependOnGroup"=multi:"\00" "DependOnService"=multi:"Netman\00WinMgmt\00\00" "Description"="Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique." "DisplayName"="Pare-feu Windows / Partage de connexion Internet" "ErrorControl"=dword:00000001 "ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs" "ObjectName"="LocalSystem" "Start"=dword:00000002 "Type"=dword:00000020 [SharedAccess\Epoch] "Epoch"=dword:00002d27 [SharedAccess\Parameters] "ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll" [SharedAccess\Parameters\FirewallPolicy] [SharedAccess\Parameters\FirewallPolicy\DomainProfile] [SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications] [SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000" "C:\Program Files\Microsoft ActiveSync apimgr.exe"="C:\Program Files\Microsoft ActiveSync apimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" [SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts] [SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "26675:TCP"="26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service" [SharedAccess\Parameters\FirewallPolicy\RestrictedServices] [SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static] [SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=dword:00000001 "DoNotAllowExceptions"=dword:00000000 "DisableNotifications"=dword:00000000 [SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications] [SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019" "C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\WYSIWYG\Bin\Wyg.exe"="C:\Program Files\WYSIWYG\Bin\Wyg.exe:*:Enabled:WYG Application" "C:\Program Files\MA Lighting Technologies\grandMA 3D\GrandMA 3D.exe"="C:\Program Files\MA Lighting Technologies\grandMA 3D\GrandMA 3D.exe:*:Enabled:grandMA 3D" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\Microsoft ActiveSync apimgr.exe"="C:\Program Files\Microsoft ActiveSync apimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\Program Files\Flying Pig Systems\Hog3PC\launcher-win32-golden.exe"="C:\Program Files\Flying Pig Systems\Hog3PC\launcher-win32-golden.exe:*:Enabled:Hog 3PC" "C:\Program Files\Flying Pig Systems\Hog3PC\server-win32-golden.exe"="C:\Program Files\Flying Pig Systems\Hog3PC\server-win32-golden.exe:*:Enabled:Hog 3PC" "C:\Program Files\Flying Pig Systems\Hog3PC\ob2000-win32-golden.exe"="C:\Program Files\Flying Pig Systems\Hog3PC\ob2000-win32-golden.exe:*:Enabled:Hog 3PC" "C:\Program Files\Flying Pig Systems\Hog3PC\desktop-win32-golden.exe"="C:\Program Files\Flying Pig Systems\Hog3PC\desktop-win32-golden.exe:*:Enabled:Hog 3PC" "C:\Program Files\Flying Pig Systems\Hog3PC\critical-win32-golden.exe"="C:\Program Files\Flying Pig Systems\Hog3PC\critical-win32-golden.exe:*:Enabled:Hog 3PC" "C:\Program Files\Flying Pig Systems\Hog3PC\livecache-win32-golden.exe"="C:\Program Files\Flying Pig Systems\Hog3PC\livecache-win32-golden.exe:*:Enabled:Hog 3PC" "C:\kav\kav7.0\english\setup.exe"="C:\kav\kav7.0\english\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup" [SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts] [SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP"="1900:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22007" "2869:TCP"="2869:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22008" "139:TCP"="139:TCP:LocalSubNet:Disaxxxxx@xxxxxres.dll,-22004" "445:TCP"="445:TCP:LocalSubNet:Disaxxxxx@xxxxxres.dll,-22005" "137:UDP"="137:UDP:LocalSubNet:Disaxxxxx@xxxxxres.dll,-22001" "138:UDP"="138:UDP:LocalSubNet:Disaxxxxx@xxxxxres.dll,-22002" "26675:TCP"="26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service" [SharedAccess\Setup] "ServiceUpgrade"=dword:00000001 [SharedAccess\Setup\InterfacesUnfirewalledAtUpdate] "All"=dword:00000001 -----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\----- -----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2----- -----HKLM\Software\Microsoft\Ole----- [Ole] "DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\ "MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\ "MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\ "EnableDCOM"="Y" [Ole\AppCompat] [Ole\AppCompat\ActivationSecurityCheckExemptionList] "{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1" "{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1" "{0040D221-54A1-11D1-9DE0-006097042D69}"="1" "{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1" [Ole\NONREDIST] "System.EnterpriseServices.Thunk.dll"="" -----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\----- [AU] -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\----- [Security Center] "FirstRunDisabled"=dword:00000001 "AntiVirusDisableNotify"=dword:00000000 "FirewallDisableNotify"=dword:00000000 "UpdatesDisableNotify"=dword:00000000 "AntiVirusOverride"=dword:00000000 "FirewallOverride"=dword:00000000 [Security Center\Monitoring] [Security Center\Monitoring\AhnlabAntiVirus] [Security Center\Monitoring\ComputerAssociatesAntiVirus] [Security Center\Monitoring\KasperskyAntiVirus] [Security Center\Monitoring\McAfeeAntiVirus] [Security Center\Monitoring\McAfeeFirewall] [Security Center\Monitoring\PandaAntiVirus] [Security Center\Monitoring\PandaFirewall] [Security Center\Monitoring\SophosAntiVirus] [Security Center\Monitoring\SymantecAntiVirus] [Security Center\Monitoring\SymantecFirewall] [Security Center\Monitoring\TinyFirewall] [Security Center\Monitoring\TrendAntiVirus] [Security