Sujet Précédent Sujet Suivant

[VIRUS] Win32:porndialer [TOOL]

Fermé

Crash_888 - 24 janv. 2007 à 09:51
Utilisateur anonyme - 28 janv. 2007 à 11:02

Win32:Porndialer [TOOL]
Bonjour ! bon j vous explique j ai avast qui m annonce un virus ! win32:porndialer etc...
donc je cherche sur le net comment l enlever
d abord je lance vundo fx (je colle le rapport :
VundoFix V6.3.2

Checking Java version...

Java version is 1.5.0.6

Scan started at 20:41:24 22/01/2007

Listing files found while scanning....

C:\Documents and settings\HP_Administrateur\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\HP_Administrateur\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\WINDOWS\system32\cccdd.bak1
C:\WINDOWS\system32\cccdd.bak2
C:\WINDOWS\system32\cccdd.ini
C:\WINDOWS\system32\ddccc.dll
C:\WINDOWS\system32\gebcyaw.dll
C:\WINDOWS\system32\hjanmdxd.dll
C:\WINDOWS\system32\ivciyyqu.ini
C:\WINDOWS\system32\nallpqua.exe
C:\WINDOWS\system32\uqyyicvi.dll

Beginning removal...

Attempting to delete C:\Documents and settings\HP_Administrateur\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\HP_Administrateur\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt Has been deleted!

Attempting to delete C:\Documents and settings\HP_Administrateur\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Documents and settings\HP_Administrateur\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt Has been deleted!

Attempting to delete C:\WINDOWS\system32\cccdd.bak1
C:\WINDOWS\system32\cccdd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\cccdd.bak2
C:\WINDOWS\system32\cccdd.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\cccdd.ini
C:\WINDOWS\system32\cccdd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddccc.dll
C:\WINDOWS\system32\ddccc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebcyaw.dll
C:\WINDOWS\system32\gebcyaw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjanmdxd.dll
C:\WINDOWS\system32\hjanmdxd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ivciyyqu.ini
C:\WINDOWS\system32\ivciyyqu.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\nallpqua.exe
C:\WINDOWS\system32\nallpqua.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\uqyyicvi.dll
C:\WINDOWS\system32\uqyyicvi.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Beginning removal...

VundoFix V6.3.2

Checking Java version...

Java version is 1.5.0.6

Scan started at 05:45:36 23/01/2007

Listing files found while scanning....

VundoFix V6.3.2

Checking Java version...

Java version is 1.5.0.6

Scan started at 08:12:20 24/01/2007

Listing files found while scanning....

C:\WINDOWS\system32\hjanmdxd.dll

Beginning removal...

Performing Repairs to the registry.
Done!)

ensuite je lance combofix :
"HP_Administrateur" - 07-01-22 21:07:36 Service Pack 2
ComboFix 07-01-21 - Running from: "C:\Documents and Settings\HP_Administrateur\Bureau"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\HP_ADM~1\Application Data\SearchToolbarCorp

((((((((((((((((((((((((((((((( Files Created from 2006-12-22 to 2007-01-22 ))))))))))))))))))))))))))))))))))

