Rapport hi-jack suite a fenetre intempestive
Résolu
manu75010
Messages postés
12
Statut
Membre
-
cgui33 Messages postés 1176 Statut Membre -
cgui33 Messages postés 1176 Statut Membre -
Bonjour,
voila je n arrete pas d avoir plusieurs fenetres qui s ouvret toute seule et j'ai egalement un message d erreur concernant les mises a jour windows qui seraient desactive.voici un rapport hijack pour ceux qui pourrait m aider
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:07:40, on 17/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\TVPlay\TVPService.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\TVPlay\Kernel\TV\TVPCapSvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\TVPlay\Kernel\TV\TVPSched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\da conceicao\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://hpsa-redirectors.hpcloud.hp.com/Common/npcRedirectorPage.asp?context=doc100001&locale=040c
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [TVPService] "C:\Program Files\HP\TVPlay\TVPService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [2042548c] rundll32.exe "C:\WINDOWS\system32\ssfslyou.dll",b
O4 - HKLM\..\Run: [BM23716710] Rundll32.exe "C:\WINDOWS\system32\rpmatchu.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CyberLink Media Library Service(HP TVPlay) - Cyberlink - C:\Program Files\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: CyberLink Background Capture Service (CBCS HP TVPlay) (TVPCapSvc) - Unknown owner - C:\Program Files\HP\TVPlay\Kernel\TV\TVPCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS HP TVPlay) (TVPSched) - Unknown owner - C:\Program Files\HP\TVPlay\Kernel\TV\TVPSched.exe
voila je n arrete pas d avoir plusieurs fenetres qui s ouvret toute seule et j'ai egalement un message d erreur concernant les mises a jour windows qui seraient desactive.voici un rapport hijack pour ceux qui pourrait m aider
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:07:40, on 17/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\TVPlay\TVPService.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\TVPlay\Kernel\TV\TVPCapSvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\TVPlay\Kernel\TV\TVPSched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\da conceicao\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://hpsa-redirectors.hpcloud.hp.com/Common/npcRedirectorPage.asp?context=doc100001&locale=040c
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [TVPService] "C:\Program Files\HP\TVPlay\TVPService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [2042548c] rundll32.exe "C:\WINDOWS\system32\ssfslyou.dll",b
O4 - HKLM\..\Run: [BM23716710] Rundll32.exe "C:\WINDOWS\system32\rpmatchu.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CyberLink Media Library Service(HP TVPlay) - Cyberlink - C:\Program Files\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: CyberLink Background Capture Service (CBCS HP TVPlay) (TVPCapSvc) - Unknown owner - C:\Program Files\HP\TVPlay\Kernel\TV\TVPCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS HP TVPlay) (TVPSched) - Unknown owner - C:\Program Files\HP\TVPlay\Kernel\TV\TVPSched.exe
A voir également:
- Rapport hi-jack suite a fenetre intempestive
- Mcafee fenetre intempestive - Accueil - Piratage
- Fenetre windows - Guide
- Fenêtre hors écran windows 11 - Guide
- Plan rapport de stage - Guide
- Fenetre de navigation privée - Guide
17 réponses
Salut
Fais un clic droit sur ce lien : (IL-MAFIOSO)
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
Laisse-toi guider. Au menu principal, choisis 1 et valides.
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
A+
Fais un clic droit sur ce lien : (IL-MAFIOSO)
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
Laisse-toi guider. Au menu principal, choisis 1 et valides.
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
A+
comme demande voici le rapport
Search Navipromo version 3.5.8 commencé le 17/06/2008 à 19:54:01,93
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "da conceicao"
Mise à jour le 06.06.2008 à 18h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\da conceicao\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\k-ralho\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\da conceicao\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\k-ralho\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\da conceicao\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\k-ralho\menudm~1\progra~1" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\da conceicao\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\k-ralho\locals~1\applic~1" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
* Dans "C:\Documents and Settings\da conceicao\locals~1\applic~1" :
* Dans "C:\DOCUME~1\k-ralho\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
C:\WINDOWS\system32\dffedccf.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\jjiRrtwa.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
*** Analyse terminée le 17/06/2008 à 20:02:46,87 ***
Search Navipromo version 3.5.8 commencé le 17/06/2008 à 19:54:01,93
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "da conceicao"
Mise à jour le 06.06.2008 à 18h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\da conceicao\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\k-ralho\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\da conceicao\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\k-ralho\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\da conceicao\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\k-ralho\menudm~1\progra~1" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\da conceicao\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\k-ralho\locals~1\applic~1" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
* Dans "C:\Documents and Settings\da conceicao\locals~1\applic~1" :
* Dans "C:\DOCUME~1\k-ralho\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
C:\WINDOWS\system32\dffedccf.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\jjiRrtwa.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
*** Analyse terminée le 17/06/2008 à 20:02:46,87 ***
Re
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
Double-clique VundoFix.exe afin de le lancer.
Clique sur le bouton Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Ensuite, le bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
Démarre ton PC à nouveau.
Copie/colle le rapport (c:\vundofix.txt) dans ta réponse
A+
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
Double-clique VundoFix.exe afin de le lancer.
Clique sur le bouton Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Ensuite, le bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
Démarre ton PC à nouveau.
Copie/colle le rapport (c:\vundofix.txt) dans ta réponse
A+
VundoFix V6.5.4
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Java version is 1.5.0.11
Scan started at 22:05:27 16/06/2008
Listing files found while scanning....
No infected files were found.
VundoFix V7.0.5
Scan started at 22:53:33 16/06/2008
Listing files found while scanning....
VundoFix V7.0.5
Scan started at 22:58:10 16/06/2008
Listing files found while scanning....
VundoFix V7.0.5
Scan started at 07:43:58 17/06/2008
Listing files found while scanning....
No infected files were found.
Beginning removal...
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Java version is 1.5.0.11
Scan started at 22:05:27 16/06/2008
Listing files found while scanning....
No infected files were found.
VundoFix V7.0.5
Scan started at 22:53:33 16/06/2008
Listing files found while scanning....
VundoFix V7.0.5
Scan started at 22:58:10 16/06/2008
Listing files found while scanning....
VundoFix V7.0.5
Scan started at 07:43:58 17/06/2008
Listing files found while scanning....
No infected files were found.
Beginning removal...
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Re
Je m'en doutais un peu ...
Télécharge combofix sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
IMPORTANT
désactive ton antivirus, durant l'utilisation de ComboFix . Merci. Tu réactives ensuite
puis
Double clique combofix.exe.
Tape sur la touche Y (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
A+
PS : je serai là même pendant le match !
Là je vais manger un peu !
Je m'en doutais un peu ...
Télécharge combofix sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
IMPORTANT
désactive ton antivirus, durant l'utilisation de ComboFix . Merci. Tu réactives ensuite
puis
Double clique combofix.exe.
Tape sur la touche Y (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
A+
PS : je serai là même pendant le match !
Là je vais manger un peu !
desole pour le derangement
ComboFix 08-06-16.5 - da conceicao 2008-06-17 20:36:47.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.370 [GMT 2:00]
Endroit: C:\Documents and Settings\da conceicao\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\k-ralho\Application Data\macromedia\Flash Player\#SharedObjects\XXMJ6SKB\www.broadcaster.com
C:\Documents and Settings\k-ralho\Application Data\macromedia\Flash Player\#SharedObjects\XXMJ6SKB\www.broadcaster.com\bc_video_vars.sol
C:\Documents and Settings\k-ralho\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\k-ralho\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\Fichiers communs\{30425~1
C:\WINDOWS\BM23716710.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\afjwjpyb.dll
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\brxrsord.dll
C:\WINDOWS\system32\bypjwjfa.ini
C:\WINDOWS\system32\dffedccf.ini
C:\WINDOWS\system32\dffedccf.ini2
C:\WINDOWS\system32\dycpklpp.dll
C:\WINDOWS\system32\fccdeffd.dll
C:\WINDOWS\system32\gjdnkwcw.dll
C:\WINDOWS\system32\grewgtim.dll
C:\WINDOWS\system32\iruvnyyl.ini
C:\WINDOWS\system32\jjiRrtwa.ini
C:\WINDOWS\system32\jjiRrtwa.ini2
C:\WINDOWS\system32\krjkvkis.dll
C:\WINDOWS\system32\lyynvuri.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mitgwerg.ini
C:\WINDOWS\system32\pksdioxk.dll
C:\WINDOWS\system32\rpmatchu.dll
C:\WINDOWS\system32\uoylsfss.ini
C:\WINDOWS\system32\ydxtcmka.dll
C:\WINDOWS\system32\yraewaol.dll
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-17 to 2008-06-17 ))))))))))))))))))))))))))))))))))))
.
