Supression de smart antivirus 2009

jojo -  
 Utilisateur anonyme -
Bonjour,

me voilà aussi infecté par ce virus.

j'ai fais une analyse avec smitfraudfix .
je vous la met ci dessous.
De plus, j'ai essayé de lancer avant Hijack This, mais je ne peux pas le lancer car je n'est pas le .dll suivant : MSVBVM60.Dll

Merci pour votre aide.

josselin

SmitFraudFix v2.346

Rapport fait à 22:59:45,94, 06/09/2008
Executé à partir de C:\Documents and Settings\jojo\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Utilitaire\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Utilitaire\PowerDVD\PDVDServ.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Utilitaire\Babylon\Babylon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Utilitaire\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\lphcccrj0er77.exe
C:\Windows\system32\YUR28.exe
C:\Windows\system32\YUR29.exe
C:\Windows\system32\YUR2A.exe
C:\Windows\system32\YUR2F.exe
C:\Program Files\MSA\MSA.exe
C:\Windows\system32\YUR51.exe
C:\Documents and Settings\jojo\Application Data\Adobe\Manager.exe
C:\Program Files\Smart Antivirus 2009\Smart Antivirus-2009.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\jojo\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\pphcccrj0er77.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\jojo\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\1.ico PRESENT !
C:\WINDOWS\system32\2.ico PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\jojo

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\jojo\Application Data

C:\Documents and Settings\jojo\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Antivirus-2009.lnk PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

C:\DOCUME~1\jojo\MENUDM~1\PROGRA~1\Smart Antivirus 2009 PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\jojo\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

C:\DOCUME~1\jojo\Bureau\Smart Antivirus-2009.lnk PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\PCHealthCenter\ PRESENT !
C:\Program Files\Smart Antivirus 2009\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:/DOCUME~1/jojo/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg"
"SubscribedURL"="file:///C:/DOCUME~1/jojo/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
+--------------------------------------------------+
[!] Suspicious: vanwxemgdfk.dll
BHO: QXK Olive - {9EED0EF0-103A-4C1B-A115-F39879368545}
TypeLib: {952FD5EC-C7C9-432B-A380-134D2809852C}
Interface: {22EB23D5-F582-4B38-8F8B-22ABDB8F7730}
Interface: {596090F2-124A-4A7E-95C0-B3D9CBB47026}
+--------------------------------------------------+
[!] Suspicious: vanwxemggfb.dll
BHO: QXK Olive - {AF57398C-E09D-4229-B2D5-12E909DCC730}
TypeLib: {6DA06CEE-C3B8-4EA1-A29F-0212470F00FC}
Interface: {23E0807B-33BA-4D75-970F-D4BB67290CCE}
Interface: {5309604A-F274-46F0-874D-4405B97CCC4C}

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="fiilwn.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/Wireless 2200BG Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{8838E7A5-62A3-4650-A8C6-8B724D608D7B}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8838E7A5-62A3-4650-A8C6-8B724D608D7B}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{8838E7A5-62A3-4650-A8C6-8B724D608D7B}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin
Configuration: Windows XP
Firefox 3.0.1

19 réponses

  1. Utilisateur anonyme
     
    Les anti-virus et peut importe celui que tu utilises, auront un train de retard, au moment ou le "virus" est créé et "distrubué" sur le net et sa détection il se passe un certain temps. Selon l'anti-virus utilisé, l'éditeur sera plus ou moins rapide à l'intégré à sa base virale et donc le détecter.

    Garde ton Windows est ton anti-virus à jour. Vérifie que ton pare-feu est correctement configuré.
    Ensuite, je te conseille de faire un scan anti-virus en ligne tous les mois, cela complétera l'analyse de ton anti-virus actuel. Puis de mettre à jour toutes les semaines tes anti-spywares afin de faire un scan rapide de ton système. Ils compléteront la fonction de ton anti-virus.

    N'oublie pas de nettoyer régulièrement tes fichiers temporaires et ton registre. Puis si l'envie t'en dit de changer d'anti-virus, il en existe des gratuits pas moins efficace que celui que tu as actuellement, mais ça, c'est toi qui fera le choix ou non d'en changer, je te laisse libre de tes choix :-)
    2
  2. jojo
     
    merci pour vos conseil

    voici le rapport smitfraudfix:

    SmitFraudFix v2.346

    Rapport fait à 10:27:44,12, 07/09/2008
    Executé à partir de C:\Documents and Settings\jojo\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri
    C:\WINDOWS\vanwxemgdfk.dll deleted.
    C:\WINDOWS\vanwxemggfb.dll deleted.

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    C:\WINDOWS\system32\1.ico supprimé
    C:\WINDOWS\system32\2.ico supprimé
    C:\Documents and Settings\jojo\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Antivirus-2009.lnk supprimé
    C:\DOCUME~1\jojo\MENUDM~1\PROGRA~1\Smart Antivirus 2009 supprimé
    C:\DOCUME~1\jojo\Bureau\Smart Antivirus-2009.lnk supprimé
    C:\Program Files\PCHealthCenter\ supprimé
    C:\Program Files\Smart Antivirus 2009\ supprimé

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

    AntiXPVSTFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Broadcom 440x 10/100 Integrated Controller - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 212.27.54.252
    DNS Server Search Order: 212.27.53.252

    Description: Intel(R) PRO/Wireless 2200BG Network Connection - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 212.27.54.252
    DNS Server Search Order: 212.27.53.252

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{250F7979-A5D7-40F7-8250-03DF4F59B078}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{8838E7A5-62A3-4650-A8C6-8B724D608D7B}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{250F7979-A5D7-40F7-8250-03DF4F59B078}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{8838E7A5-62A3-4650-A8C6-8B724D608D7B}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{8838E7A5-62A3-4650-A8C6-8B724D608D7B}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  3. jojo
     
    voici le rapport malwarebytes:

    Malwarebytes' Anti-Malware 1.26
    Version de la base de données: 1122
    Windows 5.1.2600 Service Pack 3

    07/09/2008 13:17:56
    mbam-log-2008-09-07 (13-17-56).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 85521
    Temps écoulé: 35 minute(s), 12 second(s)

    Processus mémoire infecté(s): 2
    Module(s) mémoire infecté(s): 4
    Clé(s) du Registre infectée(s): 24
    Valeur(s) du Registre infectée(s): 43
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 12
    Fichier(s) infecté(s): 93

    Processus mémoire infecté(s):
    C:\WINDOWS\system32\YURD.exe (Trojan.FakeAlert) -> Unloaded process successfully.
    C:\WINDOWS\system32\lphcccrj0er77.exe (Trojan.FakeAlert) -> Unloaded process successfully.

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\cbXPhhGY.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\nhapdptc.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\daiqkt.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\awtuvWpO.dll (Trojan.Vundo.H) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1eafaea6-5fdd-4b66-9e58-85296b3fff88} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1eafaea6-5fdd-4b66-9e58-85296b3fff88} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3b06b899-e896-4689-b1f4-25f806c30111} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{3b06b899-e896-4689-b1f4-25f806c30111} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ac6dc572-628f-425c-a3be-f0b1202bb39e} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtuvwpo (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{ac6dc572-628f-425c-a3be-f0b1202bb39e} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2016a32c-363c-4c3b-b244-6f9ce22817ef} (Trojan.BHO.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{2016a32c-363c-4c3b-b244-6f9ce22817ef} (Trojan.BHO.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{e3220e77-2cf5-3361-879d-6fab0da9a069} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{9c38027e-22ba-3149-97ff-6823c9e30ca7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a46840bd-b856-3d4c-b6fe-8d26227b2d7d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a46840bd-b856-3d4c-b6fe-8d26227b2d7d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc9crj0er77 (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\rhc9crj0er77 (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cc6db468 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{ac6dc572-628f-425c-a3be-f0b1202bb39e} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yure.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yure.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur28.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur29.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2f.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur51.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur7.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur8.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur9.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur5d.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur68.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur67.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur6a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur69.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur8b.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur28.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur29.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2f.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur51.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur7.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur8.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur9.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur5d.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur68.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur67.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur6a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur69.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur8b.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Run (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmcf5e87f4 (Trojan.Agent) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcccrj0er77 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\backupwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\cbxphhgy -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\cbxphhgy -> Delete on reboot.

    Dossier(s) infecté(s):
    C:\Program Files\rhc9crj0er77 (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\jojo\Application Data\rhc9crj0er77 (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\jojo\Application Data\rhc9crj0er77\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\jojo\Application Data\rhc9crj0er77\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\jojo\Application Data\rhc9crj0er77\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\jojo\Application Data\rhc9crj0er77\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\jojo\Application Data\rhc9crj0er77\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\jojo\Application Data\rhc9crj0er77\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\jojo\Application Data\rhc9crj0er77\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\jojo\Application Data\rhc9crj0er77\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\jojo\Application Data\rhc9crj0er77\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\jojo\Application Data\rhc9crj0er77\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\daiqkt.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\cbXPhhGY.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\YGhhPXbc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\YGhhPXbc.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\awtuvWpO.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\nhapdptc.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\ctpdpahn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sgacxdcj.dll (Trojan.BHO.H) -> Delete on reboot.
    C:\WINDOWS\system32\YURD.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\x (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\jojo\Local Settings\Temporary Internet Files\Content.IE5\QFSUGI81\c5ro[1].dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\jojo\Local Settings\Temporary Internet Files\Content.IE5\XPWWRBMW\nd82m0[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\jojo\Local Settings\Temporary Internet Files\Content.IE5\XPWWRBMW\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\Program Files\MSA\MSA.cpl (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\MSA\MSA.exe (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\opnlJcdB.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\oqsoriab.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\byXRjjKC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cbXRLddd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nnnmlKAs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\khfCttRK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\rmfvuywg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\aqdbmopa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\difour.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\fccyxxXp.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\fiilwn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\egswxshw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\eseguf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hgGwUmnk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jamkvelo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jhvgfdcm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mmx98181.dll (Trojan.FakeAlert) -> Delete on reboot.
    C:\WINDOWS\system32\MSa.cpl (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pmnKcYoP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pojqpplb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pypgqspn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\qhywwhtk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\qmpynrue.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\qmzpjm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\scajbagr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ssqPhhHX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tcgpfyuj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\olddgroc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vcyecrlm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\whynfgeu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ldyfmbma.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jwjtiq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jxvxqgar.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\xpwbgaiq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xybylvgh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\yghjktjx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ynpknnib.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\YURE.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mx98181.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\fnhjeq.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\rcalkipa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hpalllwm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\edkxduna.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\efcBrRhi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\efcDTMCT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pdgdxmwl.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\ttqmqxlu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\unguavxg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Program Files\rhc9crj0er77\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhc9crj0er77\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhc9crj0er77\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhc9crj0er77\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhc9crj0er77\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhc9crj0er77\rhc9crj0er77.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\MSA\msa0.dat (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\MSA\msa1.dat (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Documents and Settings\jojo\Application Data\Adobe\Manager.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hfyoksvs.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cbXOHAQJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ddcDssRk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nnnomNec.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\awtrQhhg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\byXQHbaB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\efcBTjhH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\iifgEvVl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ljJAPgfc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ljJYQIYQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wvUoMGxu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\BMcf5e87f4.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\BMcf5e87f4.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\khfExXqR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vtUkIArq.dll (Trojan.vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lphcccrj0er77.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\jojo\Bureau\MS Antivirus.lnk (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\jojo\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\jojo\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. jojo
     
    et pour finir voici le rapport hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:27:54, on 07/09/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Utilitaire\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Utilitaire\PowerDVD\PDVDServ.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Utilitaire\Babylon\Babylon.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\vVX3000.exe
    C:\Program Files\Utilitaire\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Documents and Settings\jojo\Bureau\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: {910f579f-9fcb-9588-33c4-01e7142bb382} - {283bb241-7e10-4c33-8859-bcf9f975f019} - C:\WINDOWS\system32\fnhjeq.dll (file missing)
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\utilitairel\Realone Player\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: QXK Olive - {9EED0EF0-103A-4C1B-A115-F39879368545} - C:\WINDOWS\vanwxemgdfk.dll (file missing)
    O2 - BHO: QXK Olive - {AF57398C-E09D-4229-B2D5-12E909DCC730} - C:\WINDOWS\vanwxemggfb.dll (file missing)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Utilitaire\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Utilitaire\Babylon\Babylon.exe -AutoStart
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\Utilitaire\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] doskeys.exe
    O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Services5] dllhosts.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
    O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\UTILIT~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\UTILIT~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O18 - Protocol: ncbi8 - {2B576DD3-0B3E-4718-BCBF-B15E4FB8009D} - D:\Program Files\Vector NTI Advance 10\Ncbi.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: fnhjeq.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Utilitaire\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    0
  6. jojo
     
    et voici le hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:39:14, on 07/09/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Utilitaire\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Utilitaire\PowerDVD\PDVDServ.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\vVX3000.exe
    C:\Program Files\Utilitaire\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    D:\Program Files\Framakey\Apps\portableFirefox3\firefox\firefox.exe
    C:\Documents and Settings\jojo\Bureau\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Utilitaire\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\Utilitaire\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [BMcf5e87f4] Rundll32.exe "C:\WINDOWS\system32\fxsqusna.dll",s
    O4 - HKLM\..\Run: [cc6db468] rundll32.exe "C:\WINDOWS\system32\mxwnpkyw.dll",b
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Run] "C:\Documents and Settings\jojo\Application Data\Adobe\Manager.exe"
    O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] doskeys.exe
    O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Services5] dllhosts.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\UTILIT~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\UTILIT~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O18 - Protocol: ncbi8 - {2B576DD3-0B3E-4718-BCBF-B15E4FB8009D} - D:\Program Files\Vector NTI Advance 10\Ncbi.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: fnhjeq.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Utilitaire\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    0
  7. jojo
     
    voici le VBG:

    [09/07/2008, 21:41:09] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\jojo\Bureau\VirtumundoBeGone.exe" )
    [09/07/2008, 21:41:42] - Detected System Information:
    [09/07/2008, 21:41:42] - Windows Version: 5.1.2600, Service Pack 3
    [09/07/2008, 21:41:42] - Current Username: jojo (Admin)
    [09/07/2008, 21:41:42] - Windows is in NORMAL mode.
    [09/07/2008, 21:41:42] - Searching for Browser Helper Objects:
    [09/07/2008, 21:41:42] - BHO 1: {283bb241-7e10-4c33-8859-bcf9f975f019} ()
    [09/07/2008, 21:41:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [09/07/2008, 21:41:42] - Checking for HKLM\...\Winlogon\Notify\fnhjeq
    [09/07/2008, 21:41:42] - Key not found: HKLM\...\Winlogon\Notify\fnhjeq, continuing.
    [09/07/2008, 21:41:42] - BHO 2: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
    [09/07/2008, 21:41:42] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [09/07/2008, 21:41:42] - BHO 4: {98672103-AFBE-4434-92D2-692A124CD60F} ()
    [09/07/2008, 21:41:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [09/07/2008, 21:41:43] - Checking for HKLM\...\Winlogon\Notify\awtutqNh
    [09/07/2008, 21:41:43] - Found: HKLM\...\Winlogon\Notify\awtutqNh - This is probably Virtumundo.
    [09/07/2008, 21:41:43] - Assigning {98672103-AFBE-4434-92D2-692A124CD60F} MSEvents Object
    [09/07/2008, 21:41:43] - BHO list has been changed! Starting over...
    [09/07/2008, 21:41:43] - BHO 1: {283bb241-7e10-4c33-8859-bcf9f975f019} ()
    [09/07/2008, 21:41:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [09/07/2008, 21:41:43] - Checking for HKLM\...\Winlogon\Notify\fnhjeq
    [09/07/2008, 21:41:43] - Key not found: HKLM\...\Winlogon\Notify\fnhjeq, continuing.
    [09/07/2008, 21:41:43] - BHO 2: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
    [09/07/2008, 21:41:43] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [09/07/2008, 21:41:43] - BHO 4: {98672103-AFBE-4434-92D2-692A124CD60F} (MSEvents Object)
    [09/07/2008, 21:41:43] - ALERT: Found MSEvents Object!
    [09/07/2008, 21:41:43] - BHO 5: {9EED0EF0-103A-4C1B-A115-F39879368545} (QXK Olive)
    [09/07/2008, 21:41:43] - BHO 6: {AF57398C-E09D-4229-B2D5-12E909DCC730} (QXK Olive)
    [09/07/2008, 21:41:43] - BHO 7: {C463267F-9E61-47C2-8560-0B9306DED26B} ()
    [09/07/2008, 21:41:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [09/07/2008, 21:41:43] - Checking for HKLM\...\Winlogon\Notify\opnoLebA
    [09/07/2008, 21:41:43] - Key not found: HKLM\...\Winlogon\Notify\opnoLebA, continuing.
    [09/07/2008, 21:41:43] - Finished Searching Browser Helper Objects
    [09/07/2008, 21:41:43] - *** Detected MSEvents Object
    [09/07/2008, 21:41:43] - Trying to remove MSEvents Object...
    [09/07/2008, 21:41:44] - Terminating Process: IEXPLORE.EXE
    [09/07/2008, 21:41:44] - Terminating Process: RUNDLL32.EXE
    [09/07/2008, 21:41:44] - Disabling Automatic Shell Restart
    [09/07/2008, 21:41:44] - Terminating Process: EXPLORER.EXE
    [09/07/2008, 21:41:45] - Suspending the NT Session Manager System Service
    [09/07/2008, 21:41:45] - Terminating Windows NT Logon/Logoff Manager
    [09/07/2008, 21:41:45] - Re-enabling Automatic Shell Restart
    [09/07/2008, 21:41:45] - File to disable: C:\WINDOWS\system32\awtutqNh.dll
    [09/07/2008, 21:41:45] - Renaming C:\WINDOWS\system32\awtutqNh.dll -> C:\WINDOWS\system32\awtutqNh.dll.vir
    [09/07/2008, 21:41:45] - File successfully renamed!
    [09/07/2008, 21:41:45] - Removing HKLM\...\Browser Helper Objects\{98672103-AFBE-4434-92D2-692A124CD60F}
    [09/07/2008, 21:41:45] - Removing HKCR\CLSID\{98672103-AFBE-4434-92D2-692A124CD60F}
    [09/07/2008, 21:41:45] - Adding Kill Bit for ActiveX for GUID: {98672103-AFBE-4434-92D2-692A124CD60F}
    [09/07/2008, 21:41:45] - Deleting ATLEvents/MSEvents Registry entries
    [09/07/2008, 21:41:45] - Removing HKLM\...\Winlogon\Notify\awtutqNh
    [09/07/2008, 21:41:45] - Searching for Browser Helper Objects:
    [09/07/2008, 21:41:46] - BHO 1: {283bb241-7e10-4c33-8859-bcf9f975f019} ()
    [09/07/2008, 21:41:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [09/07/2008, 21:41:46] - Checking for HKLM\...\Winlogon\Notify\fnhjeq
    [09/07/2008, 21:41:46] - Key not found: HKLM\...\Winlogon\Notify\fnhjeq, continuing.
    [09/07/2008, 21:41:46] - BHO 2: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
    [09/07/2008, 21:41:46] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [09/07/2008, 21:41:46] - BHO 4: {9EED0EF0-103A-4C1B-A115-F39879368545} (QXK Olive)
    [09/07/2008, 21:41:46] - BHO 5: {AF57398C-E09D-4229-B2D5-12E909DCC730} (QXK Olive)
    [09/07/2008, 21:41:46] - BHO 6: {C463267F-9E61-47C2-8560-0B9306DED26B} ()
    [09/07/2008, 21:41:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [09/07/2008, 21:41:46] - Checking for HKLM\...\Winlogon\Notify\opnoLebA
    [09/07/2008, 21:41:46] - Key not found: HKLM\...\Winlogon\Notify\opnoLebA, continuing.
    [09/07/2008, 21:41:46] - Finished Searching Browser Helper Objects
    [09/07/2008, 21:41:46] - Finishing up...
    [09/07/2008, 21:41:46] - A restart is needed.
    [09/07/2008, 21:41:55] - Attempting to Restart via STOP error (Blue Screen!)
    0
  8. jojo
     
