TR/Monder.33792 me harcèle.
chester57
Messages postés
26
Statut
Membre
-
chester57 Messages postés 26 Statut Membre -
chester57 Messages postés 26 Statut Membre -
Bonjour, je m'appelle William, si vous voulez m'appeler par mon nom, c'est votre choix, certains m'appele ''Hey!''. trève de formalité, il y a un virus qui apparait sous le nom de TR/Monder.33792 qui ne veut pas me laisser tranquille, j'ai avira comme anti-virus mais il ne peut pas l'effacer( A vrai dire je ne sais pas vraiment ce qu'il fait, soit qu'il ne peut l'effacer soit que le virus l'empêche de l'effacer, car il controle peu ou moins quelques fonctions de windows, tel que les paramètres de sécurités windows tel que les mises a jour automatiques car elles sont constamment désactivées et quoique je tente de faire je ne peux les réactivées, également quand je surf des fenètres me proposant une gamme de logiciels pour me débarasser des virus qui inhabite mon ordinateur ne cesse de sallumer, bref jai les mains liées et pour une raison que jignore quelques touches ont cessés subitement de fonctionner... quelquun peut-il me proposer une alternative a mon antivirus qui ne fonctionne pas dans la situation présente svp.!?
A voir également:
- TR/Monder.33792 me harcèle.
- Sennheiser tr 120 mode d'emploi - Forum TV & Vidéo
- Sennheiser tr 4200 problème - Forum TV & Vidéo
- Tr signification ✓ - Forum Loisirs / Divertissements
- Sennheiser RS 120 II - Forum Casque et écouteurs
- Wap tr - Télécharger - Divers TV & Vidéo
13 réponses
bonjours j'ai le même problème impossible de l'enlever!
ma configuration:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:12, on 06/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Lucas Orsini\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {41C29B07-6F91-4966-91BE-2E2841643C83} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [90734320] rundll32.exe "C:\WINDOWS\system32\yspimrax.dll",b
O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\Lucas Orsini\winlogon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?a64640a6788b444c8f55fa5cc263189d
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?a64640a6788b444c8f55fa5cc263189d
O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
ma configuration:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:12, on 06/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Lucas Orsini\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {41C29B07-6F91-4966-91BE-2E2841643C83} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [90734320] rundll32.exe "C:\WINDOWS\system32\yspimrax.dll",b
O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\Lucas Orsini\winlogon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?a64640a6788b444c8f55fa5cc263189d
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?a64640a6788b444c8f55fa5cc263189d
O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
Mwai.... bon c'est mon topic alors je vais poster mon rapport.....
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:54:21, on 2008-07-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Will\Bureau\omgsuxor.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {06A1F910-762A-4660-B534-55B82571851C} - C:\WINDOWS\system32\fccbBTjI.dll
O2 - BHO: (no name) - {13C80BF2-F8DB-4DEC-A725-C2A0A6111F21} - C:\WINDOWS\system32\ljJBrOFX.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {5638df09-5df8-2dbb-3754-88ce60a8c66b} - {b66c8a06-ec88-4573-bbd2-8fd590fd8365} - C:\WINDOWS\system32\wirjdh.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [8ccbda41] rundll32.exe "C:\WINDOWS\system32\rtfqyvyn.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: fccbBTjI - C:\WINDOWS\SYSTEM32\fccbBTjI.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:54:21, on 2008-07-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Will\Bureau\omgsuxor.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {06A1F910-762A-4660-B534-55B82571851C} - C:\WINDOWS\system32\fccbBTjI.dll
O2 - BHO: (no name) - {13C80BF2-F8DB-4DEC-A725-C2A0A6111F21} - C:\WINDOWS\system32\ljJBrOFX.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {5638df09-5df8-2dbb-3754-88ce60a8c66b} - {b66c8a06-ec88-4573-bbd2-8fd590fd8365} - C:\WINDOWS\system32\wirjdh.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [8ccbda41] rundll32.exe "C:\WINDOWS\system32\rtfqyvyn.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: fccbBTjI - C:\WINDOWS\SYSTEM32\fccbBTjI.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
La suite pour celui qui a démarré le sujet uniquement lui !
Télécharge VundoFix
---> http://ohfr-redir.com/1463
Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..
double clic dessus choisis "start for vundo"
attends quelques minutes, quand le scan est terminé clic sur "remove vundo"
un message te demandera si tu veux supprimes les fichiers sur "yes"
Quand il a terminé, clic sur "yes" ton ordinateur devrait redemarrer sinon, fais le par toi même
ET
Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/~secured2k/tools/VirtumundoBeGone.exe
Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu.