2008-06-17 19:52 . 2008-06-17 20:04 <REP> d-------- C:\Program Files\Navilog1
2008-06-17 08:03 . 2008-06-17 08:15 <REP> d-------- C:\Program Files\BHODemon 2
2008-06-16 18:19 . 2008-06-16 18:19 25,504 --a------ C:\WINDOWS\system32\mlJYpmKC.dll.vir
2008-06-16 17:35 . 2008-06-16 17:35 114,920 --a------ C:\Documents and Settings\da conceicao\pays.zip
2008-06-16 17:17 . 2008-06-16 17:17 0 --a------ C:\Documents and Settings\da conceicao\RUNDLL32.EXE
2008-06-16 17:17 . 2008-06-16 17:17 0 --a------ C:\Documents and Settings\da conceicao\.EXE
2008-06-16 07:57 . 1999-03-03 14:50 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2008-06-15 22:39 . 2008-06-16 19:14 <REP> d--h----- C:\$AVG8.VAULT$
2008-06-15 22:33 . 2008-06-15 22:33 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-15 22:33 . 2008-06-15 22:33 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-15 22:33 . 2008-06-15 22:33 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-15 22:32 . 2008-06-16 17:14 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-15 22:32 . 2008-06-15 22:32 <REP> d-------- C:\Program Files\AVG
2008-06-15 22:32 . 2008-06-15 22:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-14 10:06 . 2008-06-14 10:05 691,545 --a------ C:\WINDOWS\unins000.exe
2008-06-14 10:06 . 2008-06-14 10:06 2,551 --a------ C:\WINDOWS\unins000.dat
2008-06-13 23:16 . 2008-06-13 23:16 <REP> d-------- C:\Documents and Settings\LocalService\Menu D‚marrer
2008-06-13 23:12 . 2008-06-13 23:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-06-13 21:58 . 2008-06-13 21:58 <REP> d-------- C:\Program Files\Lavasoft
2008-05-22 17:53 . 2008-05-22 17:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-05-22 17:50 . 2008-05-22 18:04 167,153 --a------ C:\WINDOWS\hpoins21.dat
2008-05-22 17:50 . 2007-05-15 12:10 8,138 --------- C:\WINDOWS\hpomdl21.dat
2008-05-20 21:53 . 2008-05-20 21:53 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-15 20:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-15 20:20 --------- d-----w C:\Program Files\Fichiers communs\Panda Software
2008-06-14 08:59 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-06-14 08:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-14 08:54 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-13 19:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-11 20:34 --------- d-----w C:\Documents and Settings\da conceicao\Application Data\Azureus
2008-06-10 15:21 --------- d-----w C:\Program Files\Azureus
2008-05-27 21:13 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-05-22 15:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-05-22 14:57 --------- d-----w C:\Documents and Settings\da conceicao\Application Data\HP
2008-05-20 19:53 --------- d-----w C:\Program Files\Fichiers communs\Real
2007-10-05 16:32 51,422,520 -c--a-w C:\Program Files\iTunes743Setup.exe
2007-10-05 15:37 17,929,072 -c--a-w C:\Program Files\Install_Messenger.exe
2007-09-01 13:44 79,752 -c--a-w C:\Program Files\Preparation_Messenger.exe
2007-08-13 20:39 172 -c--a-w C:\Documents and Settings\k-ralho\Application Data\wklnhst.dat
2007-07-29 17:34 16,429,768 -c--a-w C:\Program Files\setupfre.exe
2007-05-01 14:25 5,037,072 -c--a-w C:\Program Files\spybotsd14.exe
2007-05-01 14:00 99,328 -c--a-w C:\Program Files\VundoFix.exe
2007-02-24 14:41 36,808,256 -c--a-w C:\Program Files\iTunesSetup.exe
2007-01-05 23:56 9,453,630 ----a-w C:\Program Files\vlc-0.8.6a-win32.exe
2006-10-19 18:50 867,392 ----a-w C:\Program Files\GoogleToolbarInstaller.exe
2006-10-01 15:12 3,660,813 -c--a-w C:\Program Files\LimeWire Pro 4.9.23 full version 100 % working.rar
2006-09-30 07:38 22 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{33BEC79B-ECAF-4E49-A042-894647E04119}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4852A55C-975F-4143-B552-30B5E2DEB74D}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48BB0056-8AA7-4843-95FC-0C32438FD5C9}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A7E7920-C5A9-4638-A843-01EC64E8BB09}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A324AE6A-0591-4558-B0E2-F17973327DB0}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD5EB286-260C-4F96-894D-DD575C2C1C90}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D37BA0C9-30D1-4485-8250-C269F863D5C1}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d759f233-d6f7-4529-aa46-a992ba2b472a}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E07C525E-6BC9-4EE4-8516-FF6E70D82F49}]
C:\WINDOWS\system32\awtrRijj.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f59c1bb4-f13b-4559-914d-e7443e5df4af}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 23:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-01 17:22 68856]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 18:46 217544]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59 204288]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"WINSOS VERIFY"="C:\Program Files\Winsos\WINSOS.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 22:58 458752]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-26 21:48 7561216]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-26 21:48 86016]
"nwiz"="nwiz.exe" [2006-04-26 21:48 1519616 C:\WINDOWS\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-17 22:29 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 07:01 761946]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 14:38 131072]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-02 10:36 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23 1187840]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-04-11 21:54 102400]
"TVPService"="C:\Program Files\HP\TVPlay\TVPService.exe" [2006-04-03 13:34 135168]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-05-20 21:53 185896]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-15 22:32 1177368]
"2042548c"="C:\WINDOWS\system32\ssfslyou.dll" [ ]
"BM23716710"="C:\WINDOWS\system32\rpmatchu.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 23:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcDWNdB]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJYpmKC]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\HP\\TVPlay\\TVPlay.exe"=
"C:\\Program Files\\HP\\TVPlay\\TVPService.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-15 22:33]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-15 22:32]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-15 22:32]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-15 22:33]
R2 CyberLink Media Library Service(HP TVPlay);CyberLink Media Library Service(HP TVPlay);"C:\Program Files\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe" [2006-04-03 13:34]
R2 HPSLPSVC;HP Network Devices Support;C:\WINDOWS\system32\svchost.exe [2004-08-05 23:00]
R2 TVPCapSvc;CyberLink Background Capture Service (CBCS HP TVPlay);"C:\Program Files\HP\TVPlay\Kernel\TV\TVPCapSvc.exe" [2006-04-03 13:35]
R2 TVPSched;CyberLink Task Scheduler (CTS HP TVPlay);"C:\Program Files\HP\TVPlay\Kernel\TV\TVPSched.exe" [2006-04-03 13:35]
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-05-10 01:02]
S3 MODBDA2;DiBcom MOD3000 TV receiver;C:\WINDOWS\system32\Drivers\modbda2.sys [2006-05-13 09:52]
S3 PMTOOL;SAPPHIRE USB Device ;C:\WINDOWS\system32\Drivers\Sapphire.sys [2007-03-08 17:31]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 20:43:39
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????,?@? ????Z??????R?@?????,?@
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-17 20:51:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-17 18:51:50
Pre-Run: 54,152,855,552 octets libres
Post-Run: 54,763,335,680 octets libres
229 --- E O F --- 2008-06-17 18:51:02
ComboFix 08-06-16.5 - da conceicao 2008-06-17 20:36:47.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.370 [GMT 2:00]
Endroit: C:\Documents and Settings\da conceicao\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\k-ralho\Application Data\macromedia\Flash Player\#SharedObjects\XXMJ6SKB\www.broadcaster.com
C:\Documents and Settings\k-ralho\Application Data\macromedia\Flash Player\#SharedObjects\XXMJ6SKB\www.broadcaster.com\bc_video_vars.sol
C:\Documents and Settings\k-ralho\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\k-ralho\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\Fichiers communs\{30425~1
C:\WINDOWS\BM23716710.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\afjwjpyb.dll
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\brxrsord.dll
C:\WINDOWS\system32\bypjwjfa.ini
C:\WINDOWS\system32\dffedccf.ini
C:\WINDOWS\system32\dffedccf.ini2
C:\WINDOWS\system32\dycpklpp.dll
C:\WINDOWS\system32\fccdeffd.dll
C:\WINDOWS\system32\gjdnkwcw.dll
C:\WINDOWS\system32\grewgtim.dll
C:\WINDOWS\system32\iruvnyyl.ini
C:\WINDOWS\system32\jjiRrtwa.ini
C:\WINDOWS\system32\jjiRrtwa.ini2
C:\WINDOWS\system32\krjkvkis.dll
C:\WINDOWS\system32\lyynvuri.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mitgwerg.ini
C:\WINDOWS\system32\pksdioxk.dll
C:\WINDOWS\system32\rpmatchu.dll
C:\WINDOWS\system32\uoylsfss.ini
C:\WINDOWS\system32\ydxtcmka.dll
C:\WINDOWS\system32\yraewaol.dll
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-17 to 2008-06-17 ))))))))))))))))))))))))))))))))))))
.
