Probleme DLL
adel216
Messages postés
20
Statut
Membre
-
Destrio5 Messages postés 99820 Statut Modérateur -
Destrio5 Messages postés 99820 Statut Modérateur -
Bonjour ,je suis nouveau sur ce site et debutant dans l'informatique je besoin d'aide
j'ai un probleme suivant :l'application ou la DLL C:/windows/systeme32/mukejowe.dll n'est pas une image windos valide.verifier à l'aide de votre disquette d'instalation.
ce message s'afiche de le demarage et il faut cliquer chaque fois sur OK pour ouvrir (pliens des fois)et à chaque opperation.merci d'avance de m'aider à resoudre ce problème.
j'ai un probleme suivant :l'application ou la DLL C:/windows/systeme32/mukejowe.dll n'est pas une image windos valide.verifier à l'aide de votre disquette d'instalation.
ce message s'afiche de le demarage et il faut cliquer chaque fois sur OK pour ouvrir (pliens des fois)et à chaque opperation.merci d'avance de m'aider à resoudre ce problème.
7 réponses
Salut,
Télécharger VundoFix.exe (par Atribune) sur votre Bureau.
Double-cliquer sur VundoFix.exe afin de le lancer.
Clique sur le bouton Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Une invite te demandera si tu veux supprimer les fichiers, clique sur YES
Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"). Clique sur OK
Démarre ton PC à nouveau.
Copie/colle le contenu du rapport situé dans C:\vundofix.txt.
(Merci Regis59)
Télécharges hijackthis et installes le sur ton PC.
À la fin de l'installation, choisis "Do a system scan and save log file"
Puis un rapport va s'ouvrir, tu copies tous son contenu, et tu le colles avec le rapport Vundofix.
@ +
Télécharger VundoFix.exe (par Atribune) sur votre Bureau.
Double-cliquer sur VundoFix.exe afin de le lancer.
Clique sur le bouton Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Une invite te demandera si tu veux supprimer les fichiers, clique sur YES
Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"). Clique sur OK
Démarre ton PC à nouveau.
Copie/colle le contenu du rapport situé dans C:\vundofix.txt.
(Merci Regis59)
Télécharges hijackthis et installes le sur ton PC.
À la fin de l'installation, choisis "Do a system scan and save log file"
Puis un rapport va s'ouvrir, tu copies tous son contenu, et tu le colles avec le rapport Vundofix.
@ +
bonjour, fahd et excusemoi pour le retard .voila le raport vudofix
VundoFix V7.0.6
Scan started at 16:44:26 07/12/2008
Listing files found while scanning....
VundoFix V7.0.6
Scan started at 17:50:19 07/12/2008
Listing files found while scanning....
No infected files were found.
VundoFix V7.0.6
Scan started at 18:12:22 07/12/2008
Listing files found while scanning....
No infected files were found.
Beginning removal...
VundoFix V7.0.6
Scan started at 08:22:41 09/12/2008
Listing files found while scanning....
merci pour ton aide.
VundoFix V7.0.6
Scan started at 16:44:26 07/12/2008
Listing files found while scanning....
VundoFix V7.0.6
Scan started at 17:50:19 07/12/2008
Listing files found while scanning....
No infected files were found.
VundoFix V7.0.6
Scan started at 18:12:22 07/12/2008
Listing files found while scanning....
No infected files were found.
Beginning removal...
VundoFix V7.0.6
Scan started at 08:22:41 09/12/2008
Listing files found while scanning....
merci pour ton aide.
Télécharge Malwarebytes' Anti-Malware et installes-le.
Tu suis le tuto suivant : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/ pour faire un scan de ton système.
À la fin du scan un rapport va s'ouvrir, tu le postes sur ta prochaine réponse.
Tu suis le tuto suivant : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/ pour faire un scan de ton système.
À la fin du scan un rapport va s'ouvrir, tu le postes sur ta prochaine réponse.
Bonjour
il ya bien une infection Vundo mais malheureusement vundofix a été abandonné .
La solution est de passer par MBAM ou combofix
il ya bien une infection Vundo mais malheureusement vundofix a été abandonné .
La solution est de passer par MBAM ou combofix
Non, tu n'as pas fait d'erreur particulièrement.
Tu dois etre au courant du tuto de desinfection mais en fait il n'est plus à jour puisque depuis quelques mois déjà ce fix n'est plus mis à jour.
Comme les infections evoluent tres vite , il n'est plus efficace( ce qui est bien dommage) donc il faut passer par d'autres outils.
Et si tu ne le savais pas, maintenant tu le sais donc tu ne le feras plus utiliser ;-)
Tu dois etre au courant du tuto de desinfection mais en fait il n'est plus à jour puisque depuis quelques mois déjà ce fix n'est plus mis à jour.
Comme les infections evoluent tres vite , il n'est plus efficace( ce qui est bien dommage) donc il faut passer par d'autres outils.
Et si tu ne le savais pas, maintenant tu le sais donc tu ne le feras plus utiliser ;-)
Tu relances Malware Byte's et tu refais le scan.
À la fin du scan, tu cliques sur Remove Selected, et tu laisses le nettoyage faire son boulot.
Tu me postes le rapport de suppression.
@ +
À la fin du scan, tu cliques sur Remove Selected, et tu laisses le nettoyage faire son boulot.
Tu me postes le rapport de suppression.