Télécharge VundoFix
---> http://ohfr-redir.com/1463
Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..
double clic dessus choisis "start for vundo"
attends quelques minutes, quand le scan est terminé clic sur "remove vundo"
un message te demandera si tu veux supprimes les fichiers sur "yes"
Quand il a terminé, clic sur "yes" ton ordinateur devrait redemarrer sinon, fais le par toi même
ET
Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/~secured2k/tools/VirtumundoBeGone.exe
Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Merci Pate, bon voici le rapport VBG
[07/06/2008, 19:44:11] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Will\Bureau\VirtumundoBeGone.exe" )
[07/06/2008, 19:44:22] - Detected System Information:
[07/06/2008, 19:44:22] - Windows Version: 5.1.2600, Service Pack 2
[07/06/2008, 19:44:22] - Current Username: Will (Admin)
[07/06/2008, 19:44:22] - Windows is in SAFE mode with Networking.
[07/06/2008, 19:44:22] - Searching for Browser Helper Objects:
[07/06/2008, 19:44:22] - BHO 1: {06A1F910-762A-4660-B534-55B82571851C} ()
[07/06/2008, 19:44:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/06/2008, 19:44:22] - Checking for HKLM\...\Winlogon\Notify\fccbBTjI
[07/06/2008, 19:44:22] - Found: HKLM\...\Winlogon\Notify\fccbBTjI - This is probably Virtumundo.
[07/06/2008, 19:44:22] - Assigning {06A1F910-762A-4660-B534-55B82571851C} MSEvents Object
[07/06/2008, 19:44:22] - BHO list has been changed! Starting over...
[07/06/2008, 19:44:22] - BHO 1: {06A1F910-762A-4660-B534-55B82571851C} (MSEvents Object)
[07/06/2008, 19:44:22] - ALERT: Found MSEvents Object!
[07/06/2008, 19:44:22] - BHO 2: {3B9413B9-4580-4872-99FE-DE5DB3E8B1CF} ()
[07/06/2008, 19:44:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/06/2008, 19:44:22] - Checking for HKLM\...\Winlogon\Notify\ljJBrOFX
[07/06/2008, 19:44:22] - Key not found: HKLM\...\Winlogon\Notify\ljJBrOFX, continuing.
[07/06/2008, 19:44:22] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/06/2008, 19:44:22] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[07/06/2008, 19:44:22] - BHO 5: {b66c8a06-ec88-4573-bbd2-8fd590fd8365} ()
[07/06/2008, 19:44:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/06/2008, 19:44:22] - Checking for HKLM\...\Winlogon\Notify\wirjdh
[07/06/2008, 19:44:22] - Key not found: HKLM\...\Winlogon\Notify\wirjdh, continuing.
[07/06/2008, 19:44:22] - BHO 6: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[07/06/2008, 19:44:22] - Finished Searching Browser Helper Objects
[07/06/2008, 19:44:22] - *** Detected MSEvents Object
[07/06/2008, 19:44:22] - Trying to remove MSEvents Object...
[07/06/2008, 19:44:23] - Terminating Process: IEXPLORE.EXE
[07/06/2008, 19:44:24] - Terminating Process: RUNDLL32.EXE
[07/06/2008, 19:44:24] - Disabling Automatic Shell Restart
[07/06/2008, 19:44:24] - Terminating Process: EXPLORER.EXE
[07/06/2008, 19:44:24] - Suspending the NT Session Manager System Service
[07/06/2008, 19:44:24] - Terminating Windows NT Logon/Logoff Manager
[07/06/2008, 19:44:24] - Re-enabling Automatic Shell Restart
[07/06/2008, 19:44:24] - File to disable: C:\WINDOWS\system32\fccbBTjI.dll
[07/06/2008, 19:44:24] - Renaming C:\WINDOWS\system32\fccbBTjI.dll -> C:\WINDOWS\system32\fccbBTjI.dll.vir
[07/06/2008, 19:44:24] - File successfully renamed!
[07/06/2008, 19:44:24] - Removing HKLM\...\Browser Helper Objects\{06A1F910-762A-4660-B534-55B82571851C}
[07/06/2008, 19:44:25] - Removing HKCR\CLSID\{06A1F910-762A-4660-B534-55B82571851C}
[07/06/2008, 19:44:25] - Adding Kill Bit for ActiveX for GUID: {06A1F910-762A-4660-B534-55B82571851C}
[07/06/2008, 19:44:25] - Deleting ATLEvents/MSEvents Registry entries
[07/06/2008, 19:44:25] - Removing HKLM\...\Winlogon\Notify\fccbBTjI
[07/06/2008, 19:44:25] - Searching for Browser Helper Objects:
[07/06/2008, 19:44:25] - BHO 1: {3B9413B9-4580-4872-99FE-DE5DB3E8B1CF} ()
[07/06/2008, 19:44:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/06/2008, 19:44:25] - Checking for HKLM\...\Winlogon\Notify\ljJBrOFX
[07/06/2008, 19:44:25] - Key not found: HKLM\...\Winlogon\Notify\ljJBrOFX, continuing.