2008-06-17 19:52 . 2008-06-17 20:04 <REP> d-------- C:\Program Files\Navilog1
2008-06-17 08:03 . 2008-06-17 08:15 <REP> d-------- C:\Program Files\BHODemon 2
2008-06-16 18:19 . 2008-06-16 18:19 25,504 --a------ C:\WINDOWS\system32\mlJYpmKC.dll.vir
2008-06-16 17:35 . 2008-06-16 17:35 114,920 --a------ C:\Documents and Settings\da conceicao\pays.zip
2008-06-16 17:17 . 2008-06-16 17:17 0 --a------ C:\Documents and Settings\da conceicao\RUNDLL32.EXE
2008-06-16 17:17 . 2008-06-16 17:17 0 --a------ C:\Documents and Settings\da conceicao\.EXE
2008-06-16 07:57 . 1999-03-03 14:50 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2008-06-15 22:39 . 2008-06-16 19:14 <REP> d--h----- C:\$AVG8.VAULT$
2008-06-15 22:33 . 2008-06-15 22:33 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-15 22:33 . 2008-06-15 22:33 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-15 22:33 . 2008-06-15 22:33 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-15 22:32 . 2008-06-16 17:14 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-15 22:32 . 2008-06-15 22:32 <REP> d-------- C:\Program Files\AVG
2008-06-15 22:32 . 2008-06-15 22:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-14 10:06 . 2008-06-14 10:05 691,545 --a------ C:\WINDOWS\unins000.exe
2008-06-14 10:06 . 2008-06-14 10:06 2,551 --a------ C:\WINDOWS\unins000.dat
2008-06-13 23:16 . 2008-06-13 23:16 <REP> d-------- C:\Documents and Settings\LocalService\Menu D‚marrer
2008-06-13 23:12 . 2008-06-13 23:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-06-13 21:58 . 2008-06-13 21:58 <REP> d-------- C:\Program Files\Lavasoft
2008-05-22 17:53 . 2008-05-22 17:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-05-22 17:50 . 2008-05-22 18:04 167,153 --a------ C:\WINDOWS\hpoins21.dat
2008-05-22 17:50 . 2007-05-15 12:10 8,138 --------- C:\WINDOWS\hpomdl21.dat
2008-05-20 21:53 . 2008-05-20 21:53 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-15 20:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-15 20:20 --------- d-----w C:\Program Files\Fichiers communs\Panda Software
2008-06-14 08:59 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-06-14 08:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-14 08:54 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-13 19:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-11 20:34 --------- d-----w C:\Documents and Settings\da conceicao\Application Data\Azureus
2008-06-10 15:21 --------- d-----w C:\Program Files\Azureus
2008-05-27 21:13 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-05-22 15:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-05-22 14:57 --------- d-----w C:\Documents and Settings\da conceicao\Application Data\HP
2008-05-20 19:53 --------- d-----w C:\Program Files\Fichiers communs\Real
2007-10-05 16:32 51,422,520 -c--a-w C:\Program Files\iTunes743Setup.exe
2007-10-05 15:37 17,929,072 -c--a-w C:\Program Files\Install_Messenger.exe
2007-09-01 13:44 79,752 -c--a-w C:\Program Files\Preparation_Messenger.exe
2007-08-13 20:39 172 -c--a-w C:\Documents and Settings\k-ralho\Application Data\wklnhst.dat
2007-07-29 17:34 16,429,768 -c--a-w C:\Program Files\setupfre.exe
2007-05-01 14:25 5,037,072 -c--a-w C:\Program Files\spybotsd14.exe
2007-05-01 14:00 99,328 -c--a-w C:\Program Files\VundoFix.exe
2007-02-24 14:41 36,808,256 -c--a-w C:\Program Files\iTunesSetup.exe
2007-01-05 23:56 9,453,630 ----a-w C:\Program Files\vlc-0.8.6a-win32.exe
2006-10-19 18:50 867,392 ----a-w C:\Program Files\GoogleToolbarInstaller.exe
2006-10-01 15:12 3,660,813 -c--a-w C:\Program Files\LimeWire Pro 4.9.23 full version 100 % working.rar
2006-09-30 07:38 22 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{33BEC79B-ECAF-4E49-A042-894647E04119}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4852A55C-975F-4143-B552-30B5E2DEB74D}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48BB0056-8AA7-4843-95FC-0C32438FD5C9}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A7E7920-C5A9-4638-A843-01EC64E8BB09}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A324AE6A-0591-4558-B0E2-F17973327DB0}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD5EB286-260C-4F96-894D-DD575C2C1C90}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D37BA0C9-30D1-4485-8250-C269F863D5C1}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d759f233-d6f7-4529-aa46-a992ba2b472a}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E07C525E-6BC9-4EE4-8516-FF6E70D82F49}]
C:\WINDOWS\system32\awtrRijj.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f59c1bb4-f13b-4559-914d-e7443e5df4af}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 23:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-01 17:22 68856]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 18:46 217544]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59 204288]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"WINSOS VERIFY"="C:\Program Files\Winsos\WINSOS.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 22:58 458752]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-26 21:48 7561216]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-26 21:48 86016]
"nwiz"="nwiz.exe" [2006-04-26 21:48 1519616 C:\WINDOWS\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-17 22:29 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 07:01 761946]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 14:38 131072]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-02 10:36 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23 1187840]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-04-11 21:54 102400]
"TVPService"="C:\Program Files\HP\TVPlay\TVPService.exe" [2006-04-03 13:34 135168]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-05-20 21:53 185896]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-15 22:32 1177368]
"2042548c"="C:\WINDOWS\system32\ssfslyou.dll" [ ]
"BM23716710"="C:\WINDOWS\system32\rpmatchu.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 23:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcDWNdB]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJYpmKC]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\HP\\TVPlay\\TVPlay.exe"=
"C:\\Program Files\\HP\\TVPlay\\TVPService.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-15 22:33]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-15 22:32]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-15 22:32]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-15 22:33]
R2 CyberLink Media Library Service(HP TVPlay);CyberLink Media Library Service(HP TVPlay);"C:\Program Files\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe" [2006-04-03 13:34]
R2 HPSLPSVC;HP Network Devices Support;C:\WINDOWS\system32\svchost.exe [2004-08-05 23:00]
R2 TVPCapSvc;CyberLink Background Capture Service (CBCS HP TVPlay);"C:\Program Files\HP\TVPlay\Kernel\TV\TVPCapSvc.exe" [2006-04-03 13:35]
R2 TVPSched;CyberLink Task Scheduler (CTS HP TVPlay);"C:\Program Files\HP\TVPlay\Kernel\TV\TVPSched.exe" [2006-04-03 13:35]
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-05-10 01:02]
S3 MODBDA2;DiBcom MOD3000 TV receiver;C:\WINDOWS\system32\Drivers\modbda2.sys [2006-05-13 09:52]
S3 PMTOOL;SAPPHIRE USB Device ;C:\WINDOWS\system32\Drivers\Sapphire.sys [2007-03-08 17:31]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 20:43:39
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????,?@? ????Z??????R?@?????,?@
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-17 20:51:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-17 18:51:50
Pre-Run: 54,152,855,552 octets libres
Post-Run: 54,763,335,680 octets libres
229 --- E O F --- 2008-06-17 18:51:02
Re
Sélectionnes tout le texte ci-dessous en gras :
File:
C:\WINDOWS\system32\mlJYpmKC.dll.vir
registry:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"2042548c"=-
"BM23716710"=-
# Copie le texte sélectionné (CTRL+C).
# Ouvre le bloc-note (programme>Accessoire>bloc-note).
# Colle le texte copié dans ce bloc-note (CTRL+V).
# Sauvegarde ce fichier sous le nom de CFScript.txt
# Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
# Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
# Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
# Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
# Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
A+
C'est tout bon !
Sélectionnes tout le texte ci-dessous en gras :
File:
C:\WINDOWS\system32\mlJYpmKC.dll.vir
registry:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"2042548c"=-
"BM23716710"=-
# Copie le texte sélectionné (CTRL+C).
# Ouvre le bloc-note (programme>Accessoire>bloc-note).
# Colle le texte copié dans ce bloc-note (CTRL+V).
# Sauvegarde ce fichier sous le nom de CFScript.txt
# Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
# Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
# Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
# Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
# Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
A+
C'est tout bon !
ComboFix 08-06-16.5 - da conceicao 2008-06-17 21:21:29.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.520 [GMT 2:00]
Endroit: C:\Documents and Settings\da conceicao\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\da conceicao\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\manu da conceicao\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000014_.tmp.dll
C:\WINDOWS\system32\_000018_.tmp.dll
C:\WINDOWS\system32\_000019_.tmp.dll
C:\WINDOWS\system32\_000022_.tmp.dll
C:\WINDOWS\system32\_000023_.tmp.dll
C:\WINDOWS\system32\_000024_.tmp.dll
C:\WINDOWS\system32\_000025_.tmp.dll
C:\WINDOWS\system32\_000052_.tmp.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-17 to 2008-06-17 ))))))))))))))))))))))))))))))))))))
.