@ +
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1482
Windows 5.1.2600 Service Pack 3
10/12/2008 09:24:10
mbam-log-2008-12-10 (09-24-10).txt
Type de recherche: Examen rapide
Eléments examinés: 52021
Temps écoulé: 5 minute(s), 3 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 7
Clé(s) du Registre infectée(s): 19
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 5
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 22
Processus mémoire infecté(s):
C:\Documents and Settings\ADEL\Application Data\Google\mupd1_2_12916358.exe (Rogue.PersonalDefender2009) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\opnlKcYo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wxcopagt.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wadavuro.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\lujorosu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\zomuhiwu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fftwch.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\ADEL\Application Data\Google\updupd.dll (Trojan.FakeAlert) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b4ea33ff-63aa-44c9-ab95-70cd2dcc4af6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b4ea33ff-63aa-44c9-ab95-70cd2dcc4af6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cfc8d4ae-99d6-4299-8b33-e6fe6223dcd8} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{cfc8d4ae-99d6-4299-8b33-e6fe6223dcd8} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{921754a0-6c42-48ab-933b-de469eede66a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{921754a0-6c42-48ab-933b-de469eede66a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{921754a0-6c42-48ab-933b-de469eede66a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b4ea33ff-63aa-44c9-ab95-70cd2dcc4af6} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cfc8d4ae-99d6-4299-8b33-e6fe6223dcd8} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ccc14f68 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bibeyilifu (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\asus32 (Rogue.PersonalDefender2009) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\opnlkcyo -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\wadavuro.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\wadavuro.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\wadavuro.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnlkcyo -> Delete on reboot.
Dossier(s) infecté(s):
C:\Program Files\Personal Defender 2009 (Rogue.PersonalDefender2009) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\fftwch.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\opnlKcYo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\oYcKlnpo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oYcKlnpo.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vqrusjqd.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dqjsurqv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wxcopagt.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\tgapocxw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lujorosu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\zomuhiwu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wadavuro.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\bulimane.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nfsujmtk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tasurizo.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vahewale.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wokoguri.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ybbraqtg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hsswyf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADEL\Application Data\Google\mupd1_2_12916358.exe (Rogue.PersonalDefender2009) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADEL\Application Data\Google\updupd.dll (Trojan.FakeAlert) -> Delete on reboot.
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1482
Windows 5.1.2600 Service Pack 3
10/12/2008 14:09:11
mbam-log-2008-12-10 (14-09-11).txt
Type de recherche: Examen rapide
Eléments examinés: 53374
Temps écoulé: 4 minute(s), 23 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Version de la base de données: 1482
Windows 5.1.2600 Service Pack 3
10/12/2008 09:24:10
mbam-log-2008-12-10 (09-24-10).txt
Type de recherche: Examen rapide
Eléments examinés: 52021
Temps écoulé: 5 minute(s), 3 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 7
Clé(s) du Registre infectée(s): 19
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 5
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 22
Processus mémoire infecté(s):
C:\Documents and Settings\ADEL\Application Data\Google\mupd1_2_12916358.exe (Rogue.PersonalDefender2009) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\opnlKcYo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wxcopagt.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wadavuro.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\lujorosu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\zomuhiwu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fftwch.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\ADEL\Application Data\Google\updupd.dll (Trojan.FakeAlert) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b4ea33ff-63aa-44c9-ab95-70cd2dcc4af6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b4ea33ff-63aa-44c9-ab95-70cd2dcc4af6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cfc8d4ae-99d6-4299-8b33-e6fe6223dcd8} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{cfc8d4ae-99d6-4299-8b33-e6fe6223dcd8} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{921754a0-6c42-48ab-933b-de469eede66a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{921754a0-6c42-48ab-933b-de469eede66a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{921754a0-6c42-48ab-933b-de469eede66a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b4ea33ff-63aa-44c9-ab95-70cd2dcc4af6} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cfc8d4ae-99d6-4299-8b33-e6fe6223dcd8} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ccc14f68 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bibeyilifu (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\asus32 (Rogue.PersonalDefender2009) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\opnlkcyo -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\wadavuro.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\wadavuro.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\wadavuro.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnlkcyo -> Delete on reboot.
Dossier(s) infecté(s):
C:\Program Files\Personal Defender 2009 (Rogue.PersonalDefender2009) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\fftwch.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\opnlKcYo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\oYcKlnpo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oYcKlnpo.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vqrusjqd.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dqjsurqv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wxcopagt.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\tgapocxw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lujorosu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\zomuhiwu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wadavuro.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\bulimane.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nfsujmtk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tasurizo.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vahewale.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wokoguri.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ybbraqtg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hsswyf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADEL\Application Data\Google\mupd1_2_12916358.exe (Rogue.PersonalDefender2009) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADEL\Application Data\Google\updupd.dll (Trojan.FakeAlert) -> Delete on reboot.
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1482
Windows 5.1.2600 Service Pack 3
10/12/2008 14:09:11
mbam-log-2008-12-10 (14-09-11).txt
Type de recherche: Examen rapide
Eléments examinés: 53374
Temps écoulé: 4 minute(s), 23 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:23:08, on 10/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HiYo\bin\HiYo.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Softex\OmniPass\scureapp.exe
C:\Program Files\MIC\HAWAII\Hawaii.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\PIXELA\ImageMixer 3 for TOSHIBA\GCameraMoniter.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DACSMiniApp] C:\Program Files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [HiYo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [OmniPass] C:\Apps\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [MM_MODULE] C:\Program Files\MIC\HAWAII\Hawaii.exe
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NECHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [bibeyilifu] Rundll32.exe "C:\WINDOWS\system32\lujorosu.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Camera Monitor.lnk = C:\Program Files\PIXELA\ImageMixer 3 for TOSHIBA\GCameraMoniter.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\mukejowe.dll, fftwch.dll
O20 - Winlogon Notify: vtUnkjJd - C:\WINDOWS\
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
Scan saved at 18:23:08, on 10/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HiYo\bin\HiYo.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Softex\OmniPass\scureapp.exe
C:\Program Files\MIC\HAWAII\Hawaii.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\PIXELA\ImageMixer 3 for TOSHIBA\GCameraMoniter.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DACSMiniApp] C:\Program Files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [HiYo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [OmniPass] C:\Apps\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [MM_MODULE] C:\Program Files\MIC\HAWAII\Hawaii.exe
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NECHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [bibeyilifu] Rundll32.exe "C:\WINDOWS\system32\lujorosu.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Camera Monitor.lnk = C:\Program Files\PIXELA\ImageMixer 3 for TOSHIBA\GCameraMoniter.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\mukejowe.dll, fftwch.dll
O20 - Winlogon Notify: vtUnkjJd - C:\WINDOWS\
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
Salut,
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Je te conseille vivement d'installer la Console de récupération.