[07/06/2008, 19:44:25] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/06/2008, 19:44:25] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[07/06/2008, 19:44:25] - BHO 4: {b66c8a06-ec88-4573-bbd2-8fd590fd8365} ()
[07/06/2008, 19:44:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/06/2008, 19:44:25] - Checking for HKLM\...\Winlogon\Notify\wirjdh
[07/06/2008, 19:44:25] - Key not found: HKLM\...\Winlogon\Notify\wirjdh, continuing.
[07/06/2008, 19:44:25] - BHO 5: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[07/06/2008, 19:44:25] - Finished Searching Browser Helper Objects
[07/06/2008, 19:44:25] - Finishing up...
[07/06/2008, 19:44:25] - A restart is needed.
[07/06/2008, 19:44:36] - Attempting to Restart via STOP error (Blue Screen!)
Suivi du rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:47:30, on 2008-07-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Will\Bureau\omgsuxor.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {5638df09-5df8-2dbb-3754-88ce60a8c66b} - {b66c8a06-ec88-4573-bbd2-8fd590fd8365} - C:\WINDOWS\system32\wirjdh.dll
O2 - BHO: (no name) - {BD3373F3-2829-4C78-A93F-F4DACBBC4C89} - C:\WINDOWS\system32\ljJBrOFX.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [8ccbda41] rundll32.exe "C:\WINDOWS\system32\rtfqyvyn.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
[07/06/2008, 19:44:11] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Will\Bureau\VirtumundoBeGone.exe" )
[07/06/2008, 19:44:22] - Detected System Information:
[07/06/2008, 19:44:22] - Windows Version: 5.1.2600, Service Pack 2
[07/06/2008, 19:44:22] - Current Username: Will (Admin)
[07/06/2008, 19:44:22] - Windows is in SAFE mode with Networking.
[07/06/2008, 19:44:22] - Searching for Browser Helper Objects:
[07/06/2008, 19:44:22] - BHO 1: {06A1F910-762A-4660-B534-55B82571851C} ()
[07/06/2008, 19:44:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/06/2008, 19:44:22] - Checking for HKLM\...\Winlogon\Notify\fccbBTjI
[07/06/2008, 19:44:22] - Found: HKLM\...\Winlogon\Notify\fccbBTjI - This is probably Virtumundo.
[07/06/2008, 19:44:22] - Assigning {06A1F910-762A-4660-B534-55B82571851C} MSEvents Object
[07/06/2008, 19:44:22] - BHO list has been changed! Starting over...
[07/06/2008, 19:44:22] - BHO 1: {06A1F910-762A-4660-B534-55B82571851C} (MSEvents Object)
[07/06/2008, 19:44:22] - ALERT: Found MSEvents Object!
[07/06/2008, 19:44:22] - BHO 2: {3B9413B9-4580-4872-99FE-DE5DB3E8B1CF} ()
[07/06/2008, 19:44:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/06/2008, 19:44:22] - Checking for HKLM\...\Winlogon\Notify\ljJBrOFX
[07/06/2008, 19:44:22] - Key not found: HKLM\...\Winlogon\Notify\ljJBrOFX, continuing.
[07/06/2008, 19:44:22] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/06/2008, 19:44:22] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[07/06/2008, 19:44:22] - BHO 5: {b66c8a06-ec88-4573-bbd2-8fd590fd8365} ()
[07/06/2008, 19:44:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/06/2008, 19:44:22] - Checking for HKLM\...\Winlogon\Notify\wirjdh
[07/06/2008, 19:44:22] - Key not found: HKLM\...\Winlogon\Notify\wirjdh, continuing.
[07/06/2008, 19:44:22] - BHO 6: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[07/06/2008, 19:44:22] - Finished Searching Browser Helper Objects
[07/06/2008, 19:44:22] - *** Detected MSEvents Object
[07/06/2008, 19:44:22] - Trying to remove MSEvents Object...
[07/06/2008, 19:44:23] - Terminating Process: IEXPLORE.EXE
[07/06/2008, 19:44:24] - Terminating Process: RUNDLL32.EXE
[07/06/2008, 19:44:24] - Disabling Automatic Shell Restart
[07/06/2008, 19:44:24] - Terminating Process: EXPLORER.EXE
[07/06/2008, 19:44:24] - Suspending the NT Session Manager System Service
[07/06/2008, 19:44:24] - Terminating Windows NT Logon/Logoff Manager
[07/06/2008, 19:44:24] - Re-enabling Automatic Shell Restart
[07/06/2008, 19:44:24] - File to disable: C:\WINDOWS\system32\fccbBTjI.dll
[07/06/2008, 19:44:24] - Renaming C:\WINDOWS\system32\fccbBTjI.dll -> C:\WINDOWS\system32\fccbBTjI.dll.vir
[07/06/2008, 19:44:24] - File successfully renamed!
[07/06/2008, 19:44:24] - Removing HKLM\...\Browser Helper Objects\{06A1F910-762A-4660-B534-55B82571851C}
[07/06/2008, 19:44:25] - Removing HKCR\CLSID\{06A1F910-762A-4660-B534-55B82571851C}
[07/06/2008, 19:44:25] - Adding Kill Bit for ActiveX for GUID: {06A1F910-762A-4660-B534-55B82571851C}
[07/06/2008, 19:44:25] - Deleting ATLEvents/MSEvents Registry entries
[07/06/2008, 19:44:25] - Removing HKLM\...\Winlogon\Notify\fccbBTjI
[07/06/2008, 19:44:25] - Searching for Browser Helper Objects:
[07/06/2008, 19:44:25] - BHO 1: {3B9413B9-4580-4872-99FE-DE5DB3E8B1CF} ()
[07/06/2008, 19:44:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/06/2008, 19:44:25] - Checking for HKLM\...\Winlogon\Notify\ljJBrOFX
[07/06/2008, 19:44:25] - Key not found: HKLM\...\Winlogon\Notify\ljJBrOFX, continuing.
[07/06/2008, 19:44:25] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/06/2008, 19:44:25] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[07/06/2008, 19:44:25] - BHO 4: {b66c8a06-ec88-4573-bbd2-8fd590fd8365} ()
[07/06/2008, 19:44:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/06/2008, 19:44:25] - Checking for HKLM\...\Winlogon\Notify\wirjdh
[07/06/2008, 19:44:25] - Key not found: HKLM\...\Winlogon\Notify\wirjdh, continuing.
[07/06/2008, 19:44:25] - BHO 5: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[07/06/2008, 19:44:25] - Finished Searching Browser Helper Objects
[07/06/2008, 19:44:25] - Finishing up...
[07/06/2008, 19:44:25] - A restart is needed.
[07/06/2008, 19:44:36] - Attempting to Restart via STOP error (Blue Screen!)
Suivi du rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:47:30, on 2008-07-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Will\Bureau\omgsuxor.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {5638df09-5df8-2dbb-3754-88ce60a8c66b} - {b66c8a06-ec88-4573-bbd2-8fd590fd8365} - C:\WINDOWS\system32\wirjdh.dll
O2 - BHO: (no name) - {BD3373F3-2829-4C78-A93F-F4DACBBC4C89} - C:\WINDOWS\system32\ljJBrOFX.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [8ccbda41] rundll32.exe "C:\WINDOWS\system32\rtfqyvyn.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Vundofix n'a rien donné ?
Rends toi sur ce site https://www.virustotal.com/gui/
A côté du bouton Choisir dans l'espace vide copie et colle ceci : "C:\WINDOWS\system32\wirjdh.dll"
Puis clic sur Envoyer le fichier.
Patiente pendant les quelques secondes de l'analyse et dès qu'il a terminé, copie l'URL présente dans ta barre d'adresse et colle la ici (de préférence) ou fais un copier-coller du rapport.
Fais la même chose avec : C:\WINDOWS\system32\ljJBrOFX.dll
Ensuite, comme tu es encore infecté suis ceci :
Télécharge ComboFix
---> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Ferme ton navigateur web avant d'exécuter ce programme
Double-clic dessus et appuye sur "1" pour continuer
Attends quelques minutes..
Un rapport va s'ouvrir enregistre son contenu, puis copie et colle le ici.
Rends toi sur ce site https://www.virustotal.com/gui/
A côté du bouton Choisir dans l'espace vide copie et colle ceci : "C:\WINDOWS\system32\wirjdh.dll"
Puis clic sur Envoyer le fichier.
Patiente pendant les quelques secondes de l'analyse et dès qu'il a terminé, copie l'URL présente dans ta barre d'adresse et colle la ici (de préférence) ou fais un copier-coller du rapport.
Fais la même chose avec : C:\WINDOWS\system32\ljJBrOFX.dll
Ensuite, comme tu es encore infecté suis ceci :
Télécharge ComboFix
---> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Ferme ton navigateur web avant d'exécuter ce programme
Double-clic dessus et appuye sur "1" pour continuer
Attends quelques minutes..
Un rapport va s'ouvrir enregistre son contenu, puis copie et colle le ici.
Bon, voici l'url du premier dll. http://www.virustotal.com/fr/reanalisis.html?9399217fc92b009817114fe3d8f8c375
Celui du deuxieme... http://www.virustotal.com/fr/analisis/d5693b29150cf7f536caa1213de4966e
wow il y avait pas mal de rouge sur la page :O
c'est vraiment chouette que tu m'aide :)
Bon j'ai runner combofix, il semble que ce qui empêchait les mises a jours automatiques de windows a cesser de s'interposer, ou d'être, cependant tu me demandait de poster le rapport, mais il n'y en a pas eu à ce que je sache.