2008-06-17 20:52 . 2008-06-17 20:52 <REP> d-------- C:\WINDOWS\LastGood
2008-06-17 19:52 . 2008-06-17 20:04 <REP> d-------- C:\Program Files\Navilog1
2008-06-17 08:03 . 2008-06-17 08:15 <REP> d-------- C:\Program Files\BHODemon 2
2008-06-16 18:19 . 2008-06-16 18:19 25,504 --a------ C:\WINDOWS\system32\mlJYpmKC.dll.vir
2008-06-16 17:35 . 2008-06-16 17:35 114,920 --a------ C:\Documents and Settings\da conceicao\pays.zip
2008-06-16 17:17 . 2008-06-16 17:17 0 --a------ C:\Documents and Settings\da conceicao\RUNDLL32.EXE
2008-06-16 17:17 . 2008-06-16 17:17 0 --a------ C:\Documents and Settings\da conceicao\.EXE
2008-06-16 07:57 . 1999-03-03 14:50 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2008-06-15 22:39 . 2008-06-16 19:14 <REP> d--h----- C:\$AVG8.VAULT$
2008-06-15 22:33 . 2008-06-15 22:33 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-15 22:33 . 2008-06-15 22:33 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-15 22:33 . 2008-06-15 22:33 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-15 22:32 . 2008-06-17 21:14 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-15 22:32 . 2008-06-15 22:32 <REP> d-------- C:\Program Files\AVG
2008-06-15 22:32 . 2008-06-15 22:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-14 10:06 . 2008-06-14 10:05 691,545 --a------ C:\WINDOWS\unins000.exe
2008-06-14 10:06 . 2008-06-14 10:06 2,551 --a------ C:\WINDOWS\unins000.dat
2008-06-13 23:16 . 2008-06-13 23:16 <REP> d-------- C:\Documents and Settings\LocalService\Menu Démarrer
2008-06-13 23:12 . 2008-06-13 23:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-06-13 21:58 . 2008-06-13 21:58 <REP> d-------- C:\Program Files\Lavasoft
2008-05-22 17:53 . 2008-05-22 17:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-05-22 17:50 . 2008-05-22 18:04 167,153 --a------ C:\WINDOWS\hpoins21.dat
2008-05-22 17:50 . 2007-05-15 12:10 8,138 --------- C:\WINDOWS\hpomdl21.dat
2008-05-20 21:53 . 2008-05-20 21:53 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-15 20:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-15 20:20 --------- d-----w C:\Program Files\Fichiers communs\Panda Software
2008-06-14 08:59 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-06-14 08:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-14 08:54 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-13 19:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-11 20:34 --------- d-----w C:\Documents and Settings\da conceicao\Application Data\Azureus
2008-06-10 15:21 --------- d-----w C:\Program Files\Azureus
2008-05-27 21:13 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-05-22 15:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-05-22 14:57 --------- d-----w C:\Documents and Settings\da conceicao\Application Data\HP
2008-05-20 19:53 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 194,144 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2007-10-05 16:32 51,422,520 -c--a-w C:\Program Files\iTunes743Setup.exe
2007-10-05 15:37 17,929,072 -c--a-w C:\Program Files\Install_Messenger.exe
2007-09-01 13:44 79,752 -c--a-w C:\Program Files\Preparation_Messenger.exe
2007-08-13 20:39 172 -c--a-w C:\Documents and Settings\k-ralho\Application Data\wklnhst.dat
2007-07-29 17:34 16,429,768 -c--a-w C:\Program Files\setupfre.exe
2007-05-01 14:25 5,037,072 -c--a-w C:\Program Files\spybotsd14.exe
2007-05-01 14:00 99,328 -c--a-w C:\Program Files\VundoFix.exe
2007-02-24 14:41 36,808,256 -c--a-w C:\Program Files\iTunesSetup.exe
2007-01-05 23:56 9,453,630 ----a-w C:\Program Files\vlc-0.8.6a-win32.exe
2006-10-19 18:50 867,392 ----a-w C:\Program Files\GoogleToolbarInstaller.exe
2006-10-01 15:12 3,660,813 -c--a-w C:\Program Files\LimeWire Pro 4.9.23 full version 100 % working.rar
2006-09-30 07:38 22 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-17_20.51.29.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-12 06:37:25 135,168 ----a-r C:\WINDOWS\Installer\{9084040C-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-06-17 18:51:00 135,168 ----a-r C:\WINDOWS\Installer\{9084040C-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-03-12 06:37:25 40,960 ----a-r C:\WINDOWS\Installer\{9084040C-6000-11D3-8CFE-0150048383C9}\xlvicon.exe
+ 2008-06-17 18:51:00 40,960 ----a-r C:\WINDOWS\Installer\{9084040C-6000-11D3-8CFE-0150048383C9}\xlvicon.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E07C525E-6BC9-4EE4-8516-FF6E70D82F49}]
C:\WINDOWS\system32\awtrRijj.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 23:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-01 17:22 68856]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 18:46 217544]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59 204288]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"WINSOS VERIFY"="C:\Program Files\Winsos\WINSOS.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 22:58 458752]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-26 21:48 7561216]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-26 21:48 86016]
"nwiz"="nwiz.exe" [2006-04-26 21:48 1519616 C:\WINDOWS\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-17 22:29 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 07:01 761946]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 14:38 131072]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-02 10:36 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23 1187840]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-04-11 21:54 102400]
"TVPService"="C:\Program Files\HP\TVPlay\TVPService.exe" [2006-04-03 13:34 135168]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-05-20 21:53 185896]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-15 22:32 1177368]
"2042548c"="C:\WINDOWS\system32\ssfslyou.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 23:00 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-10-30 22:32:21 1183744]
D‚marrage rapide de HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 09:39:30 73728]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 08:05:26 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcDWNdB]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJYpmKC]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\HP\\TVPlay\\TVPlay.exe"=
"C:\\Program Files\\HP\\TVPlay\\TVPService.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-15 22:33]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-15 22:32]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-15 22:32]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-15 22:33]
R2 CyberLink Media Library Service(HP TVPlay);CyberLink Media Library Service(HP TVPlay);"C:\Program Files\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe" [2006-04-03 13:34]
R2 HPSLPSVC;HP Network Devices Support;C:\WINDOWS\system32\svchost.exe [2004-08-05 23:00]
R2 TVPCapSvc;CyberLink Background Capture Service (CBCS HP TVPlay);"C:\Program Files\HP\TVPlay\Kernel\TV\TVPCapSvc.exe" [2006-04-03 13:35]
R2 TVPSched;CyberLink Task Scheduler (CTS HP TVPlay);"C:\Program Files\HP\TVPlay\Kernel\TV\TVPSched.exe" [2006-04-03 13:35]
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-05-10 01:02]
S3 MODBDA2;DiBcom MOD3000 TV receiver;C:\WINDOWS\system32\Drivers\modbda2.sys [2006-05-13 09:52]
S3 PMTOOL;SAPPHIRE USB Device ;C:\WINDOWS\system32\Drivers\Sapphire.sys [2007-03-08 17:31]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 21:23:14
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????,?@? ????Z??????R?@?????,?@
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-06-17 21:24:43
ComboFix-quarantined-files.txt 2008-06-17 19:24:13
ComboFix2.txt 2008-06-17 18:51:57
Pre-Run: 54,670,651,392 octets libres
Post-Run: 54,675,988,480 octets libres
196 --- E O F --- 2008-06-17 18:51:02
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.520 [GMT 2:00]
Endroit: C:\Documents and Settings\da conceicao\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\da conceicao\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\manu da conceicao\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000014_.tmp.dll
C:\WINDOWS\system32\_000018_.tmp.dll
C:\WINDOWS\system32\_000019_.tmp.dll
C:\WINDOWS\system32\_000022_.tmp.dll
C:\WINDOWS\system32\_000023_.tmp.dll
C:\WINDOWS\system32\_000024_.tmp.dll
C:\WINDOWS\system32\_000025_.tmp.dll
C:\WINDOWS\system32\_000052_.tmp.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-17 to 2008-06-17 ))))))))))))))))))))))))))))))))))))
.