    et voici un nouveau rapport hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:47:14, on 07/09/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Utilitaire\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Utilitaire\PowerDVD\PDVDServ.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\vVX3000.exe
    C:\Program Files\Utilitaire\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Symantec AntiVirus\DoScan.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\rundll32.exe
    D:\Program Files\Framakey\Apps\portableFirefox3\firefox\firefox.exe
    C:\Documents and Settings\jojo\Bureau\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Utilitaire\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\Utilitaire\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [cc6db468] rundll32.exe "C:\WINDOWS\system32\mxwnpkyw.dll",b
    O4 - HKLM\..\Run: [BMcf5e87f4] Rundll32.exe "C:\WINDOWS\system32\dkkgpacy.dll",s
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Run] "C:\Documents and Settings\jojo\Application Data\Adobe\Manager.exe"
    O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] doskeys.exe
    O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Services5] dllhosts.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\UTILIT~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\UTILIT~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O18 - Protocol: ncbi8 - {2B576DD3-0B3E-4718-BCBF-B15E4FB8009D} - D:\Program Files\Vector NTI Advance 10\Ncbi.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: fnhjeq.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Utilitaire\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    0
  9. jojo
     
    merci pour tout,

    tout fonctionne plus de virus j'ai relancé Malwarebytes' Anti-Malware et il ne trouve plus rien
    google veut bien fonctionné de nouveau et les mises à jours de windows sont réglables.

    bonne journée,

    josselin
    0
  10. jojo
     
    voici le rapport:

    DiagHelp version v1.4 - http://www.malekal.com
    excute le 08/09/2008 à 17:46:38,62

    Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
    C:\WINDOWS\prefetch\CHCP.COM-17EDBDC9.pf -->08/09/2008 17:46:05
    C:\WINDOWS\prefetch\CMD.EXE-034B0549.pf -->08/09/2008 17:45:58
    C:\WINDOWS\prefetch\WINRAR.EXE-0AA31BB9.pf -->08/09/2008 17:44:47
    C:\WINDOWS\prefetch\PORTABLEFIREFOX.EXE-1905D7D8.pf -->08/09/2008 17:43:42
    C:\WINDOWS\prefetch\FIREFOX.EXE-077A0061.pf -->08/09/2008 17:43:39
    C:\WINDOWS\prefetch\THUNDERBIRD.EXE-135C6213.pf -->08/09/2008 17:43:38
    C:\WINDOWS\prefetch\PORTABLETHUNDERBIRD2.EXE-1729A646.pf -->08/09/2008 17:43:37
    C:\WINDOWS\prefetch\RUNDLL32.EXE-4EE39BB6.pf -->08/09/2008 17:42:43
    C:\WINDOWS\prefetch\WINWORD.EXE-2338C067.pf -->08/09/2008 15:01:01
    C:\WINDOWS\prefetch\ACROBAT.EXE-0CA9D55B.pf -->08/09/2008 14:59:44

    C:\WINDOWS\System32\drivers\mbamswissarmy.sys -->02/09/2008 00:16:46
    C:\WINDOWS\System32\drivers\mbam.sys -->02/09/2008 00:16:40
    C:\WINDOWS\System32\drivers\tcpip.sys -->20/06/2008 13:51:12
    C:\WINDOWS\System32\drivers\afd.sys -->20/06/2008 13:40:08
    C:\WINDOWS\System32\drivers\tcpip6.sys -->20/06/2008 13:08:27
    C:\WINDOWS\System32\drivers\bthport.sys -->14/06/2008 19:33:37
    C:\WINDOWS\System32\drivers\rmcast.sys -->08/05/2008 16:02:52

    C:\WINDOWS\System32\Monitored2.dat -->08/09/2008 17:45:18
    C:\WINDOWS\System32\wpa.dbl -->08/09/2008 09:07:12
    C:\WINDOWS\System32\c74e7016-.txt -->07/09/2008 22:31:20
    C:\WINDOWS\System32\dkkgpacy.dll -->07/09/2008 21:45:38
    C:\WINDOWS\System32\wykpnwxm.ini -->07/09/2008 21:45:05
    C:\WINDOWS\System32\fxsqusna.dll -->07/09/2008 21:30:58
    C:\WINDOWS\System32\exylrwtf.ini -->07/09/2008 21:30:27
    C:\WINDOWS\System32\xqjjffhc.dll -->07/09/2008 17:44:59
    C:\WINDOWS\System32\awtutqNh.dll.vir -->07/09/2008 17:38:49
    C:\WINDOWS\System32\ragqxvxj.ini -->07/09/2008 12:42:32
    C:\WINDOWS\System32\flrqexwq.dll -->07/09/2008 10:43:22
    C:\WINDOWS\System32\grukpfmn.ini -->07/09/2008 10:42:46
    C:\WINDOWS\System32\tmp.txt -->07/09/2008 10:28:08
    C:\WINDOWS\System32\tmp.reg -->07/09/2008 10:28:08
    C:\WINDOWS\System32\bsnuhhsm.ini -->06/09/2008 21:28:31
    C:\WINDOWS\System32\adtjnnwv.ini -->06/09/2008 21:07:34
    C:\WINDOWS\System32\qlrjvlpd.ini -->06/09/2008 10:59:27
    C:\WINDOWS\System32\xygmubpe.ini -->06/09/2008 10:56:51
    C:\WINDOWS\System32\Monitored3.dat -->05/09/2008 11:29:23
    C:\WINDOWS\System32\pclhqjej.ini -->05/09/2008 08:18:35
    C:\WINDOWS\System32\oykjgbsl.ini -->05/09/2008 07:55:34
    C:\WINDOWS\System32\hcppduti.ini -->04/09/2008 21:57:46
    C:\WINDOWS\System32\csnjxmus.ini -->04/09/2008 21:07:59
    C:\WINDOWS\System32\daflfecb.ini -->04/09/2008 10:42:59
    C:\WINDOWS\System32\hqhvouuq.ini -->04/09/2008 08:34:59

    C:\WINDOWS\wiadebug.log -->08/09/2008 13:49:47
    C:\WINDOWS\WindowsUpdate.log -->08/09/2008 12:13:57
    C:\WINDOWS\0.log -->08/09/2008 09:07:00
    C:\WINDOWS\wiaservc.log -->08/09/2008 09:06:58
    C:\WINDOWS\bootstat.dat -->08/09/2008 09:06:28
    C:\WINDOWS\SchedLgU.Txt -->08/09/2008 00:10:32
    C:\WINDOWS\setupapi.log -->07/09/2008 23:02:36
    C:\WINDOWS\ntbtlog.txt -->07/09/2008 21:27:12
    C:\WINDOWS\setupact.log -->07/09/2008 12:44:28
    C:\WINDOWS\win.ini -->06/09/2008 21:20:54
    C:\WINDOWS\system.ini -->06/09/2008 21:20:54
    C:\WINDOWS\tsoc.log -->14/08/2008 11:11:37
    C:\WINDOWS\tabletoc.log -->14/08/2008 11:11:37
    C:\WINDOWS\ocmsn.log -->14/08/2008 11:11:37
    C:\WINDOWS\ocgen.log -->14/08/2008 11:11:37

    winlogon.exe
    Verified: Signed
    svchost.exe
    Verified: Signed
    ws2_32.dll
    Verified: Signed
    user32.dll
    Verified: Signed
    tcpip.sys
    Verified: Signed
    ndis.sys
    Verified: Signed
    null.sys
    Verified: Signed