Celui du deuxieme... http://www.virustotal.com/fr/analisis/d5693b29150cf7f536caa1213de4966e
wow il y avait pas mal de rouge sur la page :O
c'est vraiment chouette que tu m'aide :)
Bon j'ai runner combofix, il semble que ce qui empêchait les mises a jours automatiques de windows a cesser de s'interposer, ou d'être, cependant tu me demandait de poster le rapport, mais il n'y en a pas eu à ce que je sache.
Oui, c'est normal que c'est rouge, c'est des bestioles ;-)
Regarde le rapport Combofix est à la racine de ton DD principal : C:\Combofix.txt
Regarde le rapport Combofix est à la racine de ton DD principal : C:\Combofix.txt
bon le rapport est la
ComboFix 08-07-05.1 - Will 2008-07-07 10:12:55.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.244 [GMT -4:00]
Endroit: C:\Documents and Settings\Will\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\darqleay.ini
C:\WINDOWS\system32\ecokok.dll
C:\WINDOWS\system32\ljdalvrt.dll
C:\WINDOWS\system32\ljJBrOFX.dll
C:\WINDOWS\system32\lsmuectj.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\msssc.dll
C:\WINDOWS\system32\nyvyqftr.ini
C:\WINDOWS\system32\oriytrwx.ini
C:\WINDOWS\system32\rtfqyvyn.dll
C:\WINDOWS\system32\wirjdh.dll
C:\WINDOWS\system32\XFOrBJjl.ini
C:\WINDOWS\system32\XFOrBJjl.ini2
C:\WINDOWS\system32\xkqgskre.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-07 to 2008-07-07 ))))))))))))))))))))))))))))))))))))
.
2008-07-06 19:23 . 2008-06-02 07:37 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-07-06 19:23 . 2008-06-02 07:37 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-07-06 19:23 . 2008-06-02 12:49 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-07-06 19:23 . 2008-06-02 07:37 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-07-06 19:23 . 2008-06-02 07:37 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-07-06 19:23 . 2008-06-02 07:37 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-07-06 19:23 . 2008-06-02 07:37 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-07-06 19:23 . 2008-07-06 19:23 <REP> d-------- C:\Documents and Settings\Administrateur
2008-07-06 18:59 . 2008-07-06 18:59 <REP> d-------- C:\VundoFix Backups
2008-07-04 16:14 . 2008-07-04 16:14 <REP> d-------- C:\Program Files\Lavasoft
2008-07-04 16:14 . 2008-07-04 16:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-03 14:31 . 2008-07-03 14:31 33,792 --a------ C:\WINDOWS\system32\fccbBTjI.dll.vir
2008-07-02 16:49 . 2008-07-02 16:49 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2008-07-02 16:49 . 2008-07-02 16:56 35,342 --a------ C:\WINDOWS\DIIUnin.dat
2008-07-02 16:49 . 2008-07-02 16:49 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-06-22 16:06 . 2008-06-23 13:05 <REP> d-------- C:\Program Files\World of Warcraft Trial
2008-06-22 16:06 . 2008-06-22 16:06 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
2008-06-22 12:36 . 2008-06-22 12:36 <REP> d-------- C:\Program Files\Ventrilo
2008-06-22 12:36 . 2008-06-22 12:37 <REP> d-------- C:\Documents and Settings\Will\Application Data\Ventrilo
2008-06-22 12:35 . 2008-07-04 16:14 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-06-17 14:04 . 2008-06-17 14:04 <REP> d-------- C:\Documents and Settings\Will\Application Data\Apple Computer
2008-06-16 20:16 . <REP> C:\Documents and Settings\s?ai?e
2008-06-16 20:15 . 2008-06-16 20:15 <REP> d-------- C:\Program Files\iTunes
2008-06-16 20:15 . 2008-06-16 20:15 <REP> d-------- C:\Program Files\iPod
2008-06-16 20:14 . 2008-06-16 20:14 <REP> d-------- C:\Program Files\QuickTime
2008-06-16 20:14 . 2008-06-16 20:14 <REP> d-------- C:\Program Files\Bonjour
2008-06-16 20:14 . 2008-06-16 20:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-16 20:13 . 2008-06-16 20:13 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-06-16 20:13 . 2008-06-16 20:13 <REP> d-------- C:\Program Files\Apple Software Update
2008-06-16 20:13 . 2008-06-16 20:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-16 20:13 . 2008-02-18 11:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-06-16 14:10 . 2008-06-16 14:11 <REP> d-------- C:\Documents and Settings\Will\Application Data\gtk-2.0
2008-06-16 14:09 . 2008-06-16 14:09 <REP> d-------- C:\Documents and Settings\Will\.thumbnails
2008-06-16 14:08 . 2008-06-16 14:08 <REP> d-------- C:\Program Files\GIMP-2.0
2008-06-16 14:08 . 2008-06-16 14:14 <REP> d-------- C:\Documents and Settings\Will\.gimp-2.4
2008-06-16 11:32 . 2008-06-16 11:32 <REP> d-------- C:\Program Files\Robster Productions
2008-06-16 11:29 . 2008-06-16 11:30 <REP> d-------- C:\mydecal