2008-06-17 20:52 . 2008-06-17 20:52 <REP> d-------- C:\WINDOWS\LastGood
2008-06-17 19:52 . 2008-06-17 20:04 <REP> d-------- C:\Program Files\Navilog1
2008-06-17 08:03 . 2008-06-17 08:15 <REP> d-------- C:\Program Files\BHODemon 2
2008-06-16 18:19 . 2008-06-16 18:19 25,504 --a------ C:\WINDOWS\system32\mlJYpmKC.dll.vir
2008-06-16 17:35 . 2008-06-16 17:35 114,920 --a------ C:\Documents and Settings\da conceicao\pays.zip
2008-06-16 17:17 . 2008-06-16 17:17 0 --a------ C:\Documents and Settings\da conceicao\RUNDLL32.EXE
2008-06-16 17:17 . 2008-06-16 17:17 0 --a------ C:\Documents and Settings\da conceicao\.EXE
2008-06-16 07:57 . 1999-03-03 14:50 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2008-06-15 22:39 . 2008-06-16 19:14 <REP> d--h----- C:\$AVG8.VAULT$
2008-06-15 22:33 . 2008-06-15 22:33 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-15 22:33 . 2008-06-15 22:33 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-15 22:33 . 2008-06-15 22:33 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-15 22:32 . 2008-06-17 21:14 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-15 22:32 . 2008-06-15 22:32 <REP> d-------- C:\Program Files\AVG
2008-06-15 22:32 . 2008-06-15 22:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-14 10:06 . 2008-06-14 10:05 691,545 --a------ C:\WINDOWS\unins000.exe
2008-06-14 10:06 . 2008-06-14 10:06 2,551 --a------ C:\WINDOWS\unins000.dat
2008-06-13 23:16 . 2008-06-13 23:16 <REP> d-------- C:\Documents and Settings\LocalService\Menu Démarrer
2008-06-13 23:12 . 2008-06-13 23:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-06-13 21:58 . 2008-06-13 21:58 <REP> d-------- C:\Program Files\Lavasoft
2008-05-22 17:53 . 2008-05-22 17:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-05-22 17:50 . 2008-05-22 18:04 167,153 --a------ C:\WINDOWS\hpoins21.dat
2008-05-22 17:50 . 2007-05-15 12:10 8,138 --------- C:\WINDOWS\hpomdl21.dat
2008-05-20 21:53 . 2008-05-20 21:53 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-15 20:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-15 20:20 --------- d-----w C:\Program Files\Fichiers communs\Panda Software
2008-06-14 08:59 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-06-14 08:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-14 08:54 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-13 19:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-11 20:34 --------- d-----w C:\Documents and Settings\da conceicao\Application Data\Azureus
2008-06-10 15:21 --------- d-----w C:\Program Files\Azureus
2008-05-27 21:13 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-05-22 15:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-05-22 14:57 --------- d-----w C:\Documents and Settings\da conceicao\Application Data\HP
2008-05-20 19:53 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 194,144 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2007-10-05 16:32 51,422,520 -c--a-w C:\Program Files\iTunes743Setup.exe
2007-10-05 15:37 17,929,072 -c--a-w C:\Program Files\Install_Messenger.exe
2007-09-01 13:44 79,752 -c--a-w C:\Program Files\Preparation_Messenger.exe
2007-08-13 20:39 172 -c--a-w C:\Documents and Settings\k-ralho\Application Data\wklnhst.dat
2007-07-29 17:34 16,429,768 -c--a-w C:\Program Files\setupfre.exe
2007-05-01 14:25 5,037,072 -c--a-w C:\Program Files\spybotsd14.exe
2007-05-01 14:00 99,328 -c--a-w C:\Program Files\VundoFix.exe
2007-02-24 14:41 36,808,256 -c--a-w C:\Program Files\iTunesSetup.exe
2007-01-05 23:56 9,453,630 ----a-w C:\Program Files\vlc-0.8.6a-win32.exe
2006-10-19 18:50 867,392 ----a-w C:\Program Files\GoogleToolbarInstaller.exe
2006-10-01 15:12 3,660,813 -c--a-w C:\Program Files\LimeWire Pro 4.9.23 full version 100 % working.rar
2006-09-30 07:38 22 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-17_20.51.29.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-12 06:37:25 135,168 ----a-r C:\WINDOWS\Installer\{9084040C-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-06-17 18:51:00 135,168 ----a-r C:\WINDOWS\Installer\{9084040C-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-03-12 06:37:25 40,960 ----a-r C:\WINDOWS\Installer\{9084040C-6000-11D3-8CFE-0150048383C9}\xlvicon.exe
+ 2008-06-17 18:51:00 40,960 ----a-r C:\WINDOWS\Installer\{9084040C-6000-11D3-8CFE-0150048383C9}\xlvicon.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E07C525E-6BC9-4EE4-8516-FF6E70D82F49}]
C:\WINDOWS\system32\awtrRijj.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 23:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-01 17:22 68856]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 18:46 217544]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59 204288]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"WINSOS VERIFY"="C:\Program Files\Winsos\WINSOS.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 22:58 458752]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-26 21:48 7561216]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-26 21:48 86016]
"nwiz"="nwiz.exe" [2006-04-26 21:48 1519616 C:\WINDOWS\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-17 22:29 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 07:01 761946]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 14:38 131072]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-02 10:36 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23 1187840]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-04-11 21:54 102400]
"TVPService"="C:\Program Files\HP\TVPlay\TVPService.exe" [2006-04-03 13:34 135168]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-05-20 21:53 185896]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-15 22:32 1177368]
"2042548c"="C:\WINDOWS\system32\ssfslyou.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 23:00 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-10-30 22:32:21 1183744]
D‚marrage rapide de HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 09:39:30 73728]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 08:05:26 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcDWNdB]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJYpmKC]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\HP\\TVPlay\\TVPlay.exe"=
"C:\\Program Files\\HP\\TVPlay\\TVPService.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-15 22:33]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-15 22:32]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-15 22:32]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-15 22:33]
R2 CyberLink Media Library Service(HP TVPlay);CyberLink Media Library Service(HP TVPlay);"C:\Program Files\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe" [2006-04-03 13:34]
R2 HPSLPSVC;HP Network Devices Support;C:\WINDOWS\system32\svchost.exe [2004-08-05 23:00]
R2 TVPCapSvc;CyberLink Background Capture Service (CBCS HP TVPlay);"C:\Program Files\HP\TVPlay\Kernel\TV\TVPCapSvc.exe" [2006-04-03 13:35]
R2 TVPSched;CyberLink Task Scheduler (CTS HP TVPlay);"C:\Program Files\HP\TVPlay\Kernel\TV\TVPSched.exe" [2006-04-03 13:35]
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-05-10 01:02]
S3 MODBDA2;DiBcom MOD3000 TV receiver;C:\WINDOWS\system32\Drivers\modbda2.sys [2006-05-13 09:52]
S3 PMTOOL;SAPPHIRE USB Device ;C:\WINDOWS\system32\Drivers\Sapphire.sys [2007-03-08 17:31]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 21:23:14
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????,?@? ????Z??????R?@?????,?@
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-06-17 21:24:43
ComboFix-quarantined-files.txt 2008-06-17 19:24:13
ComboFix2.txt 2008-06-17 18:51:57
Pre-Run: 54,670,651,392 octets libres
Post-Run: 54,675,988,480 octets libres
196 --- E O F --- 2008-06-17 18:51:02
Re
Peux tu désinstaller Hijack ... et le réinstaller dans C:\Hijack (Pas dans Program files)
Merci
Ensuite renommes Hijackthis.exe en azerty.exe
Tu le relances ...
Choisis l'option "Do a system scan and save a log file"
Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport
Colle le rapport
A+
Peux tu désinstaller Hijack ... et le réinstaller dans C:\Hijack (Pas dans Program files)
Merci
Ensuite renommes Hijackthis.exe en azerty.exe
Tu le relances ...