Center\Monitoring\TrendFirewall] [Security Center\Monitoring\ZoneLabsFirewall] -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\----- [SystemRestore] "DisableSR"=dword:00000000 "CreateFirstRunRp"=dword:00000001 "DSMin"=dword:000000c8 "DSMax"=dword:00000190 "RPSessionInterval"=dword:00000000 "RPGlobalInterval"=dword:00015180 "RPLifeInterval"=dword:0076a700 "CompressionBurst"=dword:0000003c "TimerInterval"=dword:00000078 "DiskPercent"=dword:0000000c "ThawInterval"=dword:00000384 "RestoreDiskSpaceError"=dword:00000000 "RestoreStatus"=dword:00000001 "RestoreSafeModeStatus"=dword:00000000 [SystemRestore\Cfg] "DiskPercent"=dword:0000000c "MachineGuid"="{C75D780B-5CD4-494E-AB96-5DA2A6677439}" [SystemRestore\SnapshotCallbacks] @="" -----HKEY_CURRENT_USER\Software\VB and VBA Program Settings----- -----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\----- -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions----- [AdvancedOptions] -----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions----- -----HKLM\Software\Microsoft\Active Setup\Installed Components----- [Installed Components] [Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] "@="IE7 Uninstall Stub" "ComponentID"="IEUDINIT" "StubPath"="C:\WINDOWS\system32\ieudinit.exe" [Installed Components\>{161C1725-D892-484A-9F8E-41B7C73BAA5F}] "StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP" "@="Personnalisation du navigateur" "ComponentID"="BRANDING.CAB" [Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] #### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll" "Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP" "@="Microsoft Windows Media Player" "ComponentID"="WMPACCESS" [Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] "@="Internet Explorer" "ComponentID"="IEACCESS" "StubPath"="C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig" [Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "@="Browser Customizations" "ComponentiD"="BRANDING.CAB" "StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP" [Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] "@="Outlook Express" "ComponentID"="OEACCESS" "StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE" [Installed Components\KB910393] "@="KB910393" "ComponentID"="KB910393" "StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall" [Installed Components\Microsoft Base Smart Card Crypto Provider Package] [Installed Components\WriteRegStr] [Installed Components\{0291E591-EA41-4c82-8106-3DC6CE7F7664}] #### HKCR\CLSID\{0291E591-EA41-4c82-8106-3DC6CE7F7664}\InprocServer32 @="C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll" [Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}] "@="Viewpoint Media Player" "ComponentID"="Viewpoint" [Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}] "@="Java (Sun)" "ComponentID"="JAVAVM" "KeyFileName"="C:\Program Files\Java\jre1.6.0_06\bin egutils.dll" [Installed Components\{0fde1f56-0d59-4fd7-9624-e3df6b419d0e}] "@="Fichier Lisez-moi d'Internet Explorer" "ComponentID"="IEREADME" [Installed Components\{0fde1f56-0d59-4fd7-9624-e3df6b419d0f}] "@="IEEX" "ComponentID"="IEEX" [Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}] "@="Rendu VML (Vector Graphics Rendering)" "ComponentID"="MSVML" [Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}] "@="Viewpoint Media Player" "ComponentID"="Viewpoint" [Installed Components\{1BC46932-21B2-4130-86E0-B4EB4F7A7A7B}] "@="Microsoft .NET Framework 1.0 Hotfix (KB887998)" "ComponentID"="NDPKB887998" [Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}] #### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll" "ComponentID"="NetShow" "StubPath"="" [Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] #### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll" "ComponentID"="Windows Media Player" "StubPath"="" "@="Microsoft Windows Media Player 6.4" [Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}] "@="DirectAnimation" "ComponentID"="DirectAnimation" [Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] "@="Themes Setup" "ComponentID"="Theme Component" "StubPath"=expand:"%SystemRoot%\system32 egsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32 hemeui.dll" [Installed Components\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}] #### HKCR\CLSID\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}\InprocServer32 @="C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll" [Installed Components\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}] #### HKCR\CLSID\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}\InprocServer32 @="C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll" [Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}] "@="Liaison de données Dynamic HTML pour Java" "ComponentID"="TridataJava" [Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] "@="Offline Browsing Pack" "ComponentID"="MobilePk" [Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}] "@="Uniscribe" "ComponentID"="USP10" [Installed Components\{407408d4-94ed-4d86-ab69-a7f649d112ee}] "@="Media Center" "ComponentID"="Media Center Shortcut" "StubPath"=expand:"%SystemRoot%\System32 undll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf" [Installed Components\{411EDCF7-755D-414E-A74B-3DCD6583F589}] "ComponentID"="S867460" "@="Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)" [Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}] "@="Création avancée" "ComponentID"="AdvAuth" [Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] "@="Microsoft Outlook Express 6" "ComponentID"="MailNews" "StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install" [Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] "@="NetMeeting 3.01" "ComponentID"="NetMeeting" "StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT" [Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}] "@="DirectShow" "ComponentID"="activemovie" [Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] "@="DirectDrawEx" "ComponentID"="DirectDrawEx" [Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] "@="Internet Explorer Help" "ComponentID"="HelpCont" [Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}] "@="Classes Java DirectAnimation" "ComponentID"="DAJava" [Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] "@="Microsoft Windows Script 5.7" "ComponentID"="MSVBScript" [Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] "KeyFileName"="C:\Program Files\Messenger\msmsgs.exe" "@="Windows Messenger 4.7" "ComponentID"="Messenger" "StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser" [Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}] "(Default)"="Internet Connection Wizard" "ComponentID"="ICW" [Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] "@="Internet Explorer Setup Tools" "ComponentID"="GenSetup" [Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] "@="Browsing Enhancements" "ComponentID"="ExtraPack" "KeyFileName"="C:\WINDOWS\system32\msieftp.dll" [Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] #### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll" "@="Microsoft Windows Media Player" "ComponentID"="Microsoft Windows Media Player" "StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub" [Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] "@="MSN Site Access" "ComponentID"="MSN_Auth" [Installed Components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}] "ComponentID"=".NETFramework" "@=".NET Framework" [Installed Components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}] "@="Web Folders" "ComponentID"="WebFolders" [Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] "@="Carnet d'adresses 6" "ComponentID"="WAB" "StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install" [Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] "@="Mise à jour du Bureau Windows" "ComponentID"="IE4Shell_NT" "StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll" [Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] "@="Internet Explorer" "ComponentID"="BASEIE40_W2K" "StubPath"="C:\WINDOWS\system32\ie4uinit.exe -BaseSettings" [Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix] [Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] "ComponentID"="DOTNETFRAMEWORKS" "StubPath"="c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install" [Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}] "@="Fax" "ComponentID"="Fax" "StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser" [Installed Components\{8D1D0E9A-C799-4D28-9E29-0061D1E66E43}] "ComponentID"="M928366" "@="Microsoft .NET Framework 1.1 Hotfix (KB928366)" [Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] "@="Dynamic HTML Data Binding" "ComponentID"="Tridata" [Installed Components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}] "@="Fax Provider" "ComponentID"="Fax Provider" "StubPath"="rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider" [Installed Components\{9A394342-4A68-4EBA-85A6-55B559F4E700}] "@=".NET Framework" "ComponentID"=".NETFramework" [Installed Components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}] [Installed Components\{B508B3F1-A24A-32C0-B310-85786919EF28}] "ComponentID"=".NETFramework" "@=".NET Framework" [Installed Components\{BDE0FA43-6952-4BA8-8C58-09AF690F88E1}] "@="Microsoft .NET Framework 1.0 Hotfix (KB930494)" "ComponentID"="NDPKB930494" [Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] "@="Internet Explorer Core Fonts" "ComponentID"="Fontcore" [Installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}] "ComponentID"=".NETFramework" "@=".NET Framework" [Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}] "@="Planificateur de tâches" "ComponentID"="MSTASK" [Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}] "ComponentID"="Windows Movie Maker v2.1" [Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}] "@="Adobe Flash Player" "ComponentID"="Flash" [Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] "@="HTML Help" "ComponentID"="HTMLHelp" [Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] "@="Active Directory Service Interface" "ComponentID"="ADSI" [Installed Components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}] "ComponentID"=".NETFramework" "@=".NET Framework" [Installed Components\{F5776D81-AE53-4935-8E84-B0B283D8BCEF}] "@="Mise à jours cumulée de sécurité OE Avril 2003" "ComponentID"="CUSTOM2" [Installed Components\{FDC11A6F-17D1-48f9-9EA3-9051954BAA24}] "@=".NET Framework" "ComponentID"=".NETFramework" -----Comparing registry keys CCS1 vs CCS2 ----- < Value: HKEY_LOCAL_MACHINE\system\controlset001\services Result compared: Identical -----Comparing registry keys CCS1 vs CCS3 ----- < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {44A97F48-C35D-4E71-8945-283E62E16E51} REG_BINARY 