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix\Combofix.txt
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Je te conseille vivement d'installer la Console de récupération.
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix\Combofix.txt
bonjour.
ComboFix 08-12-09.03 - ADEL 2008-12-11 8:56:15.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.626 [GMT 1:00]
Lancé depuis: c:\documents and settings\ADEL\Mes documents\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Windows Live\Messenger\msimg32.dll
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\dovamewo.dll
c:\windows\system32\fofitifa.dll
c:\windows\system32\gayubowu.dll
c:\windows\system32\hasepivi.dll
c:\windows\system32\hpowiax2.dll
c:\windows\system32\muiheplk.ini
c:\windows\system32\mukejowe.dll
c:\windows\system32\mxgolken.ini
c:\windows\system32\namogizu.dll
c:\windows\system32\nihijite.dll
c:\windows\system32\pxoycubq.dll
c:\windows\system32\rmponxtl.ini
c:\windows\system32\sosafuji.dll
c:\windows\system32\vdjbdpeq.ini
c:\windows\system32\vefiniwi.dll
c:\windows\system32\zorotahi.dll
c:\windows\Tasks\dujvszca.job
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-11 au 2008-12-11 ))))))))))))))))))))))))))))))))))))
.
2008-12-10 18:50 . 2008-10-03 11:03 247,326 --------- c:\windows\system32\dllcache\strmdll.dll
2008-12-10 14:23 . 2008-12-10 14:24 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-10 14:23 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-10 14:23 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-10 09:14 . 2008-12-10 09:14 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-10 09:14 . 2008-12-10 09:14 <REP> d-------- c:\documents and settings\ADEL\Application Data\Malwarebytes
2008-12-07 18:23 . 2008-12-07 18:23 <REP> d-------- c:\program files\Trend Micro
2008-12-07 16:44 . 2008-12-07 16:44 <REP> d-------- C:\VundoFix Backups
2008-12-07 08:47 . 2008-12-07 08:47 <REP> d-------- c:\documents and settings\All Users\Application Data\Downloaded Installations
2008-12-06 15:31 . 2008-12-06 15:31 <REP> d-------- c:\documents and settings\ADEL\Application Data\Uniblue
2008-12-06 15:30 . 2008-12-07 11:24 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\~0
2008-12-05 07:41 . 2008-12-05 07:41 106,496 --a------ c:\windows\system32\mrzbsa.VIR
2008-12-04 17:32 . 2008-12-04 17:32 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-04 17:32 . 2008-12-04 17:32 1,409 --a------ c:\windows\QTFont.for
2008-12-04 17:29 . 2008-12-04 17:29 <REP> d-------- c:\documents and settings\ADEL\Application Data\vlc
2008-12-04 17:28 . 2008-12-10 07:51 <REP> d-------- c:\program files\Neuf
2008-12-02 22:23 . 2008-12-02 22:23 <REP> d-------- c:\program files\WinAVI MP4 Converter
2008-12-02 22:11 . 2008-12-02 22:11 <REP> d-------- c:\program files\WinAVI Video Converter
2008-12-02 19:12 . 2008-12-02 23:07 30 --a------ c:\windows\Iedit.INI
2008-11-30 18:53 . 2008-11-30 18:53 <REP> d-------- c:\documents and settings\ADEL\Application Data\Fisher-Price
2008-11-30 18:52 . 2008-11-30 18:52 <REP> d-------- c:\program files\Fisher-Price
2008-11-30 18:52 . 2008-11-30 18:52 <REP> d-------- c:\documents and settings\All Users\Application Data\Fisher-Price
2008-11-30 15:13 . 2008-11-30 15:13 <REP> d-------- c:\documents and settings\All Users\Application Data\TomTom
2008-11-30 15:08 . 2008-11-30 15:08 34 --a------ c:\windows\C_it.ini
2008-11-30 10:46 . 2008-12-04 18:09 69 --a------ c:\windows\NeroDigital.ini
2008-11-30 10:43 . 2008-11-30 10:43 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-30 10:42 . 2008-11-30 10:42 <REP> d-------- c:\documents and settings\All Users\Application Data\PIXELA
2008-11-30 10:31 . 2008-11-30 10:31 <REP> d-------- c:\program files\PIXELA
2008-11-29 15:34 . 2008-11-29 15:34 <REP> d-------- c:\documents and settings\ADEL\.cornice
2008-11-29 11:52 . 2008-11-29 11:52 268 --ah----- C:\sqmdata14.sqm
2008-11-29 11:52 . 2008-11-29 11:52 244 --ah----- C:\sqmnoopt14.sqm
2008-11-28 22:45 . 2008-12-02 18:50 <REP> d-------- c:\documents and settings\ADEL\Application Data\U3
2008-11-28 16:04 . 2008-11-28 16:04 268 --ah----- C:\sqmdata13.sqm
2008-11-28 16:04 . 2008-11-28 16:04 244 --ah----- C:\sqmnoopt13.sqm
2008-11-28 08:41 . 2008-11-28 08:41 105 --a------ c:\windows\cdplayer.ini
2008-11-28 07:02 . 2008-11-28 07:02 268 --ah----- C:\sqmdata12.sqm
2008-11-28 07:02 . 2008-11-28 07:02 244 --ah----- C:\sqmnoopt12.sqm
2008-11-27 21:58 . 2008-11-27 21:58 244 --ah----- C:\sqmnoopt11.sqm
2008-11-27 21:58 . 2008-11-27 21:58 232 --ah----- C:\sqmdata11.sqm
2008-11-27 19:54 . 2008-11-27 19:54 268 --ah----- C:\sqmdata10.sqm
2008-11-27 19:54 . 2008-11-27 19:54 244 --ah----- C:\sqmnoopt10.sqm
2008-11-27 17:42 . 2008-11-27 17:42 268 --ah----- C:\sqmdata09.sqm
2008-11-27 17:42 . 2008-11-27 17:42 244 --ah----- C:\sqmnoopt09.sqm
2008-11-24 21:44 . 2008-11-24 21:44 268 --ah----- C:\sqmdata08.sqm
2008-11-24 21:44 . 2008-11-24 21:44 244 --ah----- C:\sqmnoopt08.sqm
2008-11-24 19:29 . 2008-11-24 19:29 268 --ah----- C:\sqmdata07.sqm
2008-11-24 19:29 . 2008-11-24 19:29 244 --ah----- C:\sqmnoopt07.sqm
2008-11-24 19:23 . 2008-11-24 19:23 268 --ah----- C:\sqmdata06.sqm
2008-11-24 19:23 . 2008-11-24 19:23 244 --ah----- C:\sqmnoopt06.sqm
2008-11-24 10:42 . 2008-11-24 10:42 244 --ah----- C:\sqmnoopt05.sqm
2008-11-24 10:42 . 2008-11-24 10:42 232 --ah----- C:\sqmdata05.sqm
