Impossible d'acceder aux boites mails
mido.mind
Messages postés
4
Statut
Membre
-
jacques.gache Messages postés 34829 Statut Contributeur sécurité -
jacques.gache Messages postés 34829 Statut Contributeur sécurité -
Bonjour,
Je pense être attacker par un Trojan, voila mon problème comment il se présente : j'arrive plus a accéder a mes boites mail : yahoo, hotmail, facebook, gmail,... et le pire, c'est que quand je tape une recherche sur google ça donne rien (les résultats ne s'affichent pas), j'attends longtemps mais rien de s'affiche.
j'ai fais un nettoyage avec Ccleaner, j'ai fais tourner avast et après j'ai fais un scan a l'aide de hijackthis, voici le rapport
j'espère vous pourriez m'aider parce que j'ai pas envie de formater mon PC et recommencer a nouveau.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:17 PM, on 8/17/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\saloua\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.aol.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.aol.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\saloua\AppData\Local\Temp\fcccyWpq.dll,c
O4 - HKCU\..\Run: [02dd3505] rundll32.exe "C:\Users\saloua\AppData\Local\Temp\gvmqytab.dll",b
O4 - HKCU\..\Run: [BM01ee0699] Rundll32.exe "C:\Users\saloua\AppData\Local\Temp\qycjdfir.dll",s
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Vongo Tray.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUplden-us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Je pense être attacker par un Trojan, voila mon problème comment il se présente : j'arrive plus a accéder a mes boites mail : yahoo, hotmail, facebook, gmail,... et le pire, c'est que quand je tape une recherche sur google ça donne rien (les résultats ne s'affichent pas), j'attends longtemps mais rien de s'affiche.
j'ai fais un nettoyage avec Ccleaner, j'ai fais tourner avast et après j'ai fais un scan a l'aide de hijackthis, voici le rapport
j'espère vous pourriez m'aider parce que j'ai pas envie de formater mon PC et recommencer a nouveau.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:17 PM, on 8/17/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\saloua\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.aol.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.aol.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\saloua\AppData\Local\Temp\fcccyWpq.dll,c
O4 - HKCU\..\Run: [02dd3505] rundll32.exe "C:\Users\saloua\AppData\Local\Temp\gvmqytab.dll",b
O4 - HKCU\..\Run: [BM01ee0699] Rundll32.exe "C:\Users\saloua\AppData\Local\Temp\qycjdfir.dll",s
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Vongo Tray.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUplden-us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
A voir également:
- Impossible d'acceder aux boites mails
- Comment acceder au presse papier - Guide
- Accéder aux options de démarrage avancées de windows 10 - Guide
- Acceder messagerie hotmail - Guide
- Comment accéder au trousseau icloud - Guide
- Feuille blanche boîte aux lettres - Guide
7 réponses
bonjour, déja tu as deux anti-virus avast et norton si tu n'utilises plus norton désinstalles le convenablement avec l'outil de chez symantec http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924
et puis tu désinstalleras ton hijackthis car pas installé dans les normes tu passeras combofix tu posteras le rapport suivi d'un nouveau hijackthis réinstallé merci
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
======================================================================
postes un rapport hijackthis
HijackThis est un outil développé par merijn, capable de détecter les composants ajoutés à votre navigateur, les programmes lancés au démarrage du système, etc. Le programme vous permet de consulter tous les éléments et éventuellement de les retirer de l'ordinateur. HijackThis est, par exemple, en mesure de forcer le changement de la page d'accueil. Cette fonction est particulièrement utile lorsque votre navigateur ne vous permet plus de modifier la page d'accueil car un site se l'est appropriée ! Le logiciel peut également enregistrer des paramètres par défaut et ignorer certains éléments définis.
télécharge Hijackthis : http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis
.cliques sur download
.cliques sur download Hijackthis installer
.enregistres le sur le bureau
.Tu fermes tout les programmes ouverts y compris le navigateur. sauf ton anti-virus et pare-feux
.installes le , il va s'installer par défaut dans C:\Program Files\Trend Micro\HijackThis
.Cliques sur "Do a system scan and save the logfile"
.Cela va t'ouvrir un bloc note à la fin du scan.