36000000000000000400000000000000D6A66648A9FE020133000000000000000400000000000000D6A6664800278D003B000000000000000400000000000000D6A6664800229B603A000000000000000400000000000000D6A666480013C68001000000000000000400000000000000D6A66648FFFFFF0035000000000000000100000000000000D6A6664805000000 > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Dhcp\Parameters {44A97F48-C35D-4E71-8945-283E62E16E51} REG_BINARY FC00000000000000000000000000000024113F4836000000000000000400000000000000E59D6648A9FE020133000000000000000400000000000000E59D664800278D003B000000000000000400000000000000E59D664800229B603A000000000000000400000000000000E59D66480013C68001000000000000000400000000000000E59D6648FFFFFF0035000000000000000100000000000000E59D664805000000 > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\DS > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\LSA > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\NetDDE Object > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\SC Manager > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Security > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Security Account Manager > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Spooler < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\HTTP\Parameters\Synchronize > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\MRxDAV\EncryptedDirectories < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mssmbios\Data < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 11559 (0x2D27) > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\SharedAccess\Epoch Epoch REG_DWORD 11553 (0x2D21) > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters DhcpNameServer REG_SZ 212.27.54.252 212.27.53.252 < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{44A97F48-C35D-4E71-8945-283E62E16E51} LeaseObtainedTime REG_DWORD 1212094934 (0x483F19D6) > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{44A97F48-C35D-4E71-8945-283E62E16E51} LeaseObtainedTime REG_DWORD 1212092645 (0x483F10E5) < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{44A97F48-C35D-4E71-8945-283E62E16E51} T1 REG_DWORD 1213390934 (0x4852E056) > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{44A97F48-C35D-4E71-8945-283E62E16E51} T1 REG_DWORD 1213388645 (0x4852D765) < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{44A97F48-C35D-4E71-8945-283E62E16E51} T2 REG_DWORD 1214362934 (0x4861B536) > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{44A97F48-C35D-4E71-8945-283E62E16E51} T2 REG_DWORD 1214360645 (0x4861AC45) < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{44A97F48-C35D-4E71-8945-283E62E16E51} LeaseTerminatesTime REG_DWORD 1214686934 (0x4866A6D6) > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{44A97F48-C35D-4E71-8945-283E62E16E51} LeaseTerminatesTime REG_DWORD 1214684645 (0x48669DE5) < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{44A97F48-C35D-4E71-8945-283E62E16E51} DhcpRetryTime REG_DWORD 1295997 (0x13C67D) > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{44A97F48-C35D-4E71-8945-283E62E16E51} DhcpRetryTime REG_DWORD 1295998 (0x13C67E) < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{44A97F48-C35D-4E71-8945-283E62E16E51}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1212094934 (0x483F19D6) > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{44A97F48-C35D-4E71-8945-283E62E16E51}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1212092645 (0x483F10E5) < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{44A97F48-C35D-4E71-8945-283E62E16E51}\Parameters\Tcpip T1 REG_DWORD 1213390934 (0x4852E056) > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{44A97F48-C35D-4E71-8945-283E62E16E51}\Parameters\Tcpip T1 REG_DWORD 1213388645 (0x4852D765) < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{44A97F48-C35D-4E71-8945-283E62E16E51}\Parameters\Tcpip T2 REG_DWORD 1214362934 (0x4861B536) > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{44A97F48-C35D-4E71-8945-283E62E16E51}\Parameters\Tcpip T2 REG_DWORD 1214360645 (0x4861AC45) < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{44A97F48-C35D-4E71-8945-283E62E16E51}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1214686934 (0x4866A6D6) > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{44A97F48-C35D-4E71-8945-283E62E16E51}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1214684645 (0x48669DE5) Result compared: Different ===================== SUSPICIOUS FILES ===================== EXE and DLL files packed with runtime packers, found in: C:\; C:\WINDOWS\; C:\WINDOWS\system32\ C:\WINDOWS\Nircmd.exe --> is compressed with UPX C:\WINDOWS\swreg.exe --> is compressed with UPX C:\WINDOWS\swsc.exe --> is compressed with UPX ========================================== Scan completed in 1,1 minutes End of report ~~~~~~~~~~~~~~~~~~~~~-----CREDITS-----~~~~~~~~~~~~~~~~~~~~~ SystemScan uses some freeware tools that remain property of their authors: * SteelWerX Registry Console Tool, Who Am I (Bobby Flekman: www.xs4all.nl/~fstaal01) --> "Registry scan", "PC accounts " * dumphive (Markus Stephany)--> "Registry scan" * Listdlls (M.Russinovich, B.Cogswell: www.sysinternals.com) --> "Loaded modules" * Catchme & MBR Rootkit detector (gmer: www.gmer.net) --> "Hidden objects", "Alternate Data Streams" & "Master Boot Record" ---> NOTE: SystemScan integrates "The Avenger" from Swandog46 (http://swandog46.geekstogo.com) to allow you to remove malwares found in this log Thanks to all of them for their hard work