    ListDLLs v2.25 - DLL lister for Win9x/NT
    Copyright (C) 1997-2004 Mark Russinovich
    Sysinternals - www.sysinternals.com

    ------------------------------------------------------------------------------
    explorer.exe pid: 2316
    Command line: C:\WINDOWS\Explorer.EXE

    Base Size Version Path
    0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
    0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
    0x76610000 0x84000 5.131.2600.5512 C:\WINDOWS\system32\CRYPTUI.dll
    0x44080000 0xd0000 7.00.6000.16705 C:\WINDOWS\system32\WININET.dll
    0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
    0x43e00000 0x45000 7.00.6000.16705 C:\WINDOWS\system32\iertutil.dll
    0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll
    0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
    0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
    0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
    0x76ac0000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL
    0x44360000 0x5cd000 7.00.6000.16705 C:\WINDOWS\system32\ieframe.dll
    0x44160000 0x127000 7.00.6000.16705 C:\WINDOWS\system32\urlmon.dll
    0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
    0x7d200000 0x2bc000 3.01.4001.5512 C:\WINDOWS\system32\msi.dll
    0x442b0000 0x3c000 7.00.6000.16705 C:\WINDOWS\system32\webcheck.dll
    0x10000000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\PDFShell.dll
    0x02cf0000 0xa000 7.00.0000.0000 C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\PDFShell.FRA
    0x4eb80000 0x1a6000 5.01.3102.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\gdiplus.dll
    0x03830000 0x4e000 7.00.0005.0172 C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat Elements\ContextMenu.fra
    0x02830000 0x12000 1.01.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
    0x03020000 0x2e000 C:\Program Files\WinRAR\rarext.dll
    0x02a60000 0xb400 10.00.0000.0359 C:\Program Files\Fichiers communs\Symantec Shared\SSC\vpshell2.dll
    0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll
    0x74730000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll
    0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll

    ListDLLs v2.25 - DLL lister for Win9x/NT
    Copyright (C) 1997-2004 Mark Russinovich
    Sysinternals - www.sysinternals.com

    ------------------------------------------------------------------------------
    winlogon.exe pid: 1880
    Command line: winlogon.exe

    Base Size Version Path
    0x01000000 0x82000 \??\C:\WINDOWS\system32\winlogon.exe
    0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
    0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
    0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll
    0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\COMCTL32.dll
    0x74730000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll
    0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
    0x10000000 0x10000 6.14.0010.4118 C:\WINDOWS\system32\Ati2evxx.dll
    0x01400000 0x3b000 1.07.0018.0007 C:\WINDOWS\system32\WgaLogon.dll
    0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
    0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
    0x01610000 0x1e000 9.00.0002.0011 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
    0x51650000 0xc400 10.00.0000.0359 C:\WINDOWS\system32\NavLogon.dll
    0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll

    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est CC6D-B4C7

    Répertoire de C:\WINDOWS\system

    10/09/1999 12:06 4 672 WOWPOST.EXE
    1 fichier(s) 4 672 octets
    0 Rép(s) 8 472 113 152 octets libres
    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est CC6D-B4C7

    Répertoire de C:\WINDOWS\system32

    14/04/2008 04:33 6 144 csrss.exe
    1 fichier(s) 6 144 octets
    0 Rép(s) 8 472 113 152 octets libres

    Contenu de Downloaded Program Files
    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est CC6D-B4C7

    Répertoire de C:\WINDOWS\Downloaded Program Files

    18/07/2008 10:52 <REP> .
    18/07/2008 10:52 <REP> ..
    28/12/2007 23:06 65 desktop.ini
    20/01/2000 16:25 1 162 Microsoft XML Parser for Java.osd
    29/08/2003 15:55 2 136 WMAVAX.inf
    30/06/2003 23:41 1 689 WMV9VCM.inf
    30/07/2007 20:24 293 wuweb.inf
    5 fichier(s) 5 345 octets

    Total des fichiers listés :
    5 fichier(s) 5 345 octets
    2 Rép(s) 8 472 109 056 octets libres

    Recherche de rootkit! (Merci S!Ri)

    Recherche d'infections connues

    Export des clefs sensibles..

    Liste des fichiers en exception sur le pare-feu XP SP2

    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\utilitairel\\Realone Player\\realplay.exe"="C:\\Program Files\\utilitairel\\Realone Player\\realplay.exe:*:Enabled:RealPlayer"
    "D:\\Program Files\\Framakey\\Apps\\PortableVLC\\vlc\\vlc.exe"="D:\\Program Files\\Framakey\\Apps\\PortableVLC\\vlc\\vlc.exe:*:Enabled:VLC media player"
    "D:\\Program Files\\Vector NTI Advance 10\\Vector NTI 10.exe"="D:\\Program Files\\Vector NTI Advance 10\\Vector NTI 10.exe:*:Enabled:Vector NTI 10.0.1"
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
    "D:\\Program Files\\adslTV\\adsltv.exe"="D:\\Program Files\\adslTV\\adsltv.exe:*:Enabled:adsltv"
    "C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
    "C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\Utilitaire\\iTunes\\iTunes.exe"="C:\\Program Files\\Utilitaire\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    Export de la clef SharedTaskScheduler

    [SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

    exports des policies
    REGEDIT4

    [system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    Export des clefs sensibles..
    Rechercher adresses sensibles dans le fichier HOSTS...
    catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-08 17:48:17
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden services: 0
    hidden files: 0

    KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

    Process list by traversal of KiWaitListHead

    4 - System
    172 - ati2evxx.exe
    244 - svchost.exe
    308 - svchost.exe
    524 - svchost.exe
    580 - EvtEng.exe
    700 - S24EvMon.exe
    768 - AppleMobileDevi
    824 - mDNSResponder.e
    860 - cvpnd.exe
    940 - cmd.exe
    1064 - svchost.exe
    1088 - svchost.exe
    1092 - iTunesHelper.ex
    1628 - spoolsv.exe
    1660 - 1XConfig.exe
    1680 - alg.exe
    1744 - svchost.exe
    1816 - Rtvscan.exe
    1820 - ZCfgSvc.exe
    1848 - csrss.exe
    1880 - winlogon.exe
    1928 - services.exe
    1940 - lsass.exe
    2124 - ati2evxx.exe
    2316 - explorer.exe
    2768 - PDVDServ.exe
    2876 - ccApp.exe
    2904 - VPTray.exe
    2948 - ctfmon.exe
    3328 - svchost.exe
    3800 - vVX3000.exe
    3884 - iPodService.exe

    Total number of processes = 33
    NOTE: Under WinXP, this will not show all processes.

    KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

    Driver/Module list by traversal of PsLoadedModuleList

    804D7000 - \WINDOWS\system32\ntkrnlpa.exe
    806D0000 - \WINDOWS\system32\hal.dll
    F7A1B000 - \WINDOWS\system32\KDCOM.DLL
    F792B000 - \WINDOWS\system32\BOOTVID.dll
    F73EB000 - ACPI.sys
    F7A1D000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS
    F73DA000 - pci.sys
    F751B000 - isapnp.sys
    F752B000 - ohci1394.sys
    F753B000 - \WINDOWS\System32\DRIVERS\1394BUS.SYS
    F792F000 - compbatt.sys
    F7933000 - \WINDOWS\System32\DRIVERS\BATTC.SYS
    F7AE3000 - pciide.sys
    F779B000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
    F73BC000 - pcmcia.sys
    F754B000 - MountMgr.sys
    F739D000 - ftdisk.sys
    F7A1F000 - dmload.sys
    F7377000 - dmio.sys
    F77A3000 - PartMgr.sys
    F755B000 - VolSnap.sys
    F735F000 - atapi.sys
    F756B000 - disk.sys
    F757B000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
    F733F000 - fltmgr.sys
    F732D000 - sr.sys
    F7316000 - KSecDD.sys
    F7289000 - Ntfs.sys
    F725C000 - NDIS.sys
    F7242000 - Mup.sys
    F76EB000 - \SystemRoot\System32\DRIVERS\intelppm.sys
    F79E3000 - \SystemRoot\System32\DRIVERS\CmBatt.sys
    F7081000 - \SystemRoot\System32\DRIVERS\ati2mtag.sys
    F706D000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
    F784B000 - \SystemRoot\System32\DRIVERS\usbuhci.sys
    F7049000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS
    F7853000 - \SystemRoot\system32\DRIVERS\usbehci.sys
    F76FB000 - \SystemRoot\System32\DRIVERS\bcm4sbxp.sys
    F770B000 - \SystemRoot\System32\DRIVERS\nic1394.sys
    F7035000 - \SystemRoot\System32\DRIVERS\sdbus.sys
    F6D12000 - \SystemRoot\System32\DRIVERS\w29n51.sys
    F6CCF000 - \SystemRoot\system32\drivers\STAC97.sys
    F6CAB000 - \SystemRoot\system32\drivers\portcls.sys
    F771B000 - \SystemRoot\system32\drivers\drmk.sys
    F6C88000 - \SystemRoot\system32\drivers\ks.sys
    F6C55000 - \SystemRoot\system32\DRIVERS\HSFHWICH.sys
    F6B58000 - \SystemRoot\system32\DRIVERS\HSF_DPV.SYS
    F6AAB000 - \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
    F785B000 - \SystemRoot\System32\Drivers\Modem.SYS
    F772B000 - \SystemRoot\System32\DRIVERS\i8042prt.sys
    F7863000 - \SystemRoot\System32\DRIVERS\mouclass.sys
    F786B000 - \SystemRoot\System32\DRIVERS\kbdclass.sys
    F773B000 - \SystemRoot\system32\DRIVERS\imapi.sys
    F774B000 - \SystemRoot\System32\DRIVERS\cdrom.sys
    F775B000 - \SystemRoot\System32\DRIVERS\redbook.sys
    F79F3000 - \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    F776B000 - \SystemRoot\System32\Drivers\tosrfcom.sys
    F6A8D000 - \SystemRoot\system32\DRIVERS\dne2000.sys
    F6A50000 - \SystemRoot\System32\DRIVERS\iwca.sys
    F7B28000 - \SystemRoot\System32\DRIVERS\audstub.sys
    F777B000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys
    F79FB000 - \SystemRoot\System32\DRIVERS\ndistapi.sys
    F6A39000 - \SystemRoot\System32\DRIVERS\ndiswan.sys
    F778B000 - \SystemRoot\System32\DRIVERS\raspppoe.sys
    F759B000 - \SystemRoot\System32\DRIVERS\raspptp.sys
    F7873000 - \SystemRoot\System32\DRIVERS\TDI.SYS
    F6A28000 - \SystemRoot\System32\DRIVERS\psched.sys
    F75AB000 - \SystemRoot\System32\DRIVERS\msgpc.sys
    F787B000 - \SystemRoot\System32\DRIVERS\ptilink.sys
    F7883000 - \SystemRoot\System32\DRIVERS\raspti.sys
    F62B0000 - \SystemRoot\System32\DRIVERS\rdpdr.sys
    F75FB000 - \SystemRoot\System32\DRIVERS\termdd.sys
    F7A43000 - \SystemRoot\System32\DRIVERS\swenum.sys
    F6252000 - \SystemRoot\System32\DRIVERS\update.sys
    F71FD000 - \SystemRoot\System32\DRIVERS\mssmbios.sys
    F765B000 - \SystemRoot\System32\DRIVERS\tosporte.sys
    F766B000 - \SystemRoot\System32\Drivers\NDProxy.SYS
    F769B000 - \SystemRoot\System32\DRIVERS\usbhub.sys
    F7A8F000 - \SystemRoot\System32\DRIVERS\USBD.SYS
    EE1B5000 - \??\C:\Program Files\Symantec AntiVirus\savrt.sys
    EE198000 - \??\C:\Program Files\Symantec\SYMEVENT.SYS
    EE184000 - \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys
    F7A9B000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
    F7B2B000 - \SystemRoot\System32\Drivers\Null.SYS
    F7A9D000 - \SystemRoot\System32\Drivers\Beep.SYS
    F7903000 - \SystemRoot\System32\drivers\vga.sys
    F7A9F000 - \SystemRoot\System32\Drivers\mnmdd.SYS
    F7AA1000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
    F790B000 - \SystemRoot\System32\Drivers\Msfs.SYS
    F791B000 - \SystemRoot\System32\Drivers\Npfs.SYS
    F79D3000 - \SystemRoot\System32\DRIVERS\rasacd.sys
    EE040000 - \SystemRoot\System32\DRIVERS\ipsec.sys
    EDFE7000 - \SystemRoot\System32\DRIVERS\tcpip.sys
    EDFBF000 - \SystemRoot\System32\DRIVERS\netbt.sys
    EDF7F000 - \SystemRoot\System32\Drivers\SYMTDI.SYS
    EDF5D000 - \SystemRoot\System32\drivers\afd.sys
    F76BB000 - \SystemRoot\System32\DRIVERS\netbios.sys
    EDF37000 - \SystemRoot\System32\DRIVERS\ipnat.sys
    EDF0C000 - \SystemRoot\System32\DRIVERS\rdbss.sys
    EDE9C000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys
    F76DB000 - \SystemRoot\System32\Drivers\Fips.SYS
    EDE3E000 - \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys
    F6A08000 - \SystemRoot\System32\Drivers\tosrfusb.sys
    F696C000 - \SystemRoot\system32\DRIVERS\hidusb.sys
    F69F8000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    F77BB000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    EDD5B000 - \SystemRoot\System32\Drivers\tosrfbd.sys
    F6968000 - \SystemRoot\System32\DRIVERS\mouhid.sys
    F69E8000 - \SystemRoot\System32\DRIVERS\wanarp.sys
    F69D8000 - \SystemRoot\System32\DRIVERS\arp1394.sys
    F69C8000 - \SystemRoot\System32\DRIVERS\Tosrfhid.sys
    F69B8000 - \SystemRoot\System32\Drivers\tosrfbnp.sys
    F77C3000 - \SystemRoot\System32\DRIVERS\tosrfnds.sys
    F69A8000 - \SystemRoot\System32\Drivers\Cdfs.SYS
    EDCCB000 - \SystemRoot\System32\Drivers\dump_atapi.sys
    F7AC1000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    BF800000 - \SystemRoot\System32\win32k.sys
    EDE22000 - \SystemRoot\System32\drivers\Dxapi.sys
    F77DB000 - \SystemRoot\System32\watchdog.sys
    BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
    F7BF0000 - \SystemRoot\System32\drivers\dxgthk.sys
    BF9D5000 - \SystemRoot\System32\ati2dvag.dll
    BFA0C000 - \SystemRoot\System32\ati2cqag.dll
    BFA40000 - \SystemRoot\System32\atikvmag.dll
    BFA75000 - \SystemRoot\System32\ati3duag.dll
    BFCB7000 - \SystemRoot\System32\ativvaxx.dll
    EBBD3000 - \SystemRoot\System32\DRIVERS\AegisP.sys
    EBBCB000 - \SystemRoot\System32\DRIVERS\s24trans.sys
    EBAE7000 - \SystemRoot\System32\DRIVERS\ndisuio.sys
    EB6AE000 - \SystemRoot\System32\DRIVERS\mrxdav.sys
    EB7D7000 - \SystemRoot\System32\Drivers\Aspi32.SYS
    EB556000 - \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
    EB703000 - \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    EB4DC000 - \SystemRoot\System32\DRIVERS\srv.sys
    EB3D7000 - \SystemRoot\system32\drivers\wdmaud.sys
    EB81B000 - \SystemRoot\system32\drivers\sysaudio.sys
    F677B000 - \SystemRoot\System32\Drivers\HTTP.sys
    F6687000 - \SystemRoot\System32\Drivers\SYMREDRV.SYS
    F7803000 - \SystemRoot\System32\DRIVERS\USBSTOR.SYS
    BAFB1000 - \SystemRoot\System32\Drivers\Fastfat.SYS
    BAEF5000 - \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilDrv10822.sys
    BAE21000 - \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20080907.003\navex15.sys
    BAE0C000 - \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20080907.003\naveng.sys
    BFFA0000 - \SystemRoot\System32\ATMFD.DLL
    F7B02000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