.Copie son contenu et poste le dans ton prochain message. sinon le rapport est dans C:\Program Files\Trend Micro\HijackThis\ hijackthis "document texte"
des expliquations en images : http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
et puis tu désinstalleras ton hijackthis car pas installé dans les normes tu passeras combofix tu posteras le rapport suivi d'un nouveau hijackthis réinstallé merci
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
======================================================================
postes un rapport hijackthis
HijackThis est un outil développé par merijn, capable de détecter les composants ajoutés à votre navigateur, les programmes lancés au démarrage du système, etc. Le programme vous permet de consulter tous les éléments et éventuellement de les retirer de l'ordinateur. HijackThis est, par exemple, en mesure de forcer le changement de la page d'accueil. Cette fonction est particulièrement utile lorsque votre navigateur ne vous permet plus de modifier la page d'accueil car un site se l'est appropriée ! Le logiciel peut également enregistrer des paramètres par défaut et ignorer certains éléments définis.
télécharge Hijackthis : http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis
.cliques sur download
.cliques sur download Hijackthis installer
.enregistres le sur le bureau
.Tu fermes tout les programmes ouverts y compris le navigateur. sauf ton anti-virus et pare-feux
.installes le , il va s'installer par défaut dans C:\Program Files\Trend Micro\HijackThis
.Cliques sur "Do a system scan and save the logfile"
.Cela va t'ouvrir un bloc note à la fin du scan.
.Copie son contenu et poste le dans ton prochain message. sinon le rapport est dans C:\Program Files\Trend Micro\HijackThis\ hijackthis "document texte"
des expliquations en images : http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
merci chef, voici le nouveau rapport,
d'avance merci
ComboFix 08-08-16.01 - saloua 2008-08-17 16:23:57.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.343 [GMT 2:00]
Running from: C:\Users\saloua\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\saloua\AppData\Local\Temp\gvmqytab.dll
C:\Users\saloua\AppData\Local\Temp\qycjdfir.dll
C:\Users\saloua\AppData\Roaming\Microsoft\SystemCertificates\My
C:\Users\saloua\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\24781603FD5395D1D6338D0DC000CD9038FB1E0A
C:\Users\saloua\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\19F5C4536782E42DE6F6B5ADA6163983462EE4BE
.
((((((((((((((((((((((((( Files Created from 2008-07-17 to 2008-08-17 )))))))))))))))))))))))))))))))
.
2008-08-17 16:29 . 2008-08-17 16:31 230,377,562 --a------ C:\Windows\MEMORY.DMP
2008-08-16 16:36 . 2008-07-19 16:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-08-16 14:10 . 2008-07-16 01:48 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-16 14:10 . 2008-08-16 14:10 118 --a------ C:\Windows\System32\MRT.INI
2008-08-15 13:05 . 2008-08-15 13:30 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-08-15 13:05 . 2008-08-15 13:30 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-08-15 13:05 . 2008-08-15 13:05 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-15 12:10 . 2008-08-17 15:58 452 --a------ C:\Windows\mgutil_reg.ini
2008-08-15 12:08 . 2008-08-17 15:55 <DIR> d-------- C:\Program Files\Mgutil
2008-08-15 12:08 . 2008-08-17 15:55 72 --a------ C:\Windows\mgutil_win.ini
2008-08-15 11:46 . 2008-08-15 11:46 <DIR> d-------- C:\Users\Public\Vongo
2008-08-15 11:46 . 2008-08-15 11:46 <DIR> d-------- C:\Users\Public\StarzEntertainment
2008-08-15 11:31 . 2008-06-19 05:25 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-15 11:31 . 2008-06-19 05:25 272,896 --a------ C:\Windows\System32\polstore.dll
2008-08-15 11:31 . 2008-06-19 05:25 61,440 --a------ C:\Windows\System32\winipsec.dll
2008-08-15 11:31 . 2008-06-19 05:25 28,672 --a------ C:\Windows\System32\FwRemoteSvr.dll
2008-08-15 11:30 . 2008-04-19 10:13 268,800 --a------ C:\Windows\System32\es.dll
2008-08-15 11:27 . 2008-04-10 07:01 737,792 --a------ C:\Windows\System32\inetcomm.dll
2008-08-15 11:27 . 2008-04-10 04:43 84,480 --a------ C:\Windows\System32\INETRES.dll
2008-08-14 23:05 . 2008-08-14 23:06 <DIR> d-------- C:\Program Files\Crawler
2008-08-14 23:04 . 2008-08-14 23:13 <DIR> d-------- C:\Users\saloua\AppData\Roaming\Spyware Terminator
2008-08-14 23:04 . 2008-08-14 23:08 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-08-12 21:51 . 2008-08-12 21:51 <DIR> d-------- C:\Program Files\Alwil Software
2008-08-11 20:56 . 2008-08-11 20:56 <DIR> d-------- C:\Users\saloua\AppData\Roaming\PeerNetworking
2008-08-10 12:39 . 2008-08-10 12:39 <DIR> d-------- C:\Users\saloua\AppData\Roaming\dvdcss
2008-08-05 22:21 . 2008-08-05 22:21 <DIR> d-------- C:\Program Files\Pinnacle
2008-08-05 22:18 . 2008-08-05 22:18 <DIR> d-------- C:\Users\All Users\Pinnacle
2008-08-05 22:18 . 2008-08-05 22:18 <DIR> d-------- C:\ProgramData\Pinnacle
2008-08-04 19:55 . 2008-08-04 19:55 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
2008-08-02 09:43 . 2008-08-02 09:53 <DIR> d--hs---- C:\Users\saloua\!