Utilisateur anonyme · Answer

Pourquoi tu postes en double ??

J'analyse et je reviens.
++

Utilisateur anonyme · Answer

Re ,

*****************************************************************

/!\ Manip crée spécialement pour cet utilisateur , ne pas reproduire chez soi ... /!\


1)Télécharge  OTMoveIt2 ( de Old Timer ) 

2)Une fois téléchargé  double-clique sur OTMoveIt2.exe pour le lancer.

Assure toi que la case Unregister Dll's and Ocx's soit bien cochée

3)puis copie les lignes en gras qui se trouvent en dessous :

HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29AB2B5B-392D-45C9-B323-CF4F65B07E7F}
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43FFFA70-B75A-4EDE-9B27-380F4B61B200}
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4AA5DEF4-A3F5-406E-B4B6-BA981B331C26}
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87EAA548-F021-4B07-872E-309CF96E204A}
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E335D7C5-C8B8-41EC-AAAF-A75DEA707C93}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\94d4f9f9
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{522E0112-EDD9-413D-A99E-C311A54B6676}
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86959FE0-462B-4162-9ED9-402A78B7C9F9}
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D2750932-B7C1-4B2C-A2C9-32CA193D702E}
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F43C3FF0-479C-495C-AA43-5275FA825372}
C:\upload_moi_ELMON.tar.gz 
C:\VundoFix.txt
C:esultat_clean.txt
C:apport_clean.txt
C:\ComboFix.txt
C:\TCleaner.txt 
C:\Program Files\Malwarebytes' Anti-Malware
C:\Program Files\Alwil Software 
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\94d4f9f9
Emptytemp





et colle-les dans le cadre de gauche de OTMoveIt :   "Paste List Of Files/Folders to Move."
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre Results.
clique sur Exit pour fermer.
4) Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.


(CTRL+A Pour tout selectionner  , CTRL+C pour copier et CTRL+V pour coller )

5) Il te sera peut-être demander de redémarrer le pc pour achever la suppression -> Accepte ( si il ne fait pas automatiquement , fait-le toi même )

/!\ Note : Au démarrage ton bureau RISQUE de ne plus apparaître , dans ce cas fait --> CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau.


**************************************************************

Ouvre ce dossier et dis moi ce qu'il y a dedans :

C:\WINDOWS\jantje

**************************************************************

Télécharge HostsXpert


> Dézippe le sur le Bureau

> Clique sur "Restore MS Hosts File"

***************************************************************

A++

seb · Answer

je ne sais pas si tu a vu mon autre message lorsque j'ouvre le gestionaire de tache j' ai le processeur qui tourne normalement

seb · Answer

vous encore la tous les deux?

je ne suis pas chez moi jusqu'a dimanche soir peut on continuer dimanche

sebdelily · Answer

je me suis inscri pour avoir un suivit sebdelily et mon nouveau pseudo

Utilisateur anonyme · Answer

Re ,

Il reste encore des choses à faire ,,

Fais Démarrer et Exécuter.

Dans la fenêtre qui s'ouvre, tu copies/colles :

regedit /a C:\run.txt HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

puis OK.