2008-06-16 11:28 . 2008-06-16 11:29 <REP> d-------- C:\My halflife HLC color logo
2008-06-16 11:24 . 2008-06-16 11:24 <REP> d-------- C:\HLC 2.3
2008-06-11 10:42 . 2008-06-14 13:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 18:51 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-06-10 18:50 . 2008-06-10 18:50 <REP> d-------- C:\Program Files\Windows Live Toolbar
2008-06-10 18:50 . 2008-06-10 18:50 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-06-10 18:50 . 2008-06-10 18:50 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-06-09 17:41 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-06-09 10:55 . 2004-08-19 16:09 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-09 10:55 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-09 10:55 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-09 10:55 . 2001-08-23 17:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-08 20:21 . 2008-06-08 20:21 <REP> d-------- C:\Program Files\Exit hope
2008-06-08 20:21 . 2008-07-04 17:34 <REP> d-------- C:\Program Files\Circle Developement
2008-06-08 16:46 . 2008-06-08 16:46 <REP> d-------- C:\Program Files\Valve
2008-06-07 12:11 . 2008-06-07 12:11 <REP> d-------- C:\WINDOWS\Sun
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-07 04:21 --------- d-----w C:\Program Files\Warcraft III
2008-07-07 02:15 --------- d-----w C:\Documents and Settings\Will\Application Data\LimeWire
2008-07-07 00:21 --------- d-----w C:\Program Files\Diablo II
2008-07-03 23:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-07-02 22:46 --------- d-----w C:\Program Files\Starcraft
2008-07-02 20:55 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-07-02 20:55 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-07-02 20:55 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-06-19 14:48 --------- d-----w C:\Program Files\LimeWire
2008-06-17 20:20 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-15 05:34 --------- d-----w C:\Program Files\Windows Live
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 22:49 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-06-10 22:47 --------- d-----w C:\Program Files\MSN Messenger
2008-06-10 22:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-09 00:21 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-06 01:40 --------- d-----w C:\Documents and Settings\Will\Application Data\MSN6
2008-06-06 01:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2008-06-03 16:12 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-06-03 16:12 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-06-03 15:05 --------- d-----w C:\Program Files\Java
2008-06-03 15:04 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-06-02 19:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-06-02 19:12 70,656 ----a-w C:\WINDOWS\ScUnin.exe
2008-06-02 19:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-02 19:07 --------- d-----w C:\Program Files\EA GAMES
2008-06-02 19:06 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-06-02 17:53 --------- d-----w C:\Program Files\Avira
2008-06-02 17:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-06-02 17:33 --------- d-----w C:\Program Files\ATI Technologies
2008-06-02 17:31 --------- d-----w C:\Program Files\SiSLan
2008-06-02 17:30 --------- d-----w C:\Program Files\Analog Devices
2008-06-02 16:56 558,142 ----a-w C:\WINDOWS\java\Packages\Z5F3VVPV.ZIP
2008-06-02 16:56 155,995 ----a-w C:\WINDOWS\java\Packages\FT3VZPJZ.ZIP
2008-06-02 16:56 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-02 16:54 --------- d-----w C:\Program Files\Services en ligne
2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="C:\Program Files\Valve\Steam\Steam.exe" [2008-06-08 16:53 1271032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 06:15 106496]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\chester57\\counter-strike\\hl.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\chester57\\condition zero\\hl.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\chester57\\day of defeat\\hl.exe"=
R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\DRIVERS\avgntmgr.sys [2008-01-21 18:11]
R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2008-01-21 18:12]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-07-04 20:58:23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-07 03:48:07 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
ah oui heh, quand je démarre mon ordinateur. je reçois le message: Erreur de chargement de c:/WINDOWS/system32/rtfqyvyn.dll LE module spécifié est introuvable.
c'est due a combofix?..