2008-08-02 09:43 . 2008-08-02 09:43 528 --a------ C:\Users\saloua\586.bat
2008-08-02 00:07 . 2008-08-02 00:07 <DIR> d-------- C:\Users\All Users\LightScribe
2008-08-02 00:07 . 2008-08-02 00:07 <DIR> d-------- C:\ProgramData\LightScribe
2008-07-30 11:00 . 2008-07-30 11:00 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-07-29 10:39 . 2008-07-29 10:39 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-07-28 23:02 . 2008-07-28 23:02 382 --a------ C:\Windows\ODBC.INI
2008-07-28 23:01 . 2008-08-01 21:05 39 --a------ C:\Windows\vbaddin.ini
2008-07-27 20:28 . 2008-07-27 20:28 <DIR> d-------- C:\Users\saloua\AppData\Roaming\Apple Computer
2008-07-27 20:26 . 2008-07-27 20:27 54,156 --ah----- C:\Windows\QTFont.qfn
2008-07-27 20:26 . 2008-07-27 20:27 1,409 --a------ C:\Windows\QTFont.for
2008-07-27 20:25 . 2008-07-27 20:27 <DIR> d-------- C:\Program Files\QuickTime
2008-07-27 20:23 . 2008-07-27 20:23 <DIR> d-------- C:\Program Files\iTunes
2008-07-27 20:23 . 2008-07-27 20:23 <DIR> d-------- C:\Program Files\iPod
2008-07-27 20:22 . 2008-07-27 20:23 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-07-27 20:22 . 2008-07-27 20:23 <DIR> d-------- C:\ProgramData\Apple Computer
2008-07-23 19:59 . 2008-04-23 06:27 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-07-23 19:59 . 2008-04-23 06:27 428,032 --a------ C:\Windows\System32\EncDec.dll
2008-07-23 19:59 . 2008-04-23 06:27 292,352 --a------ C:\Windows\System32\psisdecd.dll
2008-07-23 19:59 . 2008-04-23 06:26 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-07-23 19:59 . 2008-04-23 06:26 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-07-23 19:59 . 2008-04-23 06:26 68,608 --a------ C:\Windows\System32\Mpeg2Data.ax
2008-07-23 19:59 . 2008-04-23 06:26 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-07-23 19:57 . 2008-06-26 02:33 11,722,752 --a------ C:\Windows\System32\NlsLexicons0001.dll
2008-07-20 22:37 . 2008-07-28 21:06 <DIR> d-------- C:\Users\saloua\AppData\Roaming\skypePM
2008-07-20 22:37 . 2008-07-20 22:37 48 --ah----- C:\Users\All Users\ezsidmv.dat
2008-07-20 22:37 . 2008-07-20 22:37 48 --ah----- C:\ProgramData\ezsidmv.dat
2008-07-20 22:35 . 2008-08-15 11:58 <DIR> d-------- C:\Users\saloua\AppData\Roaming\Skype
2008-07-20 22:34 . 2008-07-20 22:35 <DIR> d-------- C:\Users\All Users\Google
2008-07-20 22:34 . 2008-08-15 10:56 <DIR> d-------- C:\Program Files\Google
2008-07-20 22:33 . 2008-07-20 22:33 <DIR> d-------- C:\Program Files\Skype
2008-07-20 22:33 . 2008-08-15 10:56 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-07-20 22:32 . 2008-07-20 22:33 <DIR> d-------- C:\Users\All Users\Skype
2008-07-20 22:32 . 2008-07-20 22:33 <DIR> d-------- C:\ProgramData\Skype
2008-07-20 19:09 . 2008-07-20 19:09 <DIR> d-------- C:\Program Files\Gabest
2008-07-20 01:14 . 2008-07-20 01:14 <DIR> d-------- C:\Users\saloua\AppData\Roaming\vlc
2008-07-20 00:45 . 2008-08-16 14:43 <DIR> d-------- C:\Users\saloua\AppData\Roaming\LimeWire
2008-07-20 00:44 . 2008-07-20 00:44 <DIR> d-------- C:\Program Files\LimeWire
2008-07-20 00:27 . 2008-07-20 00:27 <DIR> d-------- C:\Program Files\VideoLAN
2008-07-18 20:54 . 2008-07-18 20:54 <DIR> d-------- C:\Program Files\BitLord
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-17 13:51 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-16 14:42 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-16 12:30 27,430 ----a-w C:\Users\saloua\AppData\Roaming\nvModes.dat
2008-08-16 12:15 --------- d-----w C:\Program Files\Windows Mail
2008-08-15 10:13 --------- d-----w C:\Program Files\Microsoft Works
2008-08-15 09:46 --------- d-----w C:\Program Files\Vongo
2008-08-15 08:56 --------- d-----w C:\Program Files\DivX
2008-08-15 08:56 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-08-05 21:08 --------- d-----w C:\ProgramData\CyberLink
2008-08-05 20:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-02 07:40 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-08-02 07:40 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-07-30 09:00 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-15 20:14 174 --sha-w C:\Program Files\desktop.ini
2008-07-14 20:29 --------- d-----w C:\Program Files\MSBuild
2008-07-14 20:03 --------- d-----w C:\Program Files\Microsoft.NET
2008-07-14 19:59 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-06-12 06:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-12 06:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-12 01:21 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-13 09:12 22 --sha-w C:\Windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-08 11:23 1232896]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 22:26 484904]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-20 22:34 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-07-08 19:11 159744]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-06-19 23:21 86016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-06-19 23:21 81920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 21:34 5724184]
C:\Users\saloua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-18 20:46:56 147456]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Vongo Tray.lnk - C:\Windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [2007-07-25 14:43:34 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"HPAdvisor"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
"ehTray.exe"=C:\Windows\ehome\ehTray.exe
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
"MSServer"=rundll32.exe C:\Users\saloua\AppData\Local\Temp\nnnoMGXR.dll,#1
"Host Process"=C:\Users\saloua\svchost.exe
"cmds"=rundll32.exe C:\Users\saloua\AppData\Local\Temp\fcccyWpq.dll,c
"BM01ee0699"=Rundll32.exe "C:\Users\saloua\AppData\Local\Temp\qycjdfir.dll",s
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe"
"OnScreenDisplay"=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
"QlbCtrl"=%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"WAWifiMessage"=%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
"LifeChat"="C:\Program Files\Microsoft LifeChat\LifeChat.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"NvCplDaemon"=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy]
"<NO NAME>"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"<NO NAME>"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications]
"<NO NAME>"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"<NO NAME>"=
"C:\\Program Files\\Vongo\\VongoService.exe"= C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{27AB2FCC-ECCE-4EDB-A911-6EB057F565D4}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{F2C27B35-909D-4904-80C7-52AD20DF8B5E}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{8470189F-6F70-42D9-8ACD-BC6AE5B4E95F}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4BD43095-B682-4288-8CDC-3D67CBEB816D}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{54051A4B-5A08-42B6-AC17-D8245F94F131}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E946F12E-C43A-488A-B21E-613CF6F903DF}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{1EDD8845-D07C-4514-9FA3-884F8B771BFE}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{7AD59B55-E581-425C-AC65-4BB58662909B}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{8E8099DC-46B5-4456-9A94-71E629171726}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{68315C20-3D4C-49A1-8FDA-1E4056398054}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{2DEA0D3F-4D0E-43D1-AE32-605BBE7DB313}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{290E9F4E-CE2C-479D-98DC-02C2D8FC9323}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{7F0D609D-C666-4D83-84E8-F7AACCA9A003}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{5CDBBC55-7EC6-42EE-840C-58B2596F02C9}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{20FC157C-074F-4D0A-827D-4A05FA466154}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{59C9DFFE-D1EB-4381-A582-F7989C5F4A36}C:\\program files\\bitlord\\bitlord.exe"= UDP:C:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{A8179A93-82FE-4133-A6E8-C37EC87AEDC2}C:\\program files\\bitlord\\bitlord.exe"= TCP:C:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{DD875DF0-FE32-42F5-ABDF-BB51FD061859}C:\\users\\saloua\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= UDP:C:\users\saloua\appdata\local\temp\wzse0.tmp\symnrt.exe:Symantec Removal Utility
"UDP Query User{B1F3580A-7EA7-4B05-B4D0-5918874750BF}C:\\users\\saloua\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= TCP:C:\users\saloua\appdata\local\temp\wzse0.tmp\symnrt.exe:Symantec Removal Utility
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 16:36]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 17:32]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c7d56b0-55ba-11dd-97a3-0016d3fe2f70}]
\shell\AutoRun\command - ie.exe
\shell\explore\Command - ie.exe
\shell\open\Command - ie.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82d4e20c-4a8c-11dd-bb39-001a73d7e915}]
\shell\AutoRun\command - ie.exe
\shell\explore\Command - ie.exe
\shell\open\Command - ie.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c476933b-4b47-11dd-adeb-001a73d7e915}]
\shell\AutoRun\command - RavMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2007-12-20 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 21:20]
2008-07-28 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - saloua.job
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe []
2008-08-17 C:\Windows\Tasks\User_Feed_Synchronization-{D9807798-D0FE-41B9-BC6A-4CC5D535312A}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\saloua\AppData\Roaming\Mozilla\Firefox\Profiles\omk786jw.default\
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-17 16:31:23
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Vongo\VongoService.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-08-17 16:39:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-17 14:38:55
Pre-Run: 52,645,150,720 bytes free
Post-Run: 52,309,356,544 bytes free
274 --- E O F --- 2008-08-16 14:43:04
d'avance merci
ComboFix 08-08-16.01 - saloua 2008-08-17 16:23:57.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.343 [GMT 2:00]
Running from: C:\Users\saloua\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\saloua\AppData\Local\Temp\gvmqytab.dll
C:\Users\saloua\AppData\Local\Temp\qycjdfir.dll
C:\Users\saloua\AppData\Roaming\Microsoft\SystemCertificates\My
C:\Users\saloua\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\24781603FD5395D1D6338D0DC000CD9038FB1E0A
C:\Users\saloua\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\19F5C4536782E42DE6F6B5ADA6163983462EE4BE
.