Choisis l'option "Do a system scan and save a log file"
Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport
Colle le rapport
A+
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:58:24, on 17/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\TVPlay\Kernel\TV\TVPCapSvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\TVPlay\Kernel\TV\TVPSched.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\TVPlay\TVPService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\azerty.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://hpsa-redirectors.hpcloud.hp.com/Common/npcRedirectorPage.asp?context=doc100001&locale=040c
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: (no name) - {33BEC79B-ECAF-4E49-A042-894647E04119} - (no file)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {4852A55C-975F-4143-B552-30B5E2DEB74D} - (no file)
O2 - BHO: (no name) - {48BB0056-8AA7-4843-95FC-0C32438FD5C9} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7A7E7920-C5A9-4638-A843-01EC64E8BB09} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A324AE6A-0591-4558-B0E2-F17973327DB0} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AD5EB286-260C-4F96-894D-DD575C2C1C90} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {D37BA0C9-30D1-4485-8250-C269F863D5C1} - (no file)
O2 - BHO: (no name) - {d759f233-d6f7-4529-aa46-a992ba2b472a} - (no file)
O2 - BHO: (no name) - {E07C525E-6BC9-4EE4-8516-FF6E70D82F49} - C:\WINDOWS\system32\awtrRijj.dll (file missing)
O2 - BHO: (no name) - {f59c1bb4-f13b-4559-914d-e7443e5df4af} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [TVPService] "C:\Program Files\HP\TVPlay\TVPService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [2042548c] rundll32.exe "C:\WINDOWS\system32\ssfslyou.dll",b
O4 - HKLM\..\Run: [BM23716710] Rundll32.exe "C:\WINDOWS\system32\rpmatchu.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: efcDWNdB - C:\WINDOWS\
O20 - Winlogon Notify: mlJYpmKC - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CyberLink Media Library Service(HP TVPlay) - Cyberlink - C:\Program Files\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: CyberLink Background Capture Service (CBCS HP TVPlay) (TVPCapSvc) - Unknown owner - C:\Program Files\HP\TVPlay\Kernel\TV\TVPCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS HP TVPlay) (TVPSched) - Unknown owner - C:\Program Files\HP\TVPlay\Kernel\TV\TVPSched.exe
Scan saved at 21:58:24, on 17/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\TVPlay\Kernel\TV\TVPCapSvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\TVPlay\Kernel\TV\TVPSched.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\TVPlay\TVPService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\azerty.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://hpsa-redirectors.hpcloud.hp.com/Common/npcRedirectorPage.asp?context=doc100001&locale=040c
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: (no name) - {33BEC79B-ECAF-4E49-A042-894647E04119} - (no file)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {4852A55C-975F-4143-B552-30B5E2DEB74D} - (no file)
O2 - BHO: (no name) - {48BB0056-8AA7-4843-95FC-0C32438FD5C9} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7A7E7920-C5A9-4638-A843-01EC64E8BB09} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A324AE6A-0591-4558-B0E2-F17973327DB0} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AD5EB286-260C-4F96-894D-DD575C2C1C90} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {D37BA0C9-30D1-4485-8250-C269F863D5C1} - (no file)
O2 - BHO: (no name) - {d759f233-d6f7-4529-aa46-a992ba2b472a} - (no file)
O2 - BHO: (no name) - {E07C525E-6BC9-4EE4-8516-FF6E70D82F49} - C:\WINDOWS\system32\awtrRijj.dll (file missing)
O2 - BHO: (no name) - {f59c1bb4-f13b-4559-914d-e7443e5df4af} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [TVPService] "C:\Program Files\HP\TVPlay\TVPService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [2042548c] rundll32.exe "C:\WINDOWS\system32\ssfslyou.dll",b
O4 - HKLM\..\Run: [BM23716710] Rundll32.exe "C:\WINDOWS\system32\rpmatchu.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: efcDWNdB - C:\WINDOWS\
O20 - Winlogon Notify: mlJYpmKC - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CyberLink Media Library Service(HP TVPlay) - Cyberlink - C:\Program Files\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: CyberLink Background Capture Service (CBCS HP TVPlay) (TVPCapSvc) - Unknown owner - C:\Program Files\HP\TVPlay\Kernel\TV\TVPCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS HP TVPlay) (TVPSched) - Unknown owner - C:\Program Files\HP\TVPlay\Kernel\TV\TVPSched.exe
Re
Avec HijackThis :
Do a system scan only
Coche ces lignes :
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://h30155.www3.hp.com/...
O2 - BHO: (no name) - {33BEC79B-ECAF-4E49-A042-894647E04119} - (no file)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {4852A55C-975F-4143-B552-30B5E2DEB74D} - (no file)
O2 - BHO: (no name) - {48BB0056-8AA7-4843-95FC-0C32438FD5C9} - (no file)
O2 - BHO: (no name) - {7A7E7920-C5A9-4638-A843-01EC64E8BB09} - (no file)
O2 - BHO: (no name) - {A324AE6A-0591-4558-B0E2-F17973327DB0} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AD5EB286-260C-4F96-894D-DD575C2C1C90} - (no file)
O2 - BHO: (no name) - {D37BA0C9-30D1-4485-8250-C269F863D5C1} - (no file)
O2 - BHO: (no name) - {d759f233-d6f7-4529-aa46-a992ba2b472a} - (no file)
O2 - BHO: (no name) - {E07C525E-6BC9-4EE4-8516-FF6E70D82F49} - C:\WINDOWS\system32\awtrRijj.dll (file missing)
O2 - BHO: (no name) - {f59c1bb4-f13b-4559-914d-e7443e5df4af} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [2042548c] rundll32.exe "C:\WINDOWS\system32\ssfslyou.dll",b
O4 - HKLM\..\Run: [BM23716710] Rundll32.exe "C:\WINDOWS\system32\rpmatchu.dll",s
O20 - Winlogon Notify: efcDWNdB - C:\WINDOWS\
O20 - Winlogon Notify: mlJYpmKC - C:\WINDOWS\
Arrête toutes les autres applications en cours et :
Fix checked
Ensuite :
VirtumundoBegone
Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse
Reposte aussi un log Hijack (azerty)
A+
Avec HijackThis :
Do a system scan only
Coche ces lignes :
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://h30155.www3.hp.com/...
O2 - BHO: (no name) - {33BEC79B-ECAF-4E49-A042-894647E04119} - (no file)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {4852A55C-975F-4143-B552-30B5E2DEB74D} - (no file)
O2 - BHO: (no name) - {48BB0056-8AA7-4843-95FC-0C32438FD5C9} - (no file)
O2 - BHO: (no name) - {7A7E7920-C5A9-4638-A843-01EC64E8BB09} - (no file)
O2 - BHO: (no name) - {A324AE6A-0591-4558-B0E2-F17973327DB0} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AD5EB286-260C-4F96-894D-DD575C2C1C90} - (no file)
O2 - BHO: (no name) - {D37BA0C9-30D1-4485-8250-C269F863D5C1} - (no file)
O2 - BHO: (no name) - {d759f233-d6f7-4529-aa46-a992ba2b472a} - (no file)
O2 - BHO: (no name) - {E07C525E-6BC9-4EE4-8516-FF6E70D82F49} - C:\WINDOWS\system32\awtrRijj.dll (file missing)
O2 - BHO: (no name) - {f59c1bb4-f13b-4559-914d-e7443e5df4af} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [2042548c] rundll32.exe "C:\WINDOWS\system32\ssfslyou.dll",b
O4 - HKLM\..\Run: [BM23716710] Rundll32.exe "C:\WINDOWS\system32\rpmatchu.dll",s
O20 - Winlogon Notify: efcDWNdB - C:\WINDOWS\
O20 - Winlogon Notify: mlJYpmKC - C:\WINDOWS\
Arrête toutes les autres applications en cours et :
Fix checked
Ensuite :
VirtumundoBegone
Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse
Reposte aussi un log Hijack (azerty)
A+
donc voici le rapport virtumundo
[06/17/2008, 22:34:24] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\da conceicao\Bureau\VirtumundoBeGone.exe" )
[06/17/2008, 22:34:27] - Detected System Information:
[06/17/2008, 22:34:27] - Windows Version: 5.1.2600, Service Pack 2
[06/17/2008, 22:34:27] - Current Username: da conceicao (Admin)
[06/17/2008, 22:34:27] - Windows is in NORMAL mode.
[06/17/2008, 22:34:27] - Searching for Browser Helper Objects:
[06/17/2008, 22:34:27] - BHO 1: {053F9267-DC04-4294-A72C-58F732D338C0} (HP Print Clips)
[06/17/2008, 22:34:27] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/17/2008, 22:34:27] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/17/2008, 22:34:27] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[06/17/2008, 22:34:27] - BHO 5: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/17/2008, 22:34:27] - Finished Searching Browser Helper Objects
[06/17/2008, 22:34:27] - Finishing up...
[06/17/2008, 22:34:27] - Nothing found! Exitin
et ensuite le rapport hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:45:07, on 17/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\TVPlay\Kernel\TV\TVPCapSvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\HP\TVPlay\Kernel\TV\TVPSched.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\TVPlay\TVPService.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\azerty.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: (no name) - {33BEC79B-ECAF-4E49-A042-894647E04119} - (no file)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {4852A55C-975F-4143-B552-30B5E2DEB74D} - (no file)
O2 - BHO: (no name) - {48BB0056-8AA7-4843-95FC-0C32438FD5C9} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7A7E7920-C5A9-4638-A843-01EC64E8BB09} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A324AE6A-0591-4558-B0E2-F17973327DB0} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AD5EB286-260C-4F96-894D-DD575C2C1C90} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {D37BA0C9-30D1-4485-8250-C269F863D5C1} - (no file)
O2 - BHO: (no name) - {d759f233-d6f7-4529-aa46-a992ba2b472a} - (no file)
O2 - BHO: (no name) - {E07C525E-6BC9-4EE4-8516-FF6E70D82F49} - (no file)
O2 - BHO: (no name) - {f59c1bb4-f13b-4559-914d-e7443e5df4af} - (no file)
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [TVPService] "C:\Program Files\HP\TVPlay\TVPService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [2042548c] rundll32.exe "C:\WINDOWS\system32\ssfslyou.dll",b
O4 - HKLM\..\Run: [BM23716710] Rundll32.exe "C:\WINDOWS\system32\rpmatchu.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: efcDWNdB - C:\WINDOWS\
O20 - Winlogon Notify: mlJYpmKC - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CyberLink Media Library Service(HP TVPlay) - Cyberlink - C:\Program Files\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: CyberLink Background Capture Service (CBCS HP TVPlay) (TVPCapSvc) - Unknown owner - C:\Program Files\HP\TVPlay\Kernel\TV\TVPCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS HP TVPlay) (TVPSched) - Unknown owner - C:\Program Files\HP\TVPlay\Kernel\TV\TVPSched.exe
[06/17/2008, 22:34:24] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\da conceicao\Bureau\VirtumundoBeGone.exe" )
[06/17/2008, 22:34:27] - Detected System Information:
[06/17/2008, 22:34:27] - Windows Version: 5.1.2600, Service Pack 2
[06/17/2008, 22:34:27] - Current Username: da conceicao (Admin)
[06/17/2008, 22:34:27] - Windows is in NORMAL mode.
[06/17/2008, 22:34:27] - Searching for Browser Helper Objects:
[06/17/2008, 22:34:27] - BHO 1: {053F9267-DC04-4294-A72C-58F732D338C0} (HP Print Clips)
[06/17/2008, 22:34:27] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/17/2008, 22:34:27] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/17/2008, 22:34:27] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[06/17/2008, 22:34:27] - BHO 5: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/17/2008, 22:34:27] - Finished Searching Browser Helper Objects
[06/17/2008, 22:34:27] - Finishing up...
[06/17/2008, 22:34:27] - Nothing found! Exitin
et ensuite le rapport hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:45:07, on 17/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\TVPlay\Kernel\TV\TVPCapSvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\HP\TVPlay\Kernel\TV\TVPSched.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\TVPlay\TVPService.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\azerty.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: (no name) - {33BEC79B-ECAF-4E49-A042-894647E04119} - (no file)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {4852A55C-975F-4143-B552-30B5E2DEB74D} - (no file)
O2 - BHO: (no name) - {48BB0056-8AA7-4843-95FC-0C32438FD5C9} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7A7E7920-C5A9-4638-A843-01EC64E8BB09} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A324AE6A-0591-4558-B0E2-F17973327DB0} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AD5EB286-260C-4F96-894D-DD575C2C1C90} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {D37BA0C9-30D1-4485-8250-C269F863D5C1} - (no file)
O2 - BHO: (no name) - {d759f233-d6f7-4529-aa46-a992ba2b472a} - (no file)
O2 - BHO: (no name) - {E07C525E-6BC9-4EE4-8516-FF6E70D82F49} - (no file)
O2 - BHO: (no name) - {f59c1bb4-f13b-4559-914d-e7443e5df4af} - (no file)
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [TVPService] "C:\Program Files\HP\TVPlay\TVPService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [2042548c] rundll32.exe "C:\WINDOWS\system32\ssfslyou.dll",b
O4 - HKLM\..\Run: [BM23716710] Rundll32.exe "C:\WINDOWS\system32\rpmatchu.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: efcDWNdB - C:\WINDOWS\
O20 - Winlogon Notify: mlJYpmKC - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CyberLink Media Library Service(HP TVPlay) - Cyberlink - C:\Program Files\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: CyberLink Background Capture Service (CBCS HP TVPlay) (TVPCapSvc) - Unknown owner - C:\Program Files\HP\TVPlay\Kernel\TV\TVPCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS HP TVPlay) (TVPSched) - Unknown owner - C:\Program Files\HP\TVPlay\Kernel\TV\TVPSched.exe
Re
Bizarre .. aucune ligne n'a été supprimée avec Hijack !!!
As tu bien fait ce qui était demandé ?
Refais le si ce n'est pas le cas !
Ensuite :
Sélectionnes tout le texte ci-dessous en gras :
C:\WINDOWS\system32\mlJYpmKC.dll.vir
C:\WINDOWS\system32\ssfslyou.dll
C:\WINDOWS\system32\rpmatchu.dll
registry:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"2042548c"=-
"BM23716710"=-
# Copie le texte sélectionné (CTRL+C).
# Ouvre le bloc-note (programme>Accessoire>bloc-note).
# Colle le texte copié dans ce bloc-note (CTRL+V).
# Sauvegarde ce fichier sous le nom de CFScript.txt
# Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
# Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
# Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
# Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
# Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
A+
Bizarre .. aucune ligne n'a été supprimée avec Hijack !!!
As tu bien fait ce qui était demandé ?
Refais le si ce n'est pas le cas !
Ensuite :
Sélectionnes tout le texte ci-dessous en gras :
C:\WINDOWS\system32\mlJYpmKC.dll.vir
C:\WINDOWS\system32\ssfslyou.dll
C:\WINDOWS\system32\rpmatchu.dll
registry:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"2042548c"=-
"BM23716710"=-
# Copie le texte sélectionné (CTRL+C).
# Ouvre le bloc-note (programme>Accessoire>bloc-note).
# Colle le texte copié dans ce bloc-note (CTRL+V).
# Sauvegarde ce fichier sous le nom de CFScript.txt
# Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
# Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
# Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
# Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
# Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
A+
bon j ai tt recomence
voici le virtumond
[06/17/2008, 22:34:24] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\da conceicao\Bureau\VirtumundoBeGone.exe" )
[06/17/2008, 22:34:27] - Detected System Information:
[06/17/2008, 22:34:27] - Windows Version: 5.1.2600, Service Pack 2
[06/17/2008, 22:34:27] - Current Username: da conceicao (Admin)
[06/17/2008, 22:34:27] - Windows is in NORMAL mode.
[06/17/2008, 22:34:27] - Searching for Browser Helper Objects:
[06/17/2008, 22:34:27] - BHO 1: {053F9267-DC04-4294-A72C-58F732D338C0} (HP Print Clips)
[06/17/2008, 22:34:27] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/17/2008, 22:34:27] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/17/2008, 22:34:27] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[06/17/2008, 22:34:27] - BHO 5: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/17/2008, 22:34:27] - Finished Searching Browser Helper Objects
[06/17/2008, 22:34:27] - Finishing up...
[06/17/2008, 22:34:27] - Nothing found! Exiting...
[06/17/2008, 23:22:36] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\da conceicao\Bureau\VirtumundoBeGone.exe" )
[06/17/2008, 23:22:53] - Detected System Information:
[06/17/2008, 23:22:53] - Windows Version: 5.1.2600, Service Pack 2
[06/17/2008, 23:22:53] - Current Username: da conceicao (Admin)
[06/17/2008, 23:22:53] - Windows is in NORMAL mode.
[06/17/2008, 23:22:53] - Searching for Browser Helper Objects:
[06/17/2008, 23:22:53] - BHO 1: {053F9267-DC04-4294-A72C-58F732D338C0} (HP Print Clips)
[06/17/2008, 23:22:53] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/17/2008, 23:22:53] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/17/2008, 23:22:53] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[06/17/2008, 23:22:53] - BHO 5: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/17/2008, 23:22:53] - Finished Searching Browser Helper Objects
[06/17/2008, 23:22:53] - Finishing up...
[06/17/2008, 23:22:53] - Nothing found! Exiting...
et le hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:23:23, on 17/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\TVPlay\Kernel\TV\TVPCapSvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\HP\TVPlay\Kernel\TV\TVPSched.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\TVPlay\TVPService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\azerty.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [TVPService] "C:\Program Files\HP\TVPlay\TVPService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CyberLink Media Library Service(HP TVPlay) - Cyberlink - C:\Program Files\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: CyberLink Background Capture Service (CBCS HP TVPlay) (TVPCapSvc) - Unknown owner - C:\Program Files\HP\TVPlay\Kernel\TV\TVPCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS HP TVPlay) (TVPSched) - Unknown owner - C:\Program Files\HP\TVPlay\Kernel\TV\TVPSched.exe
voici le virtumond
[06/17/2008, 22:34:24] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\da conceicao\Bureau\VirtumundoBeGone.exe" )
[06/17/2008, 22:34:27] - Detected System Information:
[06/17/2008, 22:34:27] - Windows Version: 5.1.2600, Service Pack 2
[06/17/2008, 22:34:27] - Current Username: da conceicao (Admin)
[06/17/2008, 22:34:27] - Windows is in NORMAL mode.
[06/17/2008, 22:34:27] - Searching for Browser Helper Objects:
[06/17/2008, 22:34:27] - BHO 1: {053F9267-DC04-4294-A72C-58F732D338C0} (HP Print Clips)
[06/17/2008, 22:34:27] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/17/2008, 22:34:27] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/17/2008, 22:34:27] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[06/17/2008, 22:34:27] - BHO 5: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/17/2008, 22:34:27] - Finished Searching Browser Helper Objects
[06/17/2008, 22:34:27] - Finishing up...
[06/17/2008, 22:34:27] - Nothing found! Exiting...