2007-01-22 20:41 <REP> d-------- C:\VundoFix Backups
2007-01-22 20:38 37,376 --a------ C:\WINDOWS\system32\udial.exe
2007-01-21 16:10 66 --a------ C:\WINDOWS\system32\MASHTWTY.SYS
2007-01-21 16:10 6,852 --a------ C:\WINDOWS\system32\drivers\Vcs.sys
2007-01-21 12:34 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2007-01-21 12:34 <REP> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Skype
2007-01-21 12:34 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Skype
2007-01-21 12:33 <REP> d-------- C:\Program Files\Skype
2007-01-20 22:08 76,412 --a------ C:\WINDOWS\system32\qxfqqhme.dll
2007-01-20 22:01 19,456 --a------ C:\WINDOWS\system32\winrmd32.dll
2007-01-20 13:02 <REP> d-------- C:\Program Files\AV VCS 3.0
2007-01-18 18:11 929,792 --a------ C:\WINDOWS\system32\AegisE5.dll
2007-01-18 18:11 651,264 --a------ C:\WINDOWS\system32\libeay32.dll
2007-01-18 18:11 379,456 --a------ C:\WINDOWS\system32\drivers\WlanUIG.sys
2007-01-18 18:11 15,781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2007-01-18 18:11 147,456 --a------ C:\WINDOWS\system32\ssleay32.dll
2007-01-18 18:11 <REP> d-------- C:\Program Files\SAGEM WiFi manager
2007-01-17 13:59 <REP> d-------- C:\emme
2007-01-15 17:47 <REP> d-------- C:\Program Files\PowerISO
2007-01-14 19:42 <REP> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\AdobeUM
2007-01-13 21:06 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2007-01-13 20:20 <REP> d-------- C:\Program Files\Windows Media Connect 2
2007-01-13 20:14 <REP> d-------- C:\WINDOWS\system32\LogFiles
2007-01-13 20:14 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-01-13 16:20 29,696 --a------ C:\WINDOWS\mickey32.dll
2007-01-13 16:20 232,784 --a------ C:\WINDOWS\Matrix Code.scr
2007-01-13 16:20 2,285,222 --a------ C:\WINDOWS\Matrix Code.exe
2007-01-12 19:23 <REP> d-------- C:\Program Files\Raveille
2007-01-12 19:21 <REP> d-------- C:\Program Files\Fichiers communs\GTK
2007-01-12 18:31 <REP> d-------- C:\DOCUME~1\HP_ADM~1\.jpi_cache
2007-01-12 18:31 <REP> d-------- C:\DOCUME~1\HP_ADM~1\.java
2007-01-10 09:40 <REP> d-------- C:\Program Files\Nero
2007-01-10 09:40 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2007-01-08 21:05 <REP> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Snapfish
2007-01-08 19:16 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2007-01-08 19:16 160,640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2007-01-07 20:36 421,888 --a------ C:\WINDOWS\Nero PhotoShow.scr
2007-01-07 20:36 <REP> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Simple Star
2007-01-07 20:31 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2007-01-07 20:31 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-01-07 19:23 <REP> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Ahead
2007-01-07 17:31 <REP> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Sonic
2007-01-07 17:30 <REP> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Leadertech
2007-01-07 13:40 <REP> d-------- C:\Program Files\CCleaner
2007-01-06 15:08 <REP> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\HPQ
2007-01-06 15:07 <REP> d-------- C:\WINDOWS\system32\NtmsData
2007-01-06 14:06 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-01-06 14:06 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-01-06 14:06 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-01-06 14:06 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-01-06 14:06 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-01-06 14:06 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-01-06 14:06 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-01-06 14:06 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-01-06 14:05 33,890 --a------ C:\WINDOWS\system32\drivers\Capt905c.sys
2007-01-06 14:05 24,605 --a------ C:\WINDOWS\system32\drivers\Camd905c.sys
2007-01-06 12:01 <REP> d-------- C:\Program Files\SAGEM
2007-01-04 16:39 <REP> d-------- C:\Program Files\YourWare Solutions
2007-01-04 16:39 <REP> d-------- C:\Program Files\Uninstall Tool
2007-01-04 16:07 <REP> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\dvdcss
2007-01-04 16:02 <REP> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\CyberLink
2007-01-04 09:53 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-01-04 09:53 31,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-01-04 09:53 23,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-01-04 09:52 94,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-01-04 09:52 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-01-04 09:52 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-01-04 09:52 689,280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-01-04 09:52 <REP> d-------- C:\Program Files\Alwil Software
2007-01-03 21:13 <REP> d-------- C:\Program Files\Winamp
2007-01-03 21:12 <REP> d-------- C:\Program Files\Viewpoint
2007-01-03 21:10 <REP> d-------- C:\DOCUME~1\HP_ADM~1\.javaws
2007-01-03 21:01 87,184 --a------ C:\WINDOWS\NSUninst.exe
2007-01-03 21:00 95,440 --a------ C:\WINDOWS\GREUninstall.exe
2007-01-03 21:00 <REP> d-------- C:\Program Files\Fichiers communs\mozilla.org
2007-01-03 19:45 <REP> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Lavasoft
2007-01-03 19:44 <REP> d-------- C:\Program Files\Lavasoft
2007-01-03 19:30 <REP> d-------- C:\Program Files\Netscape