    Total number of drivers = 145

    Liste des programmes installes

    Adobe Acrobat 7.0 Professional - English, Français, Deutsch
    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Creative Suite 2
    Adobe Flash Player Plugin
    Adobe Help Center 1.0
    Adobe Illustrator CS2
    Adobe Photoshop CS2
    Adobe Stock Photos 1.0
    Adobe SVG Viewer 3.0
    Analyseur et SDK XML Microsoft
    Apple Mobile Device Support
    Apple Software Update
    Archiveur WinRAR
    ATI - Utilitaire de désinstallation du logiciel
    ATI Display Driver
    Babylon
    Bluetooth Stack for Windows by Toshiba
    Bonjour
    Broadcom 440x 10/100 Integrated Controller
    Broadcom 440x 10/100 Integrated Controller
    Broadcom Management Programs 2
    Broadcom Management Programs 2
    C-Major Audio
    Cisco Systems VPN Client 5.0.02.0090
    Compatibility Pack for the 2007 Office system
    Compel Adaptec WinASPI
    Conexant D110 MDC V.92 Modem
    Correctif pour Windows XP (KB952287)
    ffdshow [rev 2060] [2008-08-01]
    Intel(R) PROSet/Wireless Software
    IrfanView (remove only)
    iTunes
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    LiveUpdate 2.6 (Symantec Corporation)
    Malwarebytes' Anti-Malware
    mCore
    mDriver
    mDrWiFi
    mHlpDell
    Microsoft .NET Framework 2.0
    Microsoft .NET Framework 2.0
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft LifeCam
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Standard Edition 2003
    Mise à jour de sécurité pour Lecteur Windows Media (KB911564)
    Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
    Mise à jour de sécurité pour Lecteur Windows Media 9 (KB936782)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)
    Mise à jour de sécurité pour Windows XP (KB923689)
    Mise à jour de sécurité pour Windows XP (KB923789)
    Mise à jour de sécurité pour Windows XP (KB941569)
    Mise à jour de sécurité pour Windows XP (KB946648)
    Mise à jour de sécurité pour Windows XP (KB950760)
    Mise à jour de sécurité pour Windows XP (KB950762)
    Mise à jour de sécurité pour Windows XP (KB950974)
    Mise à jour de sécurité pour Windows XP (KB951376-v2)
    Mise à jour de sécurité pour Windows XP (KB951376)
    Mise à jour de sécurité pour Windows XP (KB951698)
    Mise à jour de sécurité pour Windows XP (KB951748)
    Mise à jour de sécurité pour Windows XP (KB952954)
    Mise à jour de sécurité pour Windows XP (KB953839)
    Mise à jour pour Windows XP (KB951072-v2)
    Mise à jour pour Windows XP (KB951978)
    mIWA
    mIWCA
    mLogView
    mMHouse
    Morgan Stream Switcher
    Mozilla Firefox (3.0.1)
    Mozilla Thunderbird (2.0.0.16)
    mPfMgr
    mPfWiz
    mProSafe
    mSSO
    MSXML 4.0 SP2 (KB936181)
    mToolkit
    mWlsSafe
    mXML
    mZConfig
    NeoDivx 2008
    Nero Suite
    Panneau de contrôle ATI
    PowerDVD
    QuickTime
    RealPlayer
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Security Update pour Microsoft .NET Framework 2.0 (KB928365)
    Skype™ 3.6
    SSH Secure Shell
    Suite Specific
    Symantec AntiVirus
    V10CC
    V10CNT
    V10COM
    V10DT
    V10NQ
    V10PFAM
    Vector NTI 10
    VideoLAN VLC media player 0.8.6b
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Live Messenger
    Windows Media Format Runtime
    Windows Media Player Firefox Plugin
    Windows XP Service Pack 3
    x264 Revision 305 x264.nl (remove only)
    Xvid 1.1.3 final uninstall

    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est CC6D-B4C7

    Répertoire de C:\Program Files

    07/09/2008 13:17 <REP> .
    07/09/2008 13:17 <REP> ..
    05/05/2008 12:20 <REP> Adobe
    17/08/2008 16:17 <REP> Apple Software Update
    28/12/2007 23:44 <REP> ATI Technologies
    28/12/2007 23:59 <REP> BlueTooth
    12/07/2008 08:12 <REP> Bonjour
    28/12/2007 23:41 <REP> Broadcom
    14/01/2008 22:56 <REP> Common Files
    28/12/2007 23:05 <REP> ComPlus Applications
    14/08/2008 12:57 <REP> CONEXANT
    09/05/2008 12:37 <REP> Fichiers communs
    09/05/2008 12:41 <REP> Informax Installations
    28/12/2007 23:49 <REP> Intel
    14/08/2008 11:25 <REP> Internet Explorer
    09/05/2008 12:43 <REP> Invitrogen
    17/08/2008 14:50 <REP> iPod
    25/07/2008 00:37 <REP> Java
    07/09/2008 11:12 <REP> Malwarebytes' Anti-Malware
    14/08/2008 11:11 <REP> Messenger
    03/01/2008 01:13 <REP> Microsoft CAPICOM 2.1.0.2
    28/12/2007 23:07 <REP> microsoft frontpage
    24/07/2008 20:41 <REP> Microsoft LifeCam
    10/07/2008 18:14 <REP> Microsoft Office
    05/01/2008 12:24 <REP> Microsoft Works
    25/07/2008 11:49 <REP> Movie Maker
    07/09/2008 13:17 <REP> MSA
    10/07/2008 18:14 <REP> MSECache
    25/07/2008 11:49 <REP> msn
    28/12/2007 23:04 <REP> MSN Gaming Zone
    29/12/2007 00:52 <REP> MSXML 4.0
    25/07/2008 11:45 <REP> NetMeeting
    25/07/2008 11:45 <REP> Outlook Express
    12/07/2008 08:12 <REP> QuickTime
    28/12/2007 23:20 <REP> Services en ligne
    28/12/2007 23:42 <REP> SigmaTel
    26/02/2008 18:44 <REP> Skype
    29/12/2007 03:25 <REP> Symantec
    08/09/2008 09:07 <REP> Symantec AntiVirus
    29/12/2007 02:37 <REP> Système
    28/12/2007 23:58 <REP> Toshiba
    27/03/2008 15:57 <REP> Utilitaire
    30/12/2007 11:56 <REP> utilitairel
    04/01/2008 21:12 <REP> Windows Live
    25/07/2008 11:50 <REP> Windows Media Player
    25/07/2008 11:45 <REP> Windows NT
    03/09/2008 07:54 <REP> WinRAR
    28/12/2007 23:07 <REP> xerox
    0 fichier(s) 0 octets
    48 Rép(s) 8 471 384 064 octets libres
    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est CC6D-B4C7

    Répertoire de C:\Program Files\fichiers communs

    09/05/2008 12:37 <REP> .
    09/05/2008 12:37 <REP> ..
    13/05/2008 13:19 <REP> Adobe
    05/05/2008 12:21 <REP> Adobe Systems Shared
    29/12/2007 03:39 <REP> Ahead
    29/12/2007 18:56 <REP> Apple
    29/12/2007 02:37 <REP> DESIGNER
    05/02/2008 23:08 <REP> Deterministic Networks
    09/05/2008 12:37 <REP> Informax
    28/12/2007 23:43 <REP> InstallShield
    02/01/2008 19:10 <REP> Java
    10/07/2008 18:14 <REP> Microsoft Shared
    14/01/2008 22:56 <REP> Motive
    28/12/2007 23:05 <REP> MSSoap
    28/12/2007 22:55 <REP> ODBC
    30/12/2007 11:57 <REP> Real
    28/12/2007 23:05 <REP> Services
    26/02/2008 18:44 <REP> Skype
    28/12/2007 22:55 <REP> SpeechEngines
    10/03/2008 09:04 <REP> Symantec Shared
    25/07/2008 11:45 <REP> System
    30/12/2007 11:57 <REP> xing shared
    0 fichier(s) 0 octets
    22 Rép(s) 8 471 379 968 octets libres
    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est CC6D-B4C7

    Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

    05/01/2008 12:25 <REP> .
    05/01/2008 12:25 <REP> ..
    29/12/2007 02:37 <REP> 1033
    05/01/2008 12:25 <REP> 1036
    20/09/2005 13:33 1 293 008 MSONSEXT.DLL
    22/03/2007 20:29 39 256 MSOSV.DLL
    03/06/1999 15:09 122 937 MSOWS409.DLL
    07/03/2001 10:00 127 033 MSOWS40c.DLL
    11/07/2003 03:25 80 448 PKMWS.DLL
    5 fichier(s) 1 662 682 octets
    4 Rép(s) 8 471 375 872 octets libres
    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est CC6D-B4C7

    Répertoire de C:\Program Files\common files

    14/01/2008 22:56 <REP> .
    14/01/2008 22:56 <REP> ..
    14/01/2008 22:59 <REP> Motive
    0 fichier(s) 0 octets
    3 Rép(s) 8 471 375 872 octets libres