2008-11-24 09:51 . 2008-11-24 09:51 268 --ah----- C:\sqmdata04.sqm
2008-11-24 09:51 . 2008-11-24 09:51 244 --ah----- C:\sqmnoopt04.sqm
2008-11-24 09:36 . 2008-11-24 09:36 <REP> d-------- c:\program files\Winamp Toolbar
2008-11-24 09:36 . 2008-11-24 09:36 <REP> d-------- c:\documents and settings\All Users\Application Data\Winamp Toolbar
2008-11-24 09:36 . 2008-11-24 09:36 <REP> d-------- c:\documents and settings\All Users\Application Data\OrbNetworks
2008-11-24 09:35 . 2008-11-24 09:36 <REP> d-------- c:\program files\Winamp Remote
2008-11-24 09:34 . 2008-11-24 09:36 <REP> d-------- c:\program files\Winamp
2008-11-24 09:34 . 2008-11-24 09:37 <REP> d-------- c:\documents and settings\ADEL\Application Data\Winamp
2008-11-24 09:34 . 2007-03-08 00:51 129,784 --------- c:\windows\system32\pxafs.dll
2008-11-24 09:34 . 2007-03-08 00:51 9,464 --------- c:\windows\system32\drivers\cdralw2k.sys
2008-11-24 09:34 . 2007-03-08 00:51 9,336 --------- c:\windows\system32\drivers\cdr4_xp.sys
2008-11-24 08:58 . 2008-11-24 08:58 268 --ah----- C:\sqmdata02.sqm
2008-11-24 08:58 . 2008-11-24 08:58 244 --ah----- C:\sqmnoopt02.sqm
2008-11-24 08:58 . 2008-11-24 08:58 172 --ah----- C:\sqmnoopt03.sqm
2008-11-24 08:58 . 2008-11-24 08:58 148 --ah----- C:\sqmdata03.sqm
2008-11-17 21:21 . 2008-11-17 21:21 <REP> d-------- c:\program files\HiYo
2008-11-17 21:21 . 2008-11-17 21:21 <REP> d-------- c:\documents and settings\All Users\Application Data\HiYo
2008-11-17 21:21 . 2008-11-17 21:21 <REP> d-------- c:\documents and settings\ADEL\Application Data\HiYo
2008-11-15 12:54 . 2008-11-15 12:54 <REP> d-------- c:\program files\Fichiers communs\Adobe
2008-11-13 15:42 . 2008-11-13 15:42 <REP> d-------- c:\program files\Anuman Interactive
2008-11-12 08:34 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 08:33 . 2008-09-04 18:16 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 08:19 . 2008-12-02 15:24 <REP> d-------- c:\documents and settings\ADEL\Application Data\Image Zone Express
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 14:30 --------- d-----w c:\program files\eMule
2008-12-04 16:32 --------- d-----w c:\documents and settings\ADEL\Application Data\Ulead Systems
2008-11-30 09:43 --------- d-----w c:\program files\Java
2008-11-30 09:31 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-07 20:47 --------- d-----w c:\documents and settings\ADEL\Application Data\HP
2008-11-07 19:06 --------- d-----w c:\program files\HP
2008-11-07 19:06 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2008-11-07 19:05 --------- d-----w c:\program files\Fichiers communs\HP
2008-11-07 18:34 --------- d-----w c:\program files\Hewlett-Packard
2008-11-07 18:34 --------- d-----w c:\program files\Fichiers communs\Hewlett-Packard
2008-11-06 06:51 --------- d-----w c:\documents and settings\ADEL\Application Data\TomTom
2008-11-06 06:50 --------- d-----w c:\program files\TomTom HOME 2
2008-11-05 21:26 --------- d-----w c:\program files\Ubisoft
2008-11-05 15:31 --------- d-----w c:\program files\Sun
2008-11-03 13:15 --------- d-----w c:\program files\Windows Media Connect 2
2008-11-01 19:45 --------- d-----w c:\documents and settings\ADEL\Application Data\CyberLink
2008-10-31 12:31 --------- d-----w c:\documents and settings\ADEL\Application Data\Grisoft
2008-10-31 12:31 --------- d-----w c:\documents and settings\ADEL\Application Data\AdobeUM
2008-10-31 06:34 --------- d-----w c:\documents and settings\ADEL\Application Data\Sonic
2008-10-31 06:34 --------- d-----w c:\documents and settings\ADEL\Application Data\Leadertech
2008-10-30 23:33 --------- d-----w c:\documents and settings\ADEL\Application Data\Skype
2008-10-30 19:36 --------- d-----w c:\documents and settings\ADEL\Application Data\skypePM
2008-10-30 19:33 --------- d-----w c:\program files\Google
2008-10-30 19:33 --------- d-----w c:\program files\Fichiers communs\Skype
2008-10-30 19:33 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-10-28 08:59 --------- d-----w c:\documents and settings\ADEL\Application Data\VadeRetro
2008-10-25 23:49 --------- d-----w c:\program files\ShowTime
2008-10-25 23:48 --------- d-----w c:\program files\Services en ligne
2008-10-25 23:48 --------- d-----w c:\program files\Realtek AC97
2008-10-25 23:48 --------- d-----w c:\program files\QuickTime
2008-10-25 23:47 --------- d-----w c:\program files\Fingerprint Sensor
2008-10-25 23:47 --------- d-----w c:\program files\Fichiers communs\SureThing Shared
2008-10-25 23:47 --------- d-----w c:\program files\Fichiers communs\Sonic Shared
2008-10-25 18:00 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-10-25 17:54 --------- d-----w c:\program files\MSN Messenger
2008-10-25 17:25 --------- d-----w c:\program files\Microsoft.NET
2008-10-25 17:07 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2008-10-25 16:53 --------- d-----w c:\documents and settings\All Users\Application Data\QuickTime
2008-10-25 16:49 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-10-25 16:33 --------- d-----w c:\documents and settings\ADEL\Application Data\OD2
2008-10-25 16:27 --------- d-----w c:\program files\Messenger Plus! Live
2008-10-25 16:22 --------- d-----w c:\program files\Fichiers communs\AOL
2008-10-25 16:22 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-10-25 16:21 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-25 16:19 --------- dcsh--w c:\program files\Fichiers communs\WindowsLiveInstaller