2007-01-02 10:45 <REP> d-------- C:\WINDOWS\Sun
2007-01-02 10:45 <REP> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Sun
2006-12-30 18:54 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2006-12-30 15:41 <REP> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Microsoft Games
2006-12-30 15:32 <REP> d-------- C:\Program Files\Microsoft Games
2006-12-30 13:16 <REP> d-------- C:\Program Files\Return to Castle Wolfenstein
2006-12-29 19:24 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Messenger Plus!
2006-12-29 18:50 <REP> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\DivX
2006-12-26 17:47 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Kaspersky Lab
2006-12-26 08:53 <REP> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Adobe
2006-12-26 08:34 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2006-12-26 08:31 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2006-12-26 08:31 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe Systems
2006-12-26 08:23 <REP> d-------- C:\Program Files\Messenger Plus! Live
2006-12-25 20:35 <REP> d-------- C:\WINDOWS\system32\appmgmt
2006-12-25 19:34 <REP> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\vlc
2006-12-25 19:33 <REP> d-------- C:\Program Files\VideoLAN
2006-12-25 19:19 <REP> d-------- C:\Program Files\Kaspersky Lab
2006-12-25 19:19 <REP> d-------- C:\Program Files\Fichiers communs\Kaspersky Lab
2006-12-25 19:08 <REP> d-------- C:\Program Files\online eq
2006-12-25 19:08 <REP> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\soap bleh mail
2006-12-25 19:08 <REP> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\online eq
2006-12-25 19:08 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Loud Type Barb License
2006-12-25 19:07 <REP> d-------- C:\Program Files\MessengerPlus! 3
2006-12-25 19:07 <REP> d-------- C:\Program Files\Adverts
2006-12-25 09:26 <REP> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Google
2006-12-25 03:02 <REP> d-------- C:\Program Files\MSXML 4.0
2006-12-25 02:49 23,040 --------- C:\WINDOWS\kb913800.exe
2006-12-25 02:21 <REP> d-------- C:\Program Files\Symantec
2006-12-25 02:21 <REP> d-------- C:\Program Files\Altiris
2006-12-25 02:20 <REP> d-------- C:\Program Files\Philips Flat Panel Adjust
2006-12-25 02:08 <REP> d-------- C:\DOCUME~1\HP_ADM~1\Contacts
2006-12-25 02:03 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Live Toolbar
2006-12-25 01:59 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2006-12-25 01:59 <REP> d-------- C:\Program Files\MSN Messenger
2006-12-25 00:43 <REP> d-------- C:\Program Files\eMule
2006-12-25 00:25 <REP> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Azureus
2006-12-25 00:24 <REP> d-------- C:\Program Files\Azureus
2006-12-25 00:22 <REP> d-------- C:\Program Files\TheTurtle
2006-12-25 00:20 100,489 --a------ C:\WINDOWS\UninstallFirefox.exe
2006-12-25 00:19 <REP> d-------- C:\Program Files\Mozilla Firefox
2006-12-25 00:00 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Google
2006-12-24 23:48 <REP> d---s---- C:\DOCUME~1\HP_ADM~1\UserData
2006-12-24 23:48 <REP> d-------- C:\WINDOWS\system32\PreInstall
2006-12-24 22:54 <REP> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Help
2006-12-24 22:36 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
2006-12-24 22:36 <REP> d-------- C:\WINDOWS\system32\SoftwareDistribution
2006-12-24 22:35 <REP> d-------- C:\Program Files\Wanadoo
2006-12-24 22:30 16,292 --a------ C:\WINDOWS\system32\PCANDIS5.SYS
2006-12-24 22:12 61,440 --a------ C:\WINDOWS\system32\W32N50.dll
2006-12-24 22:12 114,688 --a------ C:\WINDOWS\system32\WLANUTL.dll
2006-12-24 22:07 <REP> d-------- C:\Program Files\Securitoo
2006-12-24 22:04 <REP> dr-hs---- C:\cmdcons
2006-12-24 22:04 <REP> d--hs---- C:\RECYCLER
2006-12-24 22:03 <REP> d-------- C:\WINDOWS\setup.pss
2006-12-24 21:48 <REP> dr------- C:\DOCUME~1\HP_ADM~1\Mes documents
2006-12-24 21:48 <REP> dr------- C:\DOCUME~1\HP_ADM~1\Menu D‚marrer
2006-12-24 21:48 <REP> dr------- C:\DOCUME~1\HP_ADM~1\Favoris
2006-12-24 21:48 <REP> d--h----- C:\DOCUME~1\HP_ADM~1\Voisinage r‚seau
2006-12-24 21:48 <REP> d--h----- C:\DOCUME~1\HP_ADM~1\Voisinage d'impression
2006-12-24 21:48 <REP> d--h----- C:\DOCUME~1\HP_ADM~1\ModŠles
2006-12-24 21:48 <REP> d-------- C:\DOCUME~1\HP_ADM~1\WINDOWS
2006-12-24 21:48 <REP> d-------- C:\DOCUME~1\HP_ADM~1\Bureau
2006-12-24 21:48 <REP> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Real
2006-12-24 21:47 <REP> d-------- C:\DOCUME~1\DEFAUL~1\WINDOWS
2006-12-24 21:47 <REP> d-------- C:\DOCUME~1\DEFAUL~1\Application Data\Real
2006-12-24 21:46 <REP> d-------- C:\WINDOWS\Prefetch
2006-12-24 21:34 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2006-12-24 21:34 59,648 --a------ C:\WINDOWS\system32\drivers\rfcomm.sys
2006-12-24 21:34 28,160 --a------ C:\WINDOWS\system32\irmon.dll
2006-12-24 21:34 274,944 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2006-12-24 21:34 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS
2006-12-24 21:34 17,024 --a------ C:\WINDOWS\system32\drivers\BthEnum.sys
2006-12-24 21:34 154,112 --a------ C:\WINDOWS\system32\irftp.exe
2006-12-24 21:34 100,992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys
2006-12-24 21:33 <REP> d--hs---- C:\System Volume Information

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-01-22 21:07 658 --a------ C:\WINDOWS\system32\msxwnet32.dll
2007-01-22 07:05 -------- d-------- C:\Program Files\sonic
2007-01-21 16:54 -------- d-------- C:\Program Files\Fichiers communs\installshield
2007-01-21 16:12 69 --a------ C:\DOCUME~1\HP_ADM~1\Application Data\voicesfx.ini
2007-01-18 18:11 -------- d--h----- C:\Program Files\installshield installation information
2007-01-06 15:30 -------- d---s---- C:\DOCUME~1\HP_ADM~1\Application Data\microsoft
2007-01-03 21:15 -------- d-------- C:\DOCUME~1\HP_ADM~1\Application Data\mozilla
2007-01-03 21:06 -------- d-------- C:\Program Files\java
2006-12-26 08:32 -------- d-------- C:\Program Files\Fichiers communs\adobe
2006-12-25 20:35 -------- d-------- C:\Program Files\google
2006-12-25 03:14 -------- d-------- C:\Program Files\Fichiers communs\symantec shared
2006-12-25 02:00 -------- d-------- C:\Program Files\divx
2006-12-25 01:59 -------- d-------- C:\DOCUME~1\HP_ADM~1\Application Data\macromedia
2006-12-12 17:30 520192 --a------ C:\WINDOWS\system32\divxsm.exe
2006-12-12 17:30 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-12-12 17:30 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-12-12 17:30 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-12-12 17:25 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-12-12 17:25 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-12-12 17:25 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-12-12 17:25 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-12-12 17:25 635486 --a------ C:\WINDOWS\system32\divx.dll
2006-12-12 17:25 593920 --a------ C:\WINDOWS\system32\dpugui11.dll
2006-12-12 17:25 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2006-12-12 17:25 53248 --a------ C:\WINDOWS\system32\dpugui10.dll
2006-12-12 17:25 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2006-12-12 17:25 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2006-12-12 17:25 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2006-12-12 17:25 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-12-12 17:24 12288 --a------ C:\WINDOWS\system32\divxwmpexttype.dll
2006-12-12 17:24 118784 --a------ C:\WINDOWS\system32\divxcodecupdatechecker.exe
2006-11-08 06:07 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-03 10:03 8292352 --a------ C:\WINDOWS\system32\wmploc.dll
2006-11-03 09:59 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-11-03 09:58 272384 --a------ C:\WINDOWS\system32\wmerror.dll
2006-11-03 09:56 7680 --a------ C:\WINDOWS\system32\asferror.dll
2006-11-02 11:52 44032 --------- C:\WINDOWS\system32\wpdshextres.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"WOOKIT"="C:\\PROGRA~1\\Wanadoo\\Shell.exe appLaunchClientZone.shl|PARAM= cnx"
"TheTurtle"="C:\\Program Files\\TheTurtle\\TheTurtle.exe"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
"FreeRAM XP"="\"C:\\Program Files\\YourWare Solutions\\FreeRAM XP Pro\\FreeRAM XP Pro.exe\" -win"
"PhotoShow Deluxe Media Manager"="C:\\PROGRA~1\\Ahead\\NEROPH~1\\data\\Xtras\\mssysmgr.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Fichiers communs\\Ahead\\lib\\NMBgMonitor.exe\""
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"eMuleAutoStart"="C:\\Documents and Settings\\HP_Administrateur\\Bureau\\emule\\eMule.exe -AutoStart"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"ftutil2"="rundll32.exe ftutil2.dll,SetWriteCacheMode"
"AlwaysReady Power Message APP"="ARPWRMSG.EXE"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"PCDrProfiler"=""
"HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
"RTHDCPL"="RTHDCPL.EXE"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"Reminder"="\"C:\\Windows\\Creator\\Remind_XP.exe\""
"HP Software Update"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,\
48,50,5c,48,50,20,53,6f,66,74,77,61,72,65,20,55,70,64,61,74,65,5c,48,50,77,\
75,53,63,68,64,32,2e,65,78,65,00
"Barb license slow balm"="C:\\Documents and Settings\\All Users\\Application Data\\Loud Type Barb License\\rdrcopy.exe"
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"NWEReboot"=""
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"UDial"="C:\\WINDOWS\\system32/udial.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C505F4FA-0AFD-4E83-B73E-5084E813154A}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrmd32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

Completion time: 07-01-22 21:10:37

et pour finir je vous met mon log Hijack dans le prochain post bonne change aux decrypteurs ^^

A voir également:

[VIRUS] Win32:porndialer [TOOL]
Svchost.exe virus - Guide
Win32:bogent - Forum Virus
Faux message virus iphone ✓ - Forum iPhone
Puabundler win32 - Forum Virus
Trojan win32 - Forum Virus

7 réponses

Réponse 1 / 7

Crash_888
24 janv. 2007 à 09:55

pour info j ai desactiver la protection residente windows avant le hijack ^^

Logfile of HijackThis v1.99.1
Scan saved at 09:51:17, on 24/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TheTurtle\TheTurtle.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\HP_Administrateur\Bureau\emule\eMule.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\HP_Administrateur\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_France.src"); (C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Profiles\default\tg29ht6r.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\hjanmdxd.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9E049967-730A-4702-AC40-EE6AB18082F1} - C:\WINDOWS\system32\ddccc.dll (file missing)
O2 - BHO: (no name) - {C505F4FA-0AFD-4E83-B73E-5084E813154A} - C:\WINDOWS\system32\gebcyaw.dll (file missing)
O2 - BHO: (no name) - {E3ED3CF9-4DE0-72C0-A2A9-6AC52B9BF471} - C:\DOCUME~1\HP_ADM~1\APPLIC~1\SOAPBL~1\Jump Extra.exe (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Barb license slow balm] C:\Documents and Settings\All Users\Application Data\Loud Type Barb License\rdrcopy.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [TheTurtle] C:\Program Files\TheTurtle\TheTurtle.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Documents and Settings\HP_Administrateur\Bureau\emule\eMule.exe -AutoStart
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: winrmd32 - C:\WINDOWS\SYSTEM32\winrmd32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

Réponse 2 / 7

Utilisateur anonyme
24 janv. 2007 à 09:55

c'est trés cool de mettre tout ça, mais avant tout je conseille de faire cette procédure en tout premier lieu !
Ensuite les logs.
https://leblogdeclaude.blogspot.com/2006/10/informatique-procdure-de-nettoyage.html
(c'est juste un conseil !)