    c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.7.1.11\SetupAdmin.exe
    c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\ALUNotify.exe
    c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\AUpdate.exe
    c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\Lsetup.exe
    c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\LuAll.exe
    c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\LuComServer_2_6.EXE
    c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\LUInit.exe
    c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\NDetect.exe
    c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\SHFOLDER.EXE
    c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\SymantecRootInstaller.exe
    c:\Documents and Settings\All Users\Menu Démarrer\Programmes\Bio Soft\BioEdit.exe
    c:\Documents and Settings\All Users\Menu Démarrer\Programmes\Bio Soft\clustalx.exe
    c:\Documents and Settings\All Users\Menu Démarrer\Programmes\Bio Soft\treev32.exe
    c:\Documents and Settings\All Users\Menu Démarrer\Programmes\Bio Soft\Zoe-v3d.exe
    c:\Documents and Settings\jojo\Application Data\Microsoft\Installer\{3E908702-AF35-4611-9518-955DA24B7E07}\icon.exe
    c:\Documents and Settings\jojo\Application Data\NeoDivX2008\Settings\DVDFabHDDecrypter4\DVDFabHDDecrypter.exe
    c:\Documents and Settings\jojo\Application Data\NeoDivX2008\Settings\DVDFabHDDecrypter4\unins000.exe
    c:\Documents and Settings\jojo\Application Data\U3\temp\cleanup.exe
    c:\Documents and Settings\jojo\Application Data\U3\temp\Launchpad Removal.exe
    c:\Documents and Settings\jojo\Bureau\DiagHelp\catchme.exe
    c:\Documents and Settings\jojo\Bureau\DiagHelp\diff.exe
    c:\Documents and Settings\jojo\Bureau\DiagHelp\dumphive.exe
    c:\Documents and Settings\jojo\Bureau\DiagHelp\FilesInfoCmd.exe
    c:\Documents and Settings\jojo\Bureau\DiagHelp\find2.exe
    c:\Documents and Settings\jojo\Bureau\DiagHelp\Fport.exe
    c:\Documents and Settings\jojo\Bureau\DiagHelp\grep.exe
    c:\Documents and Settings\jojo\Bureau\DiagHelp\gzip.exe
    c:\Documents and Settings\jojo\Bureau\DiagHelp\KProcCheck.exe
    c:\Documents and Settings\jojo\Bureau\DiagHelp\LFiles.exe
    c:\Documents and Settings\jojo\Bureau\DiagHelp\LISTDLLS.exe
    c:\Documents and Settings\jojo\Bureau\DiagHelp\md5sums.exe
    c:\Documents and Settings\jojo\Bureau\DiagHelp\pslist.exe
    c:\Documents and Settings\jojo\Bureau\DiagHelp\sigcheck.exe
    c:\Documents and Settings\jojo\Bureau\DiagHelp\streams.exe
    c:\Documents and Settings\jojo\Bureau\DiagHelp\swreg.exe
    c:\Documents and Settings\jojo\Bureau\DiagHelp\tar.exe
    c:\Documents and Settings\jojo\Local Settings\Temp\Setup+Patch.exe
    c:\Documents and Settings\jojo\Local Settings\Temporary Internet Files\Content.IE5\5HJYQAE2\WebSoftCodecDrivern[2].exe
    c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
    c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\capicom.dll
    c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\LuComServerPS_2_6.DLL
    c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\LUinsDll.dll
    c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\LUPreCon.dll
    c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\LUSESAIntegration.dll
    c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\NetDetectController_2_6.DLL
    c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\pegclient.dll
    c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\pegcommon.dll
    c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\ProductRegCom_2_6.DLL
    c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\ProductRegComPS_2_6.DLL
    c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\Psapi.Dll
    c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\S32Live1.dll
    c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\S32Luis1.dll
    c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\S32LUWI1.dll
    c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\unrar.dll
    c:\Documents and Settings\jojo\Application Data\NeoDivX2008\Settings\DVDFabHDDecrypter4\CrashRpt.dll
    c:\Documents and Settings\jojo\Application Data\NeoDivX2008\Settings\DVDFabHDDecrypter4\dbghelp.dll
    c:\Documents and Settings\jojo\Application Data\NeoDivX2008\Settings\DVDFabHDDecrypter4\zlib.dll

    ****** Fin du rapport DiagHelp
    Veuillez svp envoyer le fichier C:\upload_moi_JOGAU.tar.gz a l'adresse http://upload.malekal.com
    0
  11. jojo
     
    voici me rapport OTmoveit:

    C:\WINDOWS\System32\c74e7016-.txt moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\System32\dkkgpacy.dll
    C:\WINDOWS\System32\dkkgpacy.dll NOT unregistered.
    C:\WINDOWS\System32\dkkgpacy.dll moved successfully.
    C:\WINDOWS\System32\wykpnwxm.ini moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\System32\fxsqusna.dll
    C:\WINDOWS\System32\fxsqusna.dll NOT unregistered.
    C:\WINDOWS\System32\fxsqusna.dll moved successfully.
    C:\WINDOWS\System32\exylrwtf.ini moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\System32\xqjjffhc.dll
    C:\WINDOWS\System32\xqjjffhc.dll NOT unregistered.
    C:\WINDOWS\System32\xqjjffhc.dll moved successfully.
    C:\WINDOWS\System32\awtutqNh.dll.vir moved successfully.
    C:\WINDOWS\System32\ragqxvxj.ini moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\System32\flrqexwq.dll
    C:\WINDOWS\System32\flrqexwq.dll NOT unregistered.
    C:\WINDOWS\System32\flrqexwq.dll moved successfully.
    C:\WINDOWS\System32\grukpfmn.ini moved successfully.
    C:\WINDOWS\System32\tmp.txt moved successfully.
    C:\WINDOWS\System32\tmp.reg moved successfully.
    C:\WINDOWS\System32\bsnuhhsm.ini moved successfully.
    C:\WINDOWS\System32\adtjnnwv.ini moved successfully.
    C:\WINDOWS\System32\qlrjvlpd.ini moved successfully.
    C:\WINDOWS\System32\xygmubpe.ini moved successfully.
    C:\WINDOWS\System32\pclhqjej.ini moved successfully.
    C:\WINDOWS\System32\oykjgbsl.ini moved successfully.
    C:\WINDOWS\System32\hcppduti.ini moved successfully.
    C:\WINDOWS\System32\csnjxmus.ini moved successfully.
    C:\WINDOWS\System32\daflfecb.ini moved successfully.
    C:\WINDOWS\System32\hqhvouuq.ini moved successfully.
    c:\Documents and Settings\jojo\Bureau\DiagHelp moved successfully.
    c:\Documents and Settings\jojo\Local Settings\Temp\Setup+Patch.exe moved successfully.
    < c:\Documents and Settings\jojo\Local Settings\Temporary Internet Files\Content.IE5\5HJYQAE2\WebSoftCodecDrivern[2].exe >
    c:\Documents and Settings\jojo\Local Settings\Temporary Internet Files\Content.IE5\5HJYQAE2\WebSoftCodecDrivern[2].exe moved successfully.

    OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09082008_202042
    0
  12. jojo
     
    et voici le rapport de virus total:

    Fichier Monitored3.dat reçu le 2008.09.08 20:25:10 (CET)
    Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
    Résultat: 0/36 (0%)

    Fichier Monitored3.dat reçu le 2008.09.08 20:25:10 (CET)
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.9.6.0 2008.09.08 -
    AntiVir 7.8.1.28 2008.09.08 -
    Authentium 5.1.0.4 2008.09.08 -
    Avast 4.8.1195.0 2008.09.08 -
    AVG 8.0.0.161 2008.09.08 -
    BitDefender 7.2 2008.09.08 -
    CAT-QuickHeal 9.50 2008.09.06 -
    ClamAV 0.93.1 2008.09.08 -
    DrWeb 4.44.0.09170 2008.09.08 -
    eSafe 7.0.17.0 2008.09.07 -
    eTrust-Vet 31.6.6077 2008.09.08 -
    Ewido 4.0 2008.09.08 -
    F-Prot 4.4.4.56 2008.09.08 -
    F-Secure 8.0.14332.0 2008.09.08 -
    Fortinet 3.112.0.0 2008.09.08 -
    GData 19 2008.09.08 -
    Ikarus T3.1.1.34.0 2008.09.08 -
    K7AntiVirus 7.10.446 2008.09.08 -
    Kaspersky 7.0.0.125 2008.09.08 -
    McAfee 5379 2008.09.08 -
    Microsoft 1.3903 2008.09.08 -
    NOD32v2 3426 2008.09.08 -
    Norman 5.80.02 2008.09.08 -
    Panda 9.0.0.4 2008.09.08 -
    PCTools 4.4.2.0 2008.09.08 -
    Prevx1 V2 2008.09.08 -
    Rising 20.61.02.00 2008.09.08 -
    Sophos 4.33.0 2008.09.08 -
    Sunbelt 3.1.1616.1 2008.09.07 -
    Symantec 10 2008.09.08 -
    TheHacker 6.3.0.8.075 2008.09.06 -
    TrendMicro 8.700.0.1004 2008.09.08 -
    VBA32 3.12.8.5 2008.09.08 -
    ViRobot 2008.9.8.1367 2008.09.08 -
    VirusBuster 4.5.11.0 2008.09.08 -
    Webwasher-Gateway 6.6.2 2008.09.08 -
    Information additionnelle
    File size: 97 bytes
    MD5...: f6133dba2d04ad10618fbc833a5496bb
    SHA1..: 15d6d7f834e7cfb98688d12fe426f43108b62554
    SHA256: 86348d0bfa500e10bfe695363d147a9e42febc2da60eec6105134b479d6bb03d
    SHA512: 9dd11224a0dd27fc4ce584823da5fe1c8c779d4839ac4173df1594b982cd8ddc<br>f3f68147d92973afaca9c2122ad0befdc4a339357fe072ec0f5644f342030821
    PEiD..: -
    TrID..: File type identification<br>Generic INI configuration (100.0%)
    PEInfo: -
    0
  13. jojo
     
    merci boulepate62
    et tu serais pourquoi symantec n'avais pas détecté tous ces petits virus?

    bon sur à toi aussi
    0
  14. DJB5 Messages postés 671 Statut Membre 89
     
    Up pour toi
    -1
  15. Utilisateur anonyme
     
    Bonjour

    Exécute l'option 2 de Smitfraudfix ça sera déjà ça de fait.
    Ensuite, passe à la suite, car ton PC sera encore infecté.
    -1
  16. Utilisateur anonyme
     
    * Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked"
    - Ferme Internet Explorer avant de cliquer sur Fix checked
    - S'il manque des lignes ce n'est pas grave

    O2 - BHO: {910f579f-9fcb-9588-33c4-01e7142bb382} - {283bb241-7e10-4c33-8859-bcf9f975f019} - C:\WINDOWS\system32\fnhjeq.dll (file missing)
    O2 - BHO: QXK Olive - {9EED0EF0-103A-4C1B-A115-F39879368545} - C:\WINDOWS\vanwxemgdfk.dll (file missing)
    O2 - BHO: QXK Olive - {AF57398C-E09D-4229-B2D5-12E909DCC730} - C:\WINDOWS\vanwxemggfb.dll (file missing)
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Utilitaire\Babylon\Babylon.exe -AutoStart
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?