ComboFix 08-07-05.1 - Will 2008-07-07 10:12:55.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.244 [GMT -4:00]
Endroit: C:\Documents and Settings\Will\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\darqleay.ini
C:\WINDOWS\system32\ecokok.dll
C:\WINDOWS\system32\ljdalvrt.dll
C:\WINDOWS\system32\ljJBrOFX.dll
C:\WINDOWS\system32\lsmuectj.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\msssc.dll
C:\WINDOWS\system32\nyvyqftr.ini
C:\WINDOWS\system32\oriytrwx.ini
C:\WINDOWS\system32\rtfqyvyn.dll
C:\WINDOWS\system32\wirjdh.dll
C:\WINDOWS\system32\XFOrBJjl.ini
C:\WINDOWS\system32\XFOrBJjl.ini2
C:\WINDOWS\system32\xkqgskre.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-07 to 2008-07-07 ))))))))))))))))))))))))))))))))))))
.
2008-07-06 19:23 . 2008-06-02 07:37 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-07-06 19:23 . 2008-06-02 07:37 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-07-06 19:23 . 2008-06-02 12:49 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-07-06 19:23 . 2008-06-02 07:37 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-07-06 19:23 . 2008-06-02 07:37 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-07-06 19:23 . 2008-06-02 07:37 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-07-06 19:23 . 2008-06-02 07:37 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-07-06 19:23 . 2008-07-06 19:23 <REP> d-------- C:\Documents and Settings\Administrateur
2008-07-06 18:59 . 2008-07-06 18:59 <REP> d-------- C:\VundoFix Backups
2008-07-04 16:14 . 2008-07-04 16:14 <REP> d-------- C:\Program Files\Lavasoft
2008-07-04 16:14 . 2008-07-04 16:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-03 14:31 . 2008-07-03 14:31 33,792 --a------ C:\WINDOWS\system32\fccbBTjI.dll.vir
2008-07-02 16:49 . 2008-07-02 16:49 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2008-07-02 16:49 . 2008-07-02 16:56 35,342 --a------ C:\WINDOWS\DIIUnin.dat
2008-07-02 16:49 . 2008-07-02 16:49 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-06-22 16:06 . 2008-06-23 13:05 <REP> d-------- C:\Program Files\World of Warcraft Trial
2008-06-22 16:06 . 2008-06-22 16:06 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
2008-06-22 12:36 . 2008-06-22 12:36 <REP> d-------- C:\Program Files\Ventrilo
2008-06-22 12:36 . 2008-06-22 12:37 <REP> d-------- C:\Documents and Settings\Will\Application Data\Ventrilo
2008-06-22 12:35 . 2008-07-04 16:14 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-06-17 14:04 . 2008-06-17 14:04 <REP> d-------- C:\Documents and Settings\Will\Application Data\Apple Computer
2008-06-16 20:16 . <REP> C:\Documents and Settings\s?ai?e
2008-06-16 20:15 . 2008-06-16 20:15 <REP> d-------- C:\Program Files\iTunes
2008-06-16 20:15 . 2008-06-16 20:15 <REP> d-------- C:\Program Files\iPod
2008-06-16 20:14 . 2008-06-16 20:14 <REP> d-------- C:\Program Files\QuickTime
2008-06-16 20:14 . 2008-06-16 20:14 <REP> d-------- C:\Program Files\Bonjour
2008-06-16 20:14 . 2008-06-16 20:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-16 20:13 . 2008-06-16 20:13 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-06-16 20:13 . 2008-06-16 20:13 <REP> d-------- C:\Program Files\Apple Software Update
2008-06-16 20:13 . 2008-06-16 20:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-16 20:13 . 2008-02-18 11:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-06-16 14:10 . 2008-06-16 14:11 <REP> d-------- C:\Documents and Settings\Will\Application Data\gtk-2.0
2008-06-16 14:09 . 2008-06-16 14:09 <REP> d-------- C:\Documents and Settings\Will\.thumbnails
2008-06-16 14:08 . 2008-06-16 14:08 <REP> d-------- C:\Program Files\GIMP-2.0
2008-06-16 14:08 . 2008-06-16 14:14 <REP> d-------- C:\Documents and Settings\Will\.gimp-2.4
2008-06-16 11:32 . 2008-06-16 11:32 <REP> d-------- C:\Program Files\Robster Productions
2008-06-16 11:29 . 2008-06-16 11:30 <REP> d-------- C:\mydecal
2008-06-16 11:28 . 2008-06-16 11:29 <REP> d-------- C:\My halflife HLC color logo
2008-06-16 11:24 . 2008-06-16 11:24 <REP> d-------- C:\HLC 2.3
2008-06-11 10:42 . 2008-06-14 13:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 18:51 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-06-10 18:50 . 2008-06-10 18:50 <REP> d-------- C:\Program Files\Windows Live Toolbar
2008-06-10 18:50 . 2008-06-10 18:50 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-06-10 18:50 . 2008-06-10 18:50 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-06-09 17:41 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-06-09 10:55 . 2004-08-19 16:09 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-09 10:55 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-09 10:55 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-09 10:55 . 2001-08-23 17:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-08 20:21 . 2008-06-08 20:21 <REP> d-------- C:\Program Files\Exit hope
2008-06-08 20:21 . 2008-07-04 17:34 <REP> d-------- C:\Program Files\Circle Developement
2008-06-08 16:46 . 2008-06-08 16:46 <REP> d-------- C:\Program Files\Valve