2008-10-25 16:18 --------- d-----w c:\program files\AuthenTec
2008-10-25 16:15 --------- d-----w c:\program files\Windows Live
2008-10-25 16:06 --------- d-----w c:\program files\CCleaner
2008-10-25 16:05 --------- d-----w c:\program files\MSXML 4.0
2008-10-25 15:51 --------- d-----w c:\documents and settings\All Users\Application Data\Grisoft
2008-10-25 15:40 --------- d-----w c:\program files\Avira
2008-10-25 15:40 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2008-09-29 1279216]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-13 68856]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-11-27 234856]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"DACSMiniApp"="c:\program files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe" [2008-03-13 128256]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"HiYo"="c:\program files\HiYo\bin\HiYo.exe" [2008-10-23 300336]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-01-03 180269]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-01-03 98304]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118]
"Ulead AutoDetector v2"="c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"OmniPass"="c:\apps\Softex\OmniPass\scureapp.exe" [2005-08-12 1859584]
"MM_MODULE"="c:\program files\MIC\HAWAII\Hawaii.exe" [2005-07-12 90112]
"Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 310272]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-30 136600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-08-02 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 c:\windows\soundman.exe]
"NECHotkey"="mHotkey.exe" [2005-10-12 c:\windows\mHotkey.exe]
"nwiz"="nwiz.exe" [2005-08-02 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Camera Monitor.lnk - c:\program files\PIXELA\ImageMixer 3 for TOSHIBA\GCameraMoniter.exe [2008-11-30 253952]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2005-08-12 17:01 49152 c:\apps\Softex\OmniPass\OPXPGina.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm "= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm
"vidc.uldx"= c:\progra~1\ULEADS~1\ULEADV~1.0SE\DivX_UL.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\APPS\\Inventime\\my.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\APPS\\skype\\Phone\\Skype.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\guard.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiapsrv.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10101:TCP"= 10101:TCP:emuletcp
"20202:UDP"= 20202:UDP:emuleudp
R3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2006-01-03 799744]
R3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\DRIVERS\MosIrUsb.sys [1980-01-01 20736]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02b20bc5-bd5e-11dd-8fce-0013d3deb0f6}]
\Shell\AutoRun\command - H:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61d2e0f0-b4c5-11dd-8fb9-0013d3deb0f6}]
\Shell\AutoRun\command - F:\EmDesk.exe
\Shell\EmDesk\command - F:\EmDesk.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe71bb14-b49a-11dd-8fb7-0013d3deb0f6}]
\Shell\AutoRun\command - G:\EmDesk.exe
\Shell\EmDesk\command - G:\EmDesk.exe
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
HKCU-Run-Neuf Media Center - c:\program files\SFR\Media Center\MediaCenter.exe
Notify-vtUnkjJd - (no file)
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
c:\windows\Downloaded Program Files\INFOSFINDER2.OCX - O16 -: {E862C832-3A5F-4CEB-BFAA-167B22010A71}
hxxp://support.packardbell.com/files/activex/InfosFinder2.CAB
c:\windows\Downloaded Program Files\InfosFinder2.INF
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-11 08:59:32
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(576)
c:\apps\Softex\OmniPass\opxpgina.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\apps\HIDSERVICE\HidService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\apps\Softex\OmniPass\OmniServ.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
c:\apps\Softex\OmniPass\OPXPApp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Fingerprint Sensor\ATSwpNav.exe
c:\windows\system32\rundll32.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Heure de fin: 2008-12-11 9:01:37 - La machine a redémarré [ADEL]
ComboFix-quarantined-files.txt 2008-12-11 08:01:34
Avant-CF: 112,423,325,696 octets libres
Après-CF: 112,342,331,392 octets libres
322 --- E O F --- 2008-12-10 22:32:04
ComboFix 08-12-09.03 - ADEL 2008-12-11 8:56:15.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.626 [GMT 1:00]
Lancé depuis: c:\documents and settings\ADEL\Mes documents\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Windows Live\Messenger\msimg32.dll
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\dovamewo.dll
c:\windows\system32\fofitifa.dll
c:\windows\system32\gayubowu.dll
c:\windows\system32\hasepivi.dll
c:\windows\system32\hpowiax2.dll
c:\windows\system32\muiheplk.ini
c:\windows\system32\mukejowe.dll
c:\windows\system32\mxgolken.ini
c:\windows\system32\namogizu.dll
c:\windows\system32\nihijite.dll
c:\windows\system32\pxoycubq.dll
c:\windows\system32\rmponxtl.ini
c:\windows\system32\sosafuji.dll
c:\windows\system32\vdjbdpeq.ini
c:\windows\system32\vefiniwi.dll
c:\windows\system32\zorotahi.dll
c:\windows\Tasks\dujvszca.job
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-11 au 2008-12-11 ))))))))))))))))))))))))))))))))))))
.