Copie dans ta réponse C:\run.txt (en l'ouvrant avec le Bloc-notes). 

****************************************************

Fais Démarrer et Exécuter.

Dans la fenêtre qui s'ouvre, tu copies/colles :

regedit /a C:\run.txt HKEY_LOCAL_MACHINE\~\Browser Helper Objects

puis OK.

Copie dans ta réponse C:\run.txt (en l'ouvrant avec le Bloc-notes). 





********************

Va dans C:\_OtmoveIt\MovedfFile -> Supprime tout ce qu'il y a dedans.

Puis ,

Dans OtMoveIt , copie/colle cette ligne :


C:\WINDOWS\jantje 


-> MoveIT !

poste le rapport.
A++


( 3 rapports )

sebdelily · Answer

salut

je suis revenu


 REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="\"C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe\" -start"
"ISUSPM Startup"="\"c:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe\" -startup"
"GrooveMonitor"="\"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe\""
"ehTray"="C:\WINDOWS\ehome\ehtray.exe"
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon"
"avgnt"="\"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe\" /min"
"ATIPTA"="\"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe\""
"94d4f9f9"="rundll32.exe \"C:\WINDOWS\system32\asxpmbdj.dll\",b"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@=""


je ne trouve pas  C:\_OtmoveIt\MovedfFile




REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="\"C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe\" -start"
"ISUSPM Startup"="\"c:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe\" -startup"
"GrooveMonitor"="\"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe\""
"ehTray"="C:\WINDOWS\ehome\ehtray.exe"
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon"
"avgnt"="\"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe\" /min"
"ATIPTA"="\"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe\""
"94d4f9f9"="rundll32.exe \"C:\WINDOWS\system32\asxpmbdj.dll\",b"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@=""

Utilisateur anonyme · Answer

Re ,
Supprime Run.txt .

************************************************

-> Télécharge JumpRegistry  ( de Pierre Torris) sur ton bureau.

-> Dézippe-le ( clique droit -> " extraire tout "  )

-> Ouvre le dossier et double clique sur JumpRegistry.exe ( icône jaune )

-> Dans le cadre blanc [ voir capture d'écran] copie/colle cette ligne : 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

-> clique sur ' Jump ' 

-> L'éditeur de registre va s'ouvrir devant toi , trouve et supprime cette/ces ligne(s) :

"94d4f9f9"="rundll32.exe \"C:\WINDOWS\system32\asxpmbdj.dll\",b" 



***********************************************

Ici -> http://www.commentcamarche.net/forum/affich 6615488 j ai un vundo dll trj?page=3#65

tu as fais 2 fois la même manip.

Je voudrais avec : regedit /a C:un.txt HKEY_LOCAL_MACHINE\~\Browser Helper Objects

sebdelily · Answer

lorsque je copie  regedit /a C:\run.txt HKEY_LOCAL_MACHINE\~\Browser Helper Objects dans execute 

message qui dit qu'il ne trouve pas le fichier

Utilisateur anonyme · Answer

Re  ,
pas grave.

Tu as supprimé la clé ?


A++

Utilisateur anonyme · Answer

Re !

Fait ceci stp :

**********************************************


1) Télécharge Ncleaner sur ton bureau , double clique sur le fichier d'installation et installe le logiciel.


2) Double clique sur l'icône crée sur le bureau et choisi ' cleansystem '

3) A gauche de l'écran , sous ' clean system and applications ' vérifie que seulement les 4 premières cases soit cochées , puis clique sur  ' clean now ' > ' analyze ' 

--- Le programme va rechercher les fichier inutiles ---

Une fois l'analyse terminée , clique sur ' Clean ' et repond ' Yes ' a la demande de confirmation.

Cela terminé , clique sur ' Done ' 

4) Reprend l'étape 2 et choisi cette fois ci ' Registry clean and repair ' vérifie que toute les cases soient cochées et clique sur ' Clean now ' ( dans la colonne de droite cette fois-ci ) > ' Scan '  

--- Le programme va rechercher les clées de registre invalides ---

Une fois le scan terminé , clique sur ' Remove ' et repond ' Yes ' a la demande de confirmation.

Cela terminé , clique sur ' Done ' 


**********************************************

Garde Ncleaner  , tu t'en servira de temps en temps pour faire le ménage dans ton pc. ( par exemple toute les semaines ) .


**********************************************


A+

J'ai un vundo@dll.trj

45 réponses

Discussions similaires