((((((((((((((((((((((((( Files Created from 2008-07-17 to 2008-08-17 )))))))))))))))))))))))))))))))
.
2008-08-17 16:29 . 2008-08-17 16:31 230,377,562 --a------ C:\Windows\MEMORY.DMP
2008-08-16 16:36 . 2008-07-19 16:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-08-16 14:10 . 2008-07-16 01:48 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-16 14:10 . 2008-08-16 14:10 118 --a------ C:\Windows\System32\MRT.INI
2008-08-15 13:05 . 2008-08-15 13:30 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-08-15 13:05 . 2008-08-15 13:30 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-08-15 13:05 . 2008-08-15 13:05 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-15 12:10 . 2008-08-17 15:58 452 --a------ C:\Windows\mgutil_reg.ini
2008-08-15 12:08 . 2008-08-17 15:55 <DIR> d-------- C:\Program Files\Mgutil
2008-08-15 12:08 . 2008-08-17 15:55 72 --a------ C:\Windows\mgutil_win.ini
2008-08-15 11:46 . 2008-08-15 11:46 <DIR> d-------- C:\Users\Public\Vongo
2008-08-15 11:46 . 2008-08-15 11:46 <DIR> d-------- C:\Users\Public\StarzEntertainment
2008-08-15 11:31 . 2008-06-19 05:25 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-15 11:31 . 2008-06-19 05:25 272,896 --a------ C:\Windows\System32\polstore.dll
2008-08-15 11:31 . 2008-06-19 05:25 61,440 --a------ C:\Windows\System32\winipsec.dll
2008-08-15 11:31 . 2008-06-19 05:25 28,672 --a------ C:\Windows\System32\FwRemoteSvr.dll
2008-08-15 11:30 . 2008-04-19 10:13 268,800 --a------ C:\Windows\System32\es.dll
2008-08-15 11:27 . 2008-04-10 07:01 737,792 --a------ C:\Windows\System32\inetcomm.dll
2008-08-15 11:27 . 2008-04-10 04:43 84,480 --a------ C:\Windows\System32\INETRES.dll
2008-08-14 23:05 . 2008-08-14 23:06 <DIR> d-------- C:\Program Files\Crawler
2008-08-14 23:04 . 2008-08-14 23:13 <DIR> d-------- C:\Users\saloua\AppData\Roaming\Spyware Terminator
2008-08-14 23:04 . 2008-08-14 23:08 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-08-12 21:51 . 2008-08-12 21:51 <DIR> d-------- C:\Program Files\Alwil Software
2008-08-11 20:56 . 2008-08-11 20:56 <DIR> d-------- C:\Users\saloua\AppData\Roaming\PeerNetworking
2008-08-10 12:39 . 2008-08-10 12:39 <DIR> d-------- C:\Users\saloua\AppData\Roaming\dvdcss
2008-08-05 22:21 . 2008-08-05 22:21 <DIR> d-------- C:\Program Files\Pinnacle
2008-08-05 22:18 . 2008-08-05 22:18 <DIR> d-------- C:\Users\All Users\Pinnacle
2008-08-05 22:18 . 2008-08-05 22:18 <DIR> d-------- C:\ProgramData\Pinnacle
2008-08-04 19:55 . 2008-08-04 19:55 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
2008-08-02 09:43 . 2008-08-02 09:53 <DIR> d--hs---- C:\Users\saloua\!