2008-12-10 18:50 . 2008-10-03 11:03 247,326 --------- c:\windows\system32\dllcache\strmdll.dll
2008-12-10 14:23 . 2008-12-10 14:24 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-10 14:23 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-10 14:23 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-10 09:14 . 2008-12-10 09:14 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-10 09:14 . 2008-12-10 09:14 <REP> d-------- c:\documents and settings\ADEL\Application Data\Malwarebytes
2008-12-07 18:23 . 2008-12-07 18:23 <REP> d-------- c:\program files\Trend Micro
2008-12-07 16:44 . 2008-12-07 16:44 <REP> d-------- C:\VundoFix Backups
2008-12-07 08:47 . 2008-12-07 08:47 <REP> d-------- c:\documents and settings\All Users\Application Data\Downloaded Installations
2008-12-06 15:31 . 2008-12-06 15:31 <REP> d-------- c:\documents and settings\ADEL\Application Data\Uniblue
2008-12-06 15:30 . 2008-12-07 11:24 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\~0
2008-12-05 07:41 . 2008-12-05 07:41 106,496 --a------ c:\windows\system32\mrzbsa.VIR
2008-12-04 17:32 . 2008-12-04 17:32 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-04 17:32 . 2008-12-04 17:32 1,409 --a------ c:\windows\QTFont.for
2008-12-04 17:29 . 2008-12-04 17:29 <REP> d-------- c:\documents and settings\ADEL\Application Data\vlc
2008-12-04 17:28 . 2008-12-10 07:51 <REP> d-------- c:\program files\Neuf
2008-12-02 22:23 . 2008-12-02 22:23 <REP> d-------- c:\program files\WinAVI MP4 Converter
2008-12-02 22:11 . 2008-12-02 22:11 <REP> d-------- c:\program files\WinAVI Video Converter
2008-12-02 19:12 . 2008-12-02 23:07 30 --a------ c:\windows\Iedit.INI
2008-11-30 18:53 . 2008-11-30 18:53 <REP> d-------- c:\documents and settings\ADEL\Application Data\Fisher-Price
2008-11-30 18:52 . 2008-11-30 18:52 <REP> d-------- c:\program files\Fisher-Price
2008-11-30 18:52 . 2008-11-30 18:52 <REP> d-------- c:\documents and settings\All Users\Application Data\Fisher-Price
2008-11-30 15:13 . 2008-11-30 15:13 <REP> d-------- c:\documents and settings\All Users\Application Data\TomTom
2008-11-30 15:08 . 2008-11-30 15:08 34 --a------ c:\windows\C_it.ini
2008-11-30 10:46 . 2008-12-04 18:09 69 --a------ c:\windows\NeroDigital.ini
2008-11-30 10:43 . 2008-11-30 10:43 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-30 10:42 . 2008-11-30 10:42 <REP> d-------- c:\documents and settings\All Users\Application Data\PIXELA
2008-11-30 10:31 . 2008-11-30 10:31 <REP> d-------- c:\program files\PIXELA
2008-11-29 15:34 . 2008-11-29 15:34 <REP> d-------- c:\documents and settings\ADEL\.cornice
2008-11-29 11:52 . 2008-11-29 11:52 268 --ah----- C:\sqmdata14.sqm
2008-11-29 11:52 . 2008-11-29 11:52 244 --ah----- C:\sqmnoopt14.sqm
2008-11-28 22:45 . 2008-12-02 18:50 <REP> d-------- c:\documents and settings\ADEL\Application Data\U3
2008-11-28 16:04 . 2008-11-28 16:04 268 --ah----- C:\sqmdata13.sqm
2008-11-28 16:04 . 2008-11-28 16:04 244 --ah----- C:\sqmnoopt13.sqm
2008-11-28 08:41 . 2008-11-28 08:41 105 --a------ c:\windows\cdplayer.ini
2008-11-28 07:02 . 2008-11-28 07:02 268 --ah----- C:\sqmdata12.sqm
2008-11-28 07:02 . 2008-11-28 07:02 244 --ah----- C:\sqmnoopt12.sqm
2008-11-27 21:58 . 2008-11-27 21:58 244 --ah----- C:\sqmnoopt11.sqm
2008-11-27 21:58 . 2008-11-27 21:58 232 --ah----- C:\sqmdata11.sqm
2008-11-27 19:54 . 2008-11-27 19:54 268 --ah----- C:\sqmdata10.sqm
2008-11-27 19:54 . 2008-11-27 19:54 244 --ah----- C:\sqmnoopt10.sqm
2008-11-27 17:42 . 2008-11-27 17:42 268 --ah----- C:\sqmdata09.sqm
2008-11-27 17:42 . 2008-11-27 17:42 244 --ah----- C:\sqmnoopt09.sqm
2008-11-24 21:44 . 2008-11-24 21:44 268 --ah----- C:\sqmdata08.sqm
2008-11-24 21:44 . 2008-11-24 21:44 244 --ah----- C:\sqmnoopt08.sqm
2008-11-24 19:29 . 2008-11-24 19:29 268 --ah----- C:\sqmdata07.sqm
2008-11-24 19:29 . 2008-11-24 19:29 244 --ah----- C:\sqmnoopt07.sqm
2008-11-24 19:23 . 2008-11-24 19:23 268 --ah----- C:\sqmdata06.sqm
2008-11-24 19:23 . 2008-11-24 19:23 244 --ah----- C:\sqmnoopt06.sqm
2008-11-24 10:42 . 2008-11-24 10:42 244 --ah----- C:\sqmnoopt05.sqm
2008-11-24 10:42 . 2008-11-24 10:42 232 --ah----- C:\sqmdata05.sqm
2008-11-24 09:51 . 2008-11-24 09:51 268 --ah----- C:\sqmdata04.sqm
2008-11-24 09:51 . 2008-11-24 09:51 244 --ah----- C:\sqmnoopt04.sqm
2008-11-24 09:36 . 2008-11-24 09:36 <REP> d-------- c:\program files\Winamp Toolbar
2008-11-24 09:36 . 2008-11-24 09:36 <REP> d-------- c:\documents and settings\All Users\Application Data\Winamp Toolbar
2008-11-24 09:36 . 2008-11-24 09:36 <REP> d-------- c:\documents and settings\All Users\Application Data\OrbNetworks
2008-11-24 09:35 . 2008-11-24 09:36 <REP> d-------- c:\program files\Winamp Remote
2008-11-24 09:34 . 2008-11-24 09:36 <REP> d-------- c:\program files\Winamp
2008-11-24 09:34 . 2008-11-24 09:37 <REP> d-------- c:\documents and settings\ADEL\Application Data\Winamp
2008-11-24 09:34 . 2007-03-08 00:51 129,784 --------- c:\windows\system32\pxafs.dll
2008-11-24 09:34 . 2007-03-08 00:51 9,464 --------- c:\windows\system32\drivers\cdralw2k.sys
2008-11-24 09:34 . 2007-03-08 00:51 9,336 --------- c:\windows\system32\drivers\cdr4_xp.sys
2008-11-24 08:58 . 2008-11-24 08:58 268 --ah----- C:\sqmdata02.sqm
2008-11-24 08:58 . 2008-11-24 08:58 244 --ah----- C:\sqmnoopt02.sqm
2008-11-24 08:58 . 2008-11-24 08:58 172 --ah----- C:\sqmnoopt03.sqm
2008-11-24 08:58 . 2008-11-24 08:58 148 --ah----- C:\sqmdata03.sqm
2008-11-17 21:21 . 2008-11-17 21:21 <REP> d-------- c:\program files\HiYo
2008-11-17 21:21 . 2008-11-17 21:21 <REP> d-------- c:\documents and settings\All Users\Application Data\HiYo
2008-11-17 21:21 . 2008-11-17 21:21 <REP> d-------- c:\documents and settings\ADEL\Application Data\HiYo
2008-11-15 12:54 . 2008-11-15 12:54 <REP> d-------- c:\program files\Fichiers communs\Adobe