2008-06-07 12:11 . 2008-06-07 12:11 <REP> d-------- C:\WINDOWS\Sun
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-07 04:21 --------- d-----w C:\Program Files\Warcraft III
2008-07-07 02:15 --------- d-----w C:\Documents and Settings\Will\Application Data\LimeWire
2008-07-07 00:21 --------- d-----w C:\Program Files\Diablo II
2008-07-03 23:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-07-02 22:46 --------- d-----w C:\Program Files\Starcraft
2008-07-02 20:55 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-07-02 20:55 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-07-02 20:55 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-06-19 14:48 --------- d-----w C:\Program Files\LimeWire
2008-06-17 20:20 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-15 05:34 --------- d-----w C:\Program Files\Windows Live
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 22:49 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-06-10 22:47 --------- d-----w C:\Program Files\MSN Messenger
2008-06-10 22:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-09 00:21 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-06 01:40 --------- d-----w C:\Documents and Settings\Will\Application Data\MSN6
2008-06-06 01:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2008-06-03 16:12 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-06-03 16:12 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-06-03 15:05 --------- d-----w C:\Program Files\Java
2008-06-03 15:04 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-06-02 19:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-06-02 19:12 70,656 ----a-w C:\WINDOWS\ScUnin.exe
2008-06-02 19:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-02 19:07 --------- d-----w C:\Program Files\EA GAMES
2008-06-02 19:06 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-06-02 17:53 --------- d-----w C:\Program Files\Avira
2008-06-02 17:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-06-02 17:33 --------- d-----w C:\Program Files\ATI Technologies
2008-06-02 17:31 --------- d-----w C:\Program Files\SiSLan
2008-06-02 17:30 --------- d-----w C:\Program Files\Analog Devices
2008-06-02 16:56 558,142 ----a-w C:\WINDOWS\java\Packages\Z5F3VVPV.ZIP
2008-06-02 16:56 155,995 ----a-w C:\WINDOWS\java\Packages\FT3VZPJZ.ZIP
2008-06-02 16:56 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-02 16:54 --------- d-----w C:\Program Files\Services en ligne
2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="C:\Program Files\Valve\Steam\Steam.exe" [2008-06-08 16:53 1271032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 06:15 106496]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\chester57\\counter-strike\\hl.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\chester57\\condition zero\\hl.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\chester57\\day of defeat\\hl.exe"=
R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\DRIVERS\avgntmgr.sys [2008-01-21 18:11]
R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2008-01-21 18:12]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-07-04 20:58:23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-07 03:48:07 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
ah oui heh, quand je démarre mon ordinateur. je reçois le message: Erreur de chargement de c:/WINDOWS/system32/rtfqyvyn.dll LE module spécifié est introuvable.
c'est due a combofix?..
Tu peux jeter Combofix.
Supprime ces fichiers/dossier
C:\WINDOWS\system32\fccbBTjI.dll.vir
C:\WINDOWS\java\Packages\FT3VZPJZ.ZIP
C:\WINDOWS\java\Packages\Z5F3VVPV.ZIP
C:\VundoFix Backups
"ah oui heh, quand je démarre mon ordinateur. je reçois le message: Erreur de chargement de c:/WINDOWS/system32/rtfqyvyn.dll LE module spécifié est introuvable."
Passe un coup de ccleaner ça réglera ton problème.
----> Mets à jour ton Windows.
Supprime ces fichiers/dossier
C:\WINDOWS\system32\fccbBTjI.dll.vir
C:\WINDOWS\java\Packages\FT3VZPJZ.ZIP
C:\WINDOWS\java\Packages\Z5F3VVPV.ZIP
C:\VundoFix Backups
"ah oui heh, quand je démarre mon ordinateur. je reçois le message: Erreur de chargement de c:/WINDOWS/system32/rtfqyvyn.dll LE module spécifié est introuvable."
Passe un coup de ccleaner ça réglera ton problème.
----> Mets à jour ton Windows.
j'ai suivi les dernieres instructions mais j'ai toujours l'erreur du dll manquant, que faire?, qu'est-ce que ce fichier fais de toutes façons?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:50, on 2008-07-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Will\Bureau\fixes\omgsuxor.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [8ccbda41] rundll32.exe "C:\WINDOWS\system32\rtfqyvyn.dll",b
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Scan saved at 15:50, on 2008-07-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Will\Bureau\fixes\omgsuxor.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [8ccbda41] rundll32.exe "C:\WINDOWS\system32\rtfqyvyn.dll",b
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