    * Télécharge VundoFix
    ---> http://ohfr-redir.com/1463

    Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..

    double clic dessus choisis "start for vundo"
    attends quelques minutes, quand le scan est terminé clic sur "remove vundo"
    un message te demandera si tu veux supprimes les fichiers sur "yes"
    Quand il a terminé, clic sur "yes" ton ordinateur devrait redemarrer sinon, fais le par toit même
    Une fois qu'il a redemarré colle le rapport C:\vundofix.txt et un nouveau rapport hijackthis stp

    ET

    Télécharge VirtumundoBegone sur le bureau:
    http://secured2k.home.comcast.net/~secured2k/tools/VirtumundoBeGone.exe

    Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
    Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
    Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu.
    -1
    1. jojo
       
      voici le rapport vundi fix:


      VundoFix V7.0.6

      Scan started at 20:28:43 07/09/2008

      Listing files found while scanning....

      C:\Windows\system32\ayuhgu.dll
      C:\Windows\system32\bxkxncqo.dll
      C:\Windows\system32\drjdjayc.dll
      C:\Windows\system32\dwtempwm.dll
      C:\Windows\system32\ecpyrbks.dll
      C:\Windows\system32\enkwkp.dll
      C:\Windows\system32\fxcxasng.dll
      C:\Windows\system32\hjlxtj.dll
      C:\Windows\system32\kgvaumoh.dll
      C:\Windows\system32\lbvktwyn.dll
      C:\Windows\system32\owvqaobj.dll
      C:\Windows\system32\pfnvglnv.dll
      C:\Windows\system32\utigruek.dll
      C:\Windows\system32\vhwyrf.dll
      C:\Windows\system32\xnjuciiv.dll

      Beginning removal...

      Attempting to delete C:\Windows\system32\ayuhgu.dll
      C:\Windows\system32\ayuhgu.dll Has been deleted!

      Attempting to delete C:\Windows\system32\bxkxncqo.dll
      C:\Windows\system32\bxkxncqo.dll Has been deleted!

      Attempting to delete C:\Windows\system32\drjdjayc.dll
      C:\Windows\system32\drjdjayc.dll Has been deleted!

      Attempting to delete C:\Windows\system32\dwtempwm.dll
      C:\Windows\system32\dwtempwm.dll Has been deleted!

      Attempting to delete C:\Windows\system32\ecpyrbks.dll
      C:\Windows\system32\ecpyrbks.dll Has been deleted!

      Attempting to delete C:\Windows\system32\enkwkp.dll
      C:\Windows\system32\enkwkp.dll Has been deleted!

      Attempting to delete C:\Windows\system32\fxcxasng.dll
      C:\Windows\system32\fxcxasng.dll Has been deleted!

      Attempting to delete C:\Windows\system32\hjlxtj.dll
      C:\Windows\system32\hjlxtj.dll Has been deleted!

      Attempting to delete C:\Windows\system32\kgvaumoh.dll
      C:\Windows\system32\kgvaumoh.dll Has been deleted!

      Attempting to delete C:\Windows\system32\lbvktwyn.dll
      C:\Windows\system32\lbvktwyn.dll Has been deleted!

      Attempting to delete C:\Windows\system32\owvqaobj.dll
      C:\Windows\system32\owvqaobj.dll Has been deleted!

      Attempting to delete C:\Windows\system32\pfnvglnv.dll
      C:\Windows\system32\pfnvglnv.dll Has been deleted!

      Attempting to delete C:\Windows\system32\utigruek.dll
      C:\Windows\system32\utigruek.dll Has been deleted!

      Attempting to delete C:\Windows\system32\vhwyrf.dll
      C:\Windows\system32\vhwyrf.dll Has been deleted!

      Attempting to delete C:\Windows\system32\xnjuciiv.dll
      C:\Windows\system32\xnjuciiv.dll Has been deleted!

      Performing Repairs to the registry.
      Done!
      0
  17. Utilisateur anonyme
     
    Tu es encore infecté malgré tout, peut-être plus de signes d'infections, mais ce n'est pas propre.
    Tu peux jeter Vundofix et VirtumundoBeGone .

    Télécharge DiagHelp.zip sur ton bureau
    http://www.malekal.com/download/DiagHelp.zip

    - Fais un clic droit sur le dossier -> Ouvrir avec -> Dossiers compréssés -> Suivant -> Suivant
    - Un nouveau dossier va être créé DiagHelp
    - Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
    - Une fenêtre va s'ouvrir, choisis l'option 1
    - L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande
    - Dès l'analyse terminée ,copie et colle ici le contenu du bloc-notes.

    -1
  18. Utilisateur anonyme
     
    Télécharge OTMoveIt sur ton bureau
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

    Double clic sur OTMoveIt.exe
    Sélectionne et copie les lignes ci-dessous

    C:\WINDOWS\System32\c74e7016-.txt
    C:\WINDOWS\System32\dkkgpacy.dll
    C:\WINDOWS\System32\wykpnwxm.ini
    C:\WINDOWS\System32\fxsqusna.dll
    C:\WINDOWS\System32\exylrwtf.ini
    C:\WINDOWS\System32\xqjjffhc.dll
    C:\WINDOWS\System32\awtutqNh.dll.vir
    C:\WINDOWS\System32\ragqxvxj.ini
    C:\WINDOWS\System32\flrqexwq.dll
    C:\WINDOWS\System32\grukpfmn.ini
    C:\WINDOWS\System32\tmp.txt
    C:\WINDOWS\System32\tmp.reg
    C:\WINDOWS\System32\bsnuhhsm.ini
    C:\WINDOWS\System32\adtjnnwv.ini
    C:\WINDOWS\System32\qlrjvlpd.ini
    C:\WINDOWS\System32\xygmubpe.ini
    C:\WINDOWS\System32\pclhqjej.ini
    C:\WINDOWS\System32\oykjgbsl.ini
    C:\WINDOWS\System32\hcppduti.ini
    C:\WINDOWS\System32\csnjxmus.ini
    C:\WINDOWS\System32\daflfecb.ini
    C:\WINDOWS\System32\hqhvouuq.ini
    c:\Documents and Settings\jojo\Bureau\DiagHelp\
    c:\Documents and Settings\jojo\Local Settings\Temp\Setup+Patch.exe
    c:\Documents and Settings\jojo\Local Settings\Temporary Internet Files\Content.IE5\5HJYQAE2\WebSoftCodecDrivern[2].exe

    Retourne dans OTMoveit, fais un clic droit dans la fenêtre "Paste Standard List of Files/Folders to move" et choisis "coller".
    Clic sur le boutton rouge Moveit et clic sur Exit
    Si un fichier ou un dossier ne peut être déplacer immédiatement il te sera demander de redémarrer ta machine pour finir l'exécution, si c'est le cas, clic sur "Yes"
    Copie et colle le rapport qu'il va te générer ici stp. Le rapport d'OTMoveit se trouve dans ce dossier : C:\_OTMoveIt\MovedFiles

    Vas dans ajouter/supprimer des programmes et désinstalle :

    - Java(TM) 6 Update 3 (obsolète)
    - Java(TM) 6 Update 5 (obsolète)

    Rends toi ici https://www.virustotal.com/gui/
    Dans l'espace vide à côté du bouton choisir copie et colle la ligne ci-dessous
    C:\WINDOWS\System32\Monitored3.dat
    Clic sur Envoyer et patiente pendant l'analyse
    Dès qu'il a terminé colle le rapport ici (probable bestiole)
    -1
  19. Utilisateur anonyme
     
    C'est Ok. Tu epux tout jeter ce que j'ai tait fait installé, hormis Malwarebytes anti-malware, garde-le ça mange pas d'pain.

    Clic sur démarrer, poste de travail, Disque local C:, cherche et supprime ce dossier : OTMoveIt
    S'il résiste supprime-le en mode sans échec.

    Pense à mettre à jour Windows et de temps en temps faire un scan antivirus

    Bon surf ! A++
    -1