[06/17/2008, 23:22:36] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\da conceicao\Bureau\VirtumundoBeGone.exe" )
[06/17/2008, 23:22:53] - Detected System Information:
[06/17/2008, 23:22:53] - Windows Version: 5.1.2600, Service Pack 2
[06/17/2008, 23:22:53] - Current Username: da conceicao (Admin)
[06/17/2008, 23:22:53] - Windows is in NORMAL mode.
[06/17/2008, 23:22:53] - Searching for Browser Helper Objects:
[06/17/2008, 23:22:53] - BHO 1: {053F9267-DC04-4294-A72C-58F732D338C0} (HP Print Clips)
[06/17/2008, 23:22:53] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/17/2008, 23:22:53] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/17/2008, 23:22:53] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[06/17/2008, 23:22:53] - BHO 5: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/17/2008, 23:22:53] - Finished Searching Browser Helper Objects
[06/17/2008, 23:22:53] - Finishing up...
[06/17/2008, 23:22:53] - Nothing found! Exiting...
et le hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:23:23, on 17/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\TVPlay\Kernel\TV\TVPCapSvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\HP\TVPlay\Kernel\TV\TVPSched.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\TVPlay\TVPService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\azerty.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [TVPService] "C:\Program Files\HP\TVPlay\TVPService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CyberLink Media Library Service(HP TVPlay) - Cyberlink - C:\Program Files\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: CyberLink Background Capture Service (CBCS HP TVPlay) (TVPCapSvc) - Unknown owner - C:\Program Files\HP\TVPlay\Kernel\TV\TVPCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS HP TVPlay) (TVPSched) - Unknown owner - C:\Program Files\HP\TVPlay\Kernel\TV\TVPSched.exe
Re
Voilà c'est mieux comme ça !!!
Ton rapport est correct.
Pour désinstaller les outils/logs installés pour la désinfection :
Télécharge Tools Cleaner sur ton bureau.
Clique sur Recherche et laisse le scan agir ...
Clique sur Suppression pour finaliser.
Tu peux, si tu le souhaites, te servir des Options facultatives.
Clique sur Quitter pour obtenir le rapport.
Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
A+
SI tu n'as plus de problèmes tu peux mettre l'état du post sur résolu.
Voilà c'est mieux comme ça !!!
Ton rapport est correct.
Pour désinstaller les outils/logs installés pour la désinfection :
Télécharge Tools Cleaner sur ton bureau.
Clique sur Recherche et laisse le scan agir ...
Clique sur Suppression pour finaliser.
Tu peux, si tu le souhaites, te servir des Options facultatives.
Clique sur Quitter pour obtenir le rapport.
Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
A+
SI tu n'as plus de problèmes tu peux mettre l'état du post sur résolu.
ok je te remercie enormement.Et sinon a tu un bon antivirus a me conseiller et quel logiciel garder et utilise regulierement.encore merci
C:\Vundofix backups: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Bureau\Navilog1.lnk: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !
C:\Documents and Settings\da conceicao\Bureau\VirtumundoBeGone.exe: trouvé !
C:\Documents and Settings\da conceicao\Bureau\Navilog1.exe: trouvé !
C:\Documents and Settings\da conceicao\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\da conceicao\Bureau\vundoFix.exe: trouvé !
C:\Documents and Settings\da conceicao\Recent\HijackThis.lnk: trouvé !
C:\Documents and Settings\k-ralho\Recent\HijackThis.lnk: trouvé !
C:\Program Files\vundoFix.exe: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\All Users\Bureau\Navilog1.lnk: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé !
C:\Documents and Settings\da conceicao\Bureau\VirtumundoBeGone.exe: supprimé !
C:\Documents and Settings\da conceicao\Bureau\Navilog1.exe: supprimé !
C:\Documents and Settings\da conceicao\Bureau\ComboFix.exe: supprimé !
C:\Documents and Settings\da conceicao\Bureau\vundoFix.exe: supprimé !
C:\Documents and Settings\da conceicao\Recent\HijackThis.lnk: supprimé !
C:\Documents and Settings\k-ralho\Recent\HijackThis.lnk: supprimé !
C:\Program Files\vundoFix.exe: supprimé !
C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\Vundofix backups: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Bureau\Navilog1.lnk: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !
C:\Documents and Settings\da conceicao\Bureau\VirtumundoBeGone.exe: trouvé !
C:\Documents and Settings\da conceicao\Bureau\Navilog1.exe: trouvé !
C:\Documents and Settings\da conceicao\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\da conceicao\Bureau\vundoFix.exe: trouvé !
C:\Documents and Settings\da conceicao\Recent\HijackThis.lnk: trouvé !
C:\Documents and Settings\k-ralho\Recent\HijackThis.lnk: trouvé !
C:\Program Files\vundoFix.exe: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\All Users\Bureau\Navilog1.lnk: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé !
C:\Documents and Settings\da conceicao\Bureau\VirtumundoBeGone.exe: supprimé !
C:\Documents and Settings\da conceicao\Bureau\Navilog1.exe: supprimé !
C:\Documents and Settings\da conceicao\Bureau\ComboFix.exe: supprimé !
C:\Documents and Settings\da conceicao\Bureau\vundoFix.exe: supprimé !
C:\Documents and Settings\da conceicao\Recent\HijackThis.lnk: supprimé !
C:\Documents and Settings\k-ralho\Recent\HijackThis.lnk: supprimé !
C:\Program Files\vundoFix.exe: supprimé !
C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\Vundofix backups: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: supprimé !
C:\Program Files\Navilog1: supprimé !
Re
Renommes Azerty.exe en Hijacj.exe et désinstalles Hijack(panneau de conf)
Ensuite :
Télécharge Ccleaner (avec tuto)
Lors de son installation décoche la case devant : Ajouter la Barre d'Outils Yahoo! CCleaner
Lance une analyse et ensuite un nettoyage
Fais de même avec le registre
(Laisse les options par défaut)
Tu peux garder ce logiciel et t'en servir (tous les 2 jours par exemple)
Ensuite, nouveau point de restauration
- vide la corbeille
- Désactive ta restauration systeme :
Clic droit poste de travail --> propriétés --> onglet restauration du systeme :
coche la case "désactiver la restauration systeme sur tous les lecteurs."
Clic sur "Appliquer", et "ok".
Puis,
- Réactive ta restauration systeme :
Clic droit poste de travail --> propriétés --> onglet restauration du systeme :
décoche la case "désactiver la restauration systeme sur tous les lecteurs."
Clic sur "Appliquer", et "ok".
Ensuite redémarre ton PC
---------------------------------------------------------------------------------------------------------------
Ensuite je te conseille :
Pare feu Kerio (sur un de ces sites)
http://www.malekal.com/kerio_firewall.php#mozTocId721480
https://www.vulgarisation-informatique.com/kerio.php
https://kerio.probb.fr/f2-sunbelt-kerio-personal-firewall
Mais désinstalles le pare-feu de XP si tu installes celui-ci (ou un autre)
---------------------------------------------------------------------------------------------------------------
Antivirus (Rappel : 1 SEUL antivirus sur 1 PC !!!)
Antivir Personal Edition Classic (en anglais)
https://www.malekal.com/avira-free-security-antivirus-gratuit/
A+ peut-être
Renommes Azerty.exe en Hijacj.exe et désinstalles Hijack(panneau de conf)
Ensuite :
Télécharge Ccleaner (avec tuto)
Lors de son installation décoche la case devant : Ajouter la Barre d'Outils Yahoo! CCleaner
Lance une analyse et ensuite un nettoyage
Fais de même avec le registre
(Laisse les options par défaut)
Tu peux garder ce logiciel et t'en servir (tous les 2 jours par exemple)
Ensuite, nouveau point de restauration
- vide la corbeille
- Désactive ta restauration systeme :
Clic droit poste de travail --> propriétés --> onglet restauration du systeme :
coche la case "désactiver la restauration systeme sur tous les lecteurs."
Clic sur "Appliquer", et "ok".
Puis,
- Réactive ta restauration systeme :
Clic droit poste de travail --> propriétés --> onglet restauration du systeme :
décoche la case "désactiver la restauration systeme sur tous les lecteurs."
Clic sur "Appliquer", et "ok".
Ensuite redémarre ton PC
---------------------------------------------------------------------------------------------------------------
Ensuite je te conseille :
Pare feu Kerio (sur un de ces sites)
http://www.malekal.com/kerio_firewall.php#mozTocId721480
https://www.vulgarisation-informatique.com/kerio.php
https://kerio.probb.fr/f2-sunbelt-kerio-personal-firewall
Mais désinstalles le pare-feu de XP si tu installes celui-ci (ou un autre)
---------------------------------------------------------------------------------------------------------------
Antivirus (Rappel : 1 SEUL antivirus sur 1 PC !!!)
Antivir Personal Edition Classic (en anglais)
https://www.malekal.com/avira-free-security-antivirus-gratuit/
A+ peut-être