Réponse 3 / 7

Crash_888
24 janv. 2007 à 10:02

oki merci de ta reponce aussi rapide ^^
mais j ai fini avec mes log la ^^
c est juste que sa me soul grave de pas pouvoir le supprimer
(de temps en temsp j ai une pasge web de cul qui s affiche franchement c est pas en collant des virus que des gens vont aller dessus !!!! surtout que c est payant !)

Réponse 4 / 7

Utilisateur anonyme
24 janv. 2007 à 14:26

"mais j ai fini avec mes log"

Si tu veux !, mais t'es pas mal infecté, à toi de voir, mais si tu estimes en sortir tout seul et sans faire de procédure, tu risque d'avoir une machine trés vite inutilisable...sous peu ^^ (et même tres peu !!! ^^)
Tout ce que tu as fait avant....n'a pas servi à grand chose....si je me fie à ton dernier HJT !

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 7

Crash_888
24 janv. 2007 à 16:05

HEYYYYY ! j ai jamais dit que j voulez pas qu'on m aide sinon pourquoi j aurait poster un topic ?!

j ai dit j arrete avec mes logs pour pas faire de flood !
mais si quelqun me demande je refait un hijack c est tout ^^

pas mal infecté ?? tu saurait pas comment me "desinfecter mon pc"

Réponse 6 / 7

Crash_888
24 janv. 2007 à 16:45

voici mon dernier hijack this : j ai effacer avec killbox tout les exe infecter ( udial.exe ) ensuite j ai ete ,dans windows temp j ai supprimer tout ce qu'il y avait de dans et ensuite cc cleaner

donc voila :

Logfile of HijackThis v1.99.1
Scan saved at 16:41:44, on 24/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\TheTurtle\TheTurtle.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\HP_Administrateur\Bureau\emule\eMule.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Games\Halo\Halo.eXe
C:\Documents and Settings\HP_Administrateur\Bureau\VundoFix.exe
C:\Documents and Settings\HP_Administrateur\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_France.src"); (C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Profiles\default\tg29ht6r.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\hjanmdxd.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9E049967-730A-4702-AC40-EE6AB18082F1} - C:\WINDOWS\system32\ddccc.dll (file missing)
O2 - BHO: (no name) - {C505F4FA-0AFD-4E83-B73E-5084E813154A} - C:\WINDOWS\system32\gebcyaw.dll (file missing)
O2 - BHO: (no name) - {E3ED3CF9-4DE0-72C0-A2A9-6AC52B9BF471} - C:\DOCUME~1\HP_ADM~1\APPLIC~1\SOAPBL~1\Jump Extra.exe (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Barb license slow balm] C:\Documents and Settings\All Users\Application Data\Loud Type Barb License\rdrcopy.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [UDial] C:\WINDOWS\system32/udial.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [TheTurtle] C:\Program Files\TheTurtle\TheTurtle.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Documents and Settings\HP_Administrateur\Bureau\emule\eMule.exe -AutoStart
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: winrmd32 - C:\WINDOWS\SYSTEM32\winrmd32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

j vais terminer pas un scan ad-adware et un scan avast ;)

Réponse 7 / 7

Utilisateur anonyme
28 janv. 2007 à 11:02

.

Discussions similaires

Est ce que le site tlauncher est dangereux ?

Detection PUA: win32 Installcore

infecté par HackTool:Win32/AutoKMS

Problème avec "PUADIManager:Win32/OfferCore

Que fait le virus LPI Win32 Pup-Gen

Newsletters

Newsletters

Actu du jour

Voir un exemple

en ce moment

A voir également