2008-08-02 09:43 . 2008-08-02 09:43 528 --a------ C:\Users\saloua\586.bat
2008-08-02 00:07 . 2008-08-02 00:07 <DIR> d-------- C:\Users\All Users\LightScribe
2008-08-02 00:07 . 2008-08-02 00:07 <DIR> d-------- C:\ProgramData\LightScribe
2008-07-30 11:00 . 2008-07-30 11:00 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-07-29 10:39 . 2008-07-29 10:39 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-07-28 23:02 . 2008-07-28 23:02 382 --a------ C:\Windows\ODBC.INI
2008-07-28 23:01 . 2008-08-01 21:05 39 --a------ C:\Windows\vbaddin.ini
2008-07-27 20:28 . 2008-07-27 20:28 <DIR> d-------- C:\Users\saloua\AppData\Roaming\Apple Computer
2008-07-27 20:26 . 2008-07-27 20:27 54,156 --ah----- C:\Windows\QTFont.qfn
2008-07-27 20:26 . 2008-07-27 20:27 1,409 --a------ C:\Windows\QTFont.for
2008-07-27 20:25 . 2008-07-27 20:27 <DIR> d-------- C:\Program Files\QuickTime
2008-07-27 20:23 . 2008-07-27 20:23 <DIR> d-------- C:\Program Files\iTunes
2008-07-27 20:23 . 2008-07-27 20:23 <DIR> d-------- C:\Program Files\iPod
2008-07-27 20:22 . 2008-07-27 20:23 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-07-27 20:22 . 2008-07-27 20:23 <DIR> d-------- C:\ProgramData\Apple Computer
2008-07-23 19:59 . 2008-04-23 06:27 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-07-23 19:59 . 2008-04-23 06:27 428,032 --a------ C:\Windows\System32\EncDec.dll
2008-07-23 19:59 . 2008-04-23 06:27 292,352 --a------ C:\Windows\System32\psisdecd.dll
2008-07-23 19:59 . 2008-04-23 06:26 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-07-23 19:59 . 2008-04-23 06:26 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-07-23 19:59 . 2008-04-23 06:26 68,608 --a------ C:\Windows\System32\Mpeg2Data.ax
2008-07-23 19:59 . 2008-04-23 06:26 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-07-23 19:57 . 2008-06-26 02:33 11,722,752 --a------ C:\Windows\System32\NlsLexicons0001.dll
2008-07-20 22:37 . 2008-07-28 21:06 <DIR> d-------- C:\Users\saloua\AppData\Roaming\skypePM
2008-07-20 22:37 . 2008-07-20 22:37 48 --ah----- C:\Users\All Users\ezsidmv.dat
2008-07-20 22:37 . 2008-07-20 22:37 48 --ah----- C:\ProgramData\ezsidmv.dat
2008-07-20 22:35 . 2008-08-15 11:58 <DIR> d-------- C:\Users\saloua\AppData\Roaming\Skype
2008-07-20 22:34 . 2008-07-20 22:35 <DIR> d-------- C:\Users\All Users\Google
2008-07-20 22:34 . 2008-08-15 10:56 <DIR> d-------- C:\Program Files\Google
2008-07-20 22:33 . 2008-07-20 22:33 <DIR> d-------- C:\Program Files\Skype
2008-07-20 22:33 . 2008-08-15 10:56 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-07-20 22:32 . 2008-07-20 22:33 <DIR> d-------- C:\Users\All Users\Skype
2008-07-20 22:32 . 2008-07-20 22:33 <DIR> d-------- C:\ProgramData\Skype
2008-07-20 19:09 . 2008-07-20 19:09 <DIR> d-------- C:\Program Files\Gabest
2008-07-20 01:14 . 2008-07-20 01:14 <DIR> d-------- C:\Users\saloua\AppData\Roaming\vlc
2008-07-20 00:45 . 2008-08-16 14:43 <DIR> d-------- C:\Users\saloua\AppData\Roaming\LimeWire
2008-07-20 00:44 . 2008-07-20 00:44 <DIR> d-------- C:\Program Files\LimeWire
2008-07-20 00:27 . 2008-07-20 00:27 <DIR> d-------- C:\Program Files\VideoLAN
2008-07-18 20:54 . 2008-07-18 20:54 <DIR> d-------- C:\Program Files\BitLord
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-17 13:51 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-16 14:42 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-16 12:30 27,430 ----a-w C:\Users\saloua\AppData\Roaming\nvModes.dat
2008-08-16 12:15 --------- d-----w C:\Program Files\Windows Mail
2008-08-15 10:13 --------- d-----w C:\Program Files\Microsoft Works
2008-08-15 09:46 --------- d-----w C:\Program Files\Vongo
2008-08-15 08:56 --------- d-----w C:\Program Files\DivX
2008-08-15 08:56 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-08-05 21:08 --------- d-----w C:\ProgramData\CyberLink
2008-08-05 20:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-02 07:40 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-08-02 07:40 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-07-30 09:00 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-15 20:14 174 --sha-w C:\Program Files\desktop.ini
2008-07-14 20:29 --------- d-----w C:\Program Files\MSBuild
2008-07-14 20:03 --------- d-----w C:\Program Files\Microsoft.NET
2008-07-14 19:59 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-06-12 06:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-12 06:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-12 01:21 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-13 09:12 22 --sha-w C:\Windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-08 11:23 1232896]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 22:26 484904]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-20 22:34 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-07-08 19:11 159744]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-06-19 23:21 86016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-06-19 23:21 81920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 21:34 5724184]
C:\Users\saloua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-18 20:46:56 147456]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Vongo Tray.lnk - C:\Windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [2007-07-25 14:43:34 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"HPAdvisor"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
"ehTray.exe"=C:\Windows\ehome\ehTray.exe
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
"MSServer"=rundll32.exe C:\Users\saloua\AppData\Local\Temp\nnnoMGXR.dll,#1
"Host Process"=C:\Users\saloua\svchost.exe
"cmds"=rundll32.exe C:\Users\saloua\AppData\Local\Temp\fcccyWpq.dll,c
"BM01ee0699"=Rundll32.exe "C:\Users\saloua\AppData\Local\Temp\qycjdfir.dll",s
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe"
"OnScreenDisplay"=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
"QlbCtrl"=%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"WAWifiMessage"=%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
"LifeChat"="C:\Program Files\Microsoft LifeChat\LifeChat.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"NvCplDaemon"=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy]
"<NO NAME>"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"<NO NAME>"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications]
"<NO NAME>"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"<NO NAME>"=
"C:\\Program Files\\Vongo\\VongoService.exe"= C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{27AB2FCC-ECCE-4EDB-A911-6EB057F565D4}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{F2C27B35-909D-4904-80C7-52AD20DF8B5E}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{8470189F-6F70-42D9-8ACD-BC6AE5B4E95F}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4BD43095-B682-4288-8CDC-3D67CBEB816D}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{54051A4B-5A08-42B6-AC17-D8245F94F131}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E946F12E-C43A-488A-B21E-613CF6F903DF}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{1EDD8845-D07C-4514-9FA3-884F8B771BFE}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{7AD59B55-E581-425C-AC65-4BB58662909B}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{8E8099DC-46B5-4456-9A94-71E629171726}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{68315C20-3D4C-49A1-8FDA-1E4056398054}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{2DEA0D3F-4D0E-43D1-AE32-605BBE7DB313}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{290E9F4E-CE2C-479D-98DC-02C2D8FC9323}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{7F0D609D-C666-4D83-84E8-F7AACCA9A003}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{5CDBBC55-7EC6-42EE-840C-58B2596F02C9}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{20FC157C-074F-4D0A-827D-4A05FA466154}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{59C9DFFE-D1EB-4381-A582-F7989C5F4A36}C:\\program files\\bitlord\\bitlord.exe"= UDP:C:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{A8179A93-82FE-4133-A6E8-C37EC87AEDC2}C:\\program files\\bitlord\\bitlord.exe"= TCP:C:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{DD875DF0-FE32-42F5-ABDF-BB51FD061859}C:\\users\\saloua\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= UDP:C:\users\saloua\appdata\local\temp\wzse0.tmp\symnrt.exe:Symantec Removal Utility
"UDP Query User{B1F3580A-7EA7-4B05-B4D0-5918874750BF}C:\\users\\saloua\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= TCP:C:\users\saloua\appdata\local\temp\wzse0.tmp\symnrt.exe:Symantec Removal Utility
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 16:36]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 17:32]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c7d56b0-55ba-11dd-97a3-0016d3fe2f70}]
\shell\AutoRun\command - ie.exe
\shell\explore\Command - ie.exe
\shell\open\Command - ie.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82d4e20c-4a8c-11dd-bb39-001a73d7e915}]
\shell\AutoRun\command - ie.exe
\shell\explore\Command - ie.exe
\shell\open\Command - ie.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c476933b-4b47-11dd-adeb-001a73d7e915}]
\shell\AutoRun\command - RavMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2007-12-20 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 21:20]
2008-07-28 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - saloua.job
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe []
2008-08-17 C:\Windows\Tasks\User_Feed_Synchronization-{D9807798-D0FE-41B9-BC6A-4CC5D535312A}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\saloua\AppData\Roaming\Mozilla\Firefox\Profiles\omk786jw.default\
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-17 16:31:23
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Vongo\VongoService.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-08-17 16:39:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-17 14:38:55
Pre-Run: 52,645,150,720 bytes free
Post-Run: 52,309,356,544 bytes free
274 --- E O F --- 2008-08-16 14:43:04
tu passes ccleaner avec ces réglages la et puis tu redémareras le pc et tu feras un nouveau hijackthis merci
télécharge Ccleaner à partir de cette adresses
https://www.01net.com/outils/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/tele32599.html
.enregistres le sur le bureau
.double-cliques sur le fichier pour lancer l'installation
.sur la fenêtre de l'installation langage bien choisir français et OK
.cliques sur suivant
.lis la licence et j'accepte
.cliques sur suivant
.la tu ne gardes de coché que mettre un raccourci sur le bureau et puis contrôler automatiquement les mises à jour de Ccleaner
.cliques sur intaller
.cliques sur fermer
.double-cliques sur l'icône de Ccleaner pour l'ouvrir
.une fois ouvert tu cliques sur option et puis avancé
.tu décoches effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures
.cliques sur nettoyeur
.cliques sur windows et dans la colonne avancé
.cochesla première case vieilles données du perfetch que celle-la ce qui te donnes la case vielles données du perfetch et la case avancé qui c'est coché automatiquement mais que celle-la
.cliques sur analyse une fois l'analyse terminé
.cliques sur lancer le nettoyage et sur la demande de confirmation OK il vas falloir que tu le refasses une autre fois une fois fini vériffis en appuiant de nouveau sur analyse pour être sur qu'il n'y est plus rien
.cliques maintenant sur registre et puis sur rechercher les erreurs
.laisses tout cochées et cliques sur réparrer les erreurs sélectionnées
.il te demande de sauvegarder OUI
.tu lui donnes un nom pour pouvoir la retrouver et enregitre
.cliques sur corriger toutes les erreurs sélectionnées et sur la demande de confirmation OK
.il supprime et fermer tu vériffis en relancant rechercher les erreurs
.tu retournes dans option et tu recoches la case effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures et sur nettoyeur, windows sous avancé tu décoches la première case vieilles données du perfetch
.tu peux fermer Ccleaner
pour aider si besion tutoriel: https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
télécharge Ccleaner à partir de cette adresses
https://www.01net.com/outils/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/tele32599.html
.enregistres le sur le bureau
.double-cliques sur le fichier pour lancer l'installation
.sur la fenêtre de l'installation langage bien choisir français et OK
.cliques sur suivant
.lis la licence et j'accepte
.cliques sur suivant
.la tu ne gardes de coché que mettre un raccourci sur le bureau et puis contrôler automatiquement les mises à jour de Ccleaner
.cliques sur intaller
.cliques sur fermer
.double-cliques sur l'icône de Ccleaner pour l'ouvrir
.une fois ouvert tu cliques sur option et puis avancé
.tu décoches effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures
.cliques sur nettoyeur
.cliques sur windows et dans la colonne avancé
.cochesla première case vieilles données du perfetch que celle-la ce qui te donnes la case vielles données du perfetch et la case avancé qui c'est coché automatiquement mais que celle-la
.cliques sur analyse une fois l'analyse terminé
.cliques sur lancer le nettoyage et sur la demande de confirmation OK il vas falloir que tu le refasses une autre fois une fois fini vériffis en appuiant de nouveau sur analyse pour être sur qu'il n'y est plus rien
.cliques maintenant sur registre et puis sur rechercher les erreurs
.laisses tout cochées et cliques sur réparrer les erreurs sélectionnées
.il te demande de sauvegarder OUI
.tu lui donnes un nom pour pouvoir la retrouver et enregitre
.cliques sur corriger toutes les erreurs sélectionnées et sur la demande de confirmation OK
.il supprime et fermer tu vériffis en relancant rechercher les erreurs
.tu retournes dans option et tu recoches la case effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures et sur nettoyeur, windows sous avancé tu décoches la première case vieilles données du perfetch
.tu peux fermer Ccleaner
pour aider si besion tutoriel: https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
merci chef!
ça l'air de marcher, je vais voir combien ça va durer.
je te remercieeee infiniment, tu m'a épargné le formatage.
ça l'air de marcher, je vais voir combien ça va durer.
je te remercieeee infiniment, tu m'a épargné le formatage.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:42:12 PM, on 8/17/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\saloua\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Vongo Tray.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUplden-us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Scan saved at 6:42:12 PM, on 8/17/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\saloua\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Vongo Tray.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUplden-us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
tu relances hijackthis comme expliqué pour Fixer les lignes
.Tu fermes tout les programmes ouverts y compris le navigateur. sauf ton anti-virus et pare-feux
.Lances HijackThis
.Cliques sur "Do a system scan only"
.Tu coches les lignes suivantes :
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - Global Startup: Vongo Tray.lnk = ?
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
.Tu cliques sur "Fixe Checked"
.Tu fermes HijackThis
des expliquations en images : http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
=====================================================================
désinstalles les outils utilisés et les rapports générés ET NORMALEMENT C'EST BON POUR MOI
.Tu fermes tout les programmes ouverts y compris le navigateur. sauf ton anti-virus et pare-feux
.Lances HijackThis
.Cliques sur "Do a system scan only"
.Tu coches les lignes suivantes :
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - Global Startup: Vongo Tray.lnk = ?
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
.Tu cliques sur "Fixe Checked"
.Tu fermes HijackThis
des expliquations en images : http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
=====================================================================
désinstalles les outils utilisés et les rapports générés ET NORMALEMENT C'EST BON POUR MOI