2008-11-13 15:42 . 2008-11-13 15:42 <REP> d-------- c:\program files\Anuman Interactive
2008-11-12 08:34 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 08:33 . 2008-09-04 18:16 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 08:19 . 2008-12-02 15:24 <REP> d-------- c:\documents and settings\ADEL\Application Data\Image Zone Express
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 14:30 --------- d-----w c:\program files\eMule
2008-12-04 16:32 --------- d-----w c:\documents and settings\ADEL\Application Data\Ulead Systems
2008-11-30 09:43 --------- d-----w c:\program files\Java
2008-11-30 09:31 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-07 20:47 --------- d-----w c:\documents and settings\ADEL\Application Data\HP
2008-11-07 19:06 --------- d-----w c:\program files\HP
2008-11-07 19:06 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2008-11-07 19:05 --------- d-----w c:\program files\Fichiers communs\HP
2008-11-07 18:34 --------- d-----w c:\program files\Hewlett-Packard
2008-11-07 18:34 --------- d-----w c:\program files\Fichiers communs\Hewlett-Packard
2008-11-06 06:51 --------- d-----w c:\documents and settings\ADEL\Application Data\TomTom
2008-11-06 06:50 --------- d-----w c:\program files\TomTom HOME 2
2008-11-05 21:26 --------- d-----w c:\program files\Ubisoft
2008-11-05 15:31 --------- d-----w c:\program files\Sun
2008-11-03 13:15 --------- d-----w c:\program files\Windows Media Connect 2
2008-11-01 19:45 --------- d-----w c:\documents and settings\ADEL\Application Data\CyberLink
2008-10-31 12:31 --------- d-----w c:\documents and settings\ADEL\Application Data\Grisoft
2008-10-31 12:31 --------- d-----w c:\documents and settings\ADEL\Application Data\AdobeUM
2008-10-31 06:34 --------- d-----w c:\documents and settings\ADEL\Application Data\Sonic
2008-10-31 06:34 --------- d-----w c:\documents and settings\ADEL\Application Data\Leadertech
2008-10-30 23:33 --------- d-----w c:\documents and settings\ADEL\Application Data\Skype
2008-10-30 19:36 --------- d-----w c:\documents and settings\ADEL\Application Data\skypePM
2008-10-30 19:33 --------- d-----w c:\program files\Google
2008-10-30 19:33 --------- d-----w c:\program files\Fichiers communs\Skype
2008-10-30 19:33 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-10-28 08:59 --------- d-----w c:\documents and settings\ADEL\Application Data\VadeRetro
2008-10-25 23:49 --------- d-----w c:\program files\ShowTime
2008-10-25 23:48 --------- d-----w c:\program files\Services en ligne
2008-10-25 23:48 --------- d-----w c:\program files\Realtek AC97
2008-10-25 23:48 --------- d-----w c:\program files\QuickTime
2008-10-25 23:47 --------- d-----w c:\program files\Fingerprint Sensor
2008-10-25 23:47 --------- d-----w c:\program files\Fichiers communs\SureThing Shared
2008-10-25 23:47 --------- d-----w c:\program files\Fichiers communs\Sonic Shared
2008-10-25 18:00 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-10-25 17:54 --------- d-----w c:\program files\MSN Messenger
2008-10-25 17:25 --------- d-----w c:\program files\Microsoft.NET
2008-10-25 17:07 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2008-10-25 16:53 --------- d-----w c:\documents and settings\All Users\Application Data\QuickTime
2008-10-25 16:49 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-10-25 16:33 --------- d-----w c:\documents and settings\ADEL\Application Data\OD2
2008-10-25 16:27 --------- d-----w c:\program files\Messenger Plus! Live
2008-10-25 16:22 --------- d-----w c:\program files\Fichiers communs\AOL
2008-10-25 16:22 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-10-25 16:21 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-25 16:19 --------- dcsh--w c:\program files\Fichiers communs\WindowsLiveInstaller
2008-10-25 16:18 --------- d-----w c:\program files\AuthenTec
2008-10-25 16:15 --------- d-----w c:\program files\Windows Live
2008-10-25 16:06 --------- d-----w c:\program files\CCleaner
2008-10-25 16:05 --------- d-----w c:\program files\MSXML 4.0
2008-10-25 15:51 --------- d-----w c:\documents and settings\All Users\Application Data\Grisoft
2008-10-25 15:40 --------- d-----w c:\program files\Avira
2008-10-25 15:40 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2008-09-29 1279216]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-13 68856]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-11-27 234856]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"DACSMiniApp"="c:\program files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe" [2008-03-13 128256]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"HiYo"="c:\program files\HiYo\bin\HiYo.exe" [2008-10-23 300336]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-01-03 180269]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-01-03 98304]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118]
"Ulead AutoDetector v2"="c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"OmniPass"="c:\apps\Softex\OmniPass\scureapp.exe" [2005-08-12 1859584]
"MM_MODULE"="c:\program files\MIC\HAWAII\Hawaii.exe" [2005-07-12 90112]
"Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 310272]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-30 136600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-08-02 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 c:\windows\soundman.exe]
"NECHotkey"="mHotkey.exe" [2005-10-12 c:\windows\mHotkey.exe]
"nwiz"="nwiz.exe" [2005-08-02 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Camera Monitor.lnk - c:\program files\PIXELA\ImageMixer 3 for TOSHIBA\GCameraMoniter.exe [2008-11-30 253952]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2005-08-12 17:01 49152 c:\apps\Softex\OmniPass\OPXPGina.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm "= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm
"vidc.uldx"= c:\progra~1\ULEADS~1\ULEADV~1.0SE\DivX_UL.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\APPS\\Inventime\\my.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\APPS\\skype\\Phone\\Skype.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\guard.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiapsrv.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10101:TCP"= 10101:TCP:emuletcp
"20202:UDP"= 20202:UDP:emuleudp
R3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2006-01-03 799744]
R3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\DRIVERS\MosIrUsb.sys [1980-01-01 20736]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02b20bc5-bd5e-11dd-8fce-0013d3deb0f6}]
\Shell\AutoRun\command - H:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61d2e0f0-b4c5-11dd-8fb9-0013d3deb0f6}]
\Shell\AutoRun\command - F:\EmDesk.exe
\Shell\EmDesk\command - F:\EmDesk.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe71bb14-b49a-11dd-8fb7-0013d3deb0f6}]
\Shell\AutoRun\command - G:\EmDesk.exe
\Shell\EmDesk\command - G:\EmDesk.exe
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
HKCU-Run-Neuf Media Center - c:\program files\SFR\Media Center\MediaCenter.exe
Notify-vtUnkjJd - (no file)
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
c:\windows\Downloaded Program Files\INFOSFINDER2.OCX - O16 -: {E862C832-3A5F-4CEB-BFAA-167B22010A71}
hxxp://support.packardbell.com/files/activex/InfosFinder2.CAB
c:\windows\Downloaded Program Files\InfosFinder2.INF
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-11 08:59:32
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(576)
c:\apps\Softex\OmniPass\opxpgina.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\apps\HIDSERVICE\HidService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\apps\Softex\OmniPass\OmniServ.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
c:\apps\Softex\OmniPass\OPXPApp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Fingerprint Sensor\ATSwpNav.exe
c:\windows\system32\rundll32.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Heure de fin: 2008-12-11 9:01:37 - La machine a redémarré [ADEL]
ComboFix-quarantined-files.txt 2008-12-11 08:01:34
Avant-CF: 112,423,325,696 octets libres
Après-CF: 112,342,331,392 octets libres
322 --- E O F --- 2008-12-10 22:32:04
/!\ Seul adel216 peut suivre cette procédure /!\
1/
---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.
---> Copie le texte ci-dessous par sélection puis Ctrl+C :
KillAll::
File::
c:\windows\system32\mrzbsa.VIR
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02b20bc5-bd5e-11dd-8fce-0013d3deb0f6}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61d2e0f0-b4c5-11dd-8fb9-0013d3deb0f6}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe71bb14-b49a-11dd-8fb7-0013d3deb0f6}]
---> Colle la sélection dans le bloc-notes
---> Enregistre ce fichier sur le bureau (Impératif)
---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes
2/
---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif
[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.
[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.
[*] Une fois le scan achevé, un rapport va s'afficher : poste-le
[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix\Combofix.txt
1/
---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.
---> Copie le texte ci-dessous par sélection puis Ctrl+C :
KillAll::
File::
c:\windows\system32\mrzbsa.VIR
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02b20bc5-bd5e-11dd-8fce-0013d3deb0f6}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61d2e0f0-b4c5-11dd-8fb9-0013d3deb0f6}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe71bb14-b49a-11dd-8fb7-0013d3deb0f6}]
---> Colle la sélection dans le bloc-notes
---> Enregistre ce fichier sur le bureau (Impératif)
---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes
2/
---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif
[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.
[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.
[*] Une fois le scan achevé, un rapport va s'afficher : poste-le
[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix\Combofix.txt
Scan saved at 18:30:42, on 07/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\MIC\HAWAII\Hawaii.exe
C:\Apps\Softex\OmniPass\scureapp.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HiYo\bin\HiYo.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\ADEL\Application Data\Google\mupd1_2_12916358.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\SFR\Media Center\MediaCenter.exe
C:\Program Files\PIXELA\ImageMixer 3 for TOSHIBA\GCameraMoniter.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NECHotkey] mHotkey.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [MM_MODULE] C:\Program Files\MIC\HAWAII\Hawaii.exe
O4 - HKLM\..\Run: [OmniPass] C:\Apps\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HiYo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [DACSMiniApp] C:\Program Files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe
O4 - HKLM\..\Run: [bibeyilifu] Rundll32.exe "C:\WINDOWS\system32\zakanilu.dll",s
O4 - HKLM\..\Run: [ccc14f68] rundll32.exe "C:\WINDOWS\system32\ltxnopmr.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [asus32] "C:\Documents and Settings\ADEL\Application Data\Google\mupd1_2_12916358.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [bibeyilifu] Rundll32.exe "C:\WINDOWS\system32\zakanilu.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Camera Monitor.lnk = C:\Program Files\PIXELA\ImageMixer 3 for TOSHIBA\GCameraMoniter.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: ,C:\WINDOWS\system32\mukejowe.dll,C:\WINDOWS\system32\buwidodu.dll hijmib.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe