Sujet Précédent Sujet Suivant

Trojan Win-32 ConHook-CF

Résolu/Fermé
Killi - 5 déc. 2007 à 10:34
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 - 5 déc. 2007 à 19:02
Bonjour, j'ai un problem avec le trojan conhook-cf quelqun peut maider?
A voir également:

23 réponses

  • 1
  • 2
Réponse 1 / 23
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 123
5 déc. 2007 à 10:45
Bonjour,

* Télécharge PCA (d'Evosla) : http://ww25.evosla.com/pca_cpt.php?agr=pca_securite
* Dézippe-le dans un répertoire dédié comme c:\PCA au moyen d'un clic droit (Extraire...),
* Clique sur l'onglet "diagnostic du PC" puis "analyser".
* Laisse l'analyse se dérouler. Cela ne prend que quelques secondes.
* Clique sur "enregistrer le rapport" en bas à droite et sauvegarde-le sur le bureau.
* Edite le contenu de ce rapport dans ta prochaine réponse. Il se nomme PCA_LOG.txt

FillPCA
0
Réponse 2 / 23
Killi
5 déc. 2007 à 11:00
Voila le raport :

# PCA Sécurité V 1.0.2, (fichier LOG).
# Rapport du :05/12/2007 10:59:17
Microsoft Windows XP Service Pack 2

==>> Processus <==
\SystemRoot\System32\smss.exe
\??\C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\Explorer.EXE
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\APPS\Powercinema\PCMService.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Labtec Laser Mouse Software\MulMouse.exe
C:\Program Files\Sitecom\Wireless Network USB Adapter 54G WL-113_002\Installer\WLANUTL.EXE
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\johan\Bureau\pca.exe

//pages de démarrage et de recherche d'Internet Explorer
RO - HKLM\Software\Microsoft\Internet Explorer\Main\Start Page = http://www.ustart.org
RO - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
RO - HKCU\Software\Microsoft\Internet Explorer\Main\Start Page = https://gamergen.com/psp/
RO - HKCU\Software\Microsoft\Internet Explorer\Toolbar\LinksFolderName = Liens
R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main\Search Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Search\CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Search\SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard\ShellNext = iexplore
//applications lancées depuis system.ini,win.ini
//03 - Browser Helper Objects (BHOs)
02 - BHO: - {01960937-90F6-4A37-8EF3-272A79B92393} -
02 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
02 - BHO: - {0451E078-8F69-4112-B912-069485A4FD4E} -
02 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
02 - BHO: - {15B35764-C5C2-4446-9AE7-95AD09FDB313} -
02 - BHO: - {18F06E47-85B3-4B25-8E38-8F02435BA4D4} -
02 - BHO: - {236742D3-CB05-40FD-9EF2-CCC8FE395DA9} -
02 - BHO: - {2B5D9C8D-2371-4A42-9021-9DEFE114FC13} -
02 - BHO: - {40E6EF44-7C05-4572-9C1F-8663A9F5B609} -
02 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
02 - BHO: - {5A4F7DEA-D6E8-408F-8A9F-9D44ADCBD564} -
02 - BHO: - {5C831DCB-4D12-4ABF-BA9E-8712D3C5B41F} -
02 - BHO: - {6273CDB9-1A4B-4D21-A8E1-C4C9806DBBFC} -
02 - BHO: - {6F2225B6-CDEE-4382-AF1B-6B0EE3C651E3} - C:\WINDOWS\system32\awtsq.dll
02 - BHO: - {70F02488-8629-40FB-BF42-E3BCEEAF4EC7} -
02 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
02 - BHO: - {7A7C1820-EDEA-48F4-8851-F79B571BB8D3} -
02 - BHO: - {7CA81AF5-4F44-430A-A03E-0BC20074BCAE} -
02 - BHO: - {7E853D72-626A-48EC-A868-BA8D5E23E045} -
02 - BHO: - {80FBECCE-C17E-48F2-BBDF-8C7EA2C1891E} -
02 - BHO: - {812F8732-E71C-4DC4-A5A9-A7DE629E9ADE} -
02 - BHO: - {81A40807-DFB1-4D59-914C-8C6154AB1EF6} -
02 - BHO: - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\envhdkpt.dll
02 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
02 - BHO: - {9403621D-F14F-4C53-84C4-FAA72D07F8FA} -
02 - BHO: - {947F403E-DCF7-4ADB-8989-60ABA3C742FA} -
02 - BHO: - {9DA411D9-ED04-4E92-9D58-72D51A2EBD69} -
02 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
02 - BHO: - {ABB580C8-1C2F-4209-8386-B75B457F4E67} -
02 - BHO: - {B3B5B2B8-43B1-444A-A1C1-9784EE5D96D8} -
02 - BHO: - {C6009EA7-2759-4385-8BB9-AE270D10B8B4} -
02 - BHO: - {D751FD0B-885D-47D5-96FB-6D0FACDC4E3C} -
02 - BHO: - {EFEE2945-4665-4CFE-9F12-2934FFF9F1E4} -
O3 - Toolbar : Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar : &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar : - {11A69AE4-FBED-4832-A2BF-45AF82825583} -
//04 - applications chargées automatiquement
04 - HKLM\..\RUN: [nTrayFw] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
04 - HKLM\..\RUN: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
04 - HKLM\..\RUN: [nwiz] - nwiz.exe /install
04 - HKLM\..\RUN: [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
04 - HKLM\..\RUN: [SoundMan] - SOUNDMAN.EXE
04 - HKLM\..\RUN: [DetectorApp] - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
04 - HKLM\..\RUN: [ISUSPM Startup] - "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
04 - HKLM\..\RUN: [ISUSScheduler] - "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
04 - HKLM\..\RUN: [PCMService] - "c:\APPS\Powercinema\PCMService.exe"
04 - HKLM\..\RUN: [SunJavaUpdateSched] - "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
04 - HKLM\..\RUN: [avast!] - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
04 - HKLM\..\RUN: [QuickTime Task] - "C:\Program Files\QuickTime\qttask.exe" -atboottime
04 - HKLM\..\RUN: [IdiomaX Office] - C:\Program Files\IdiomaX\Office Translator 4.0\IdxOffice.exe
04 - HKLM\..\RUN: [IdiomaX Product Update] - C:\Program Files\Fichiers communs\IdiomaX Shared\Cat 6.0\IdxLUpdate.exe /AUTOSTART
04 - HKLM\..\RUN: [PWRISOVM.EXE] - C:\Program Files\PowerISO\PWRISOVM.EXE
04 - HKLM\..\RUN: [VirtualCloneDrive] - "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
04 - HKLM\..\RUN: [Picasa Media Detector] - C:\Program Files\Picasa2\PicasaMediaDetector.exe
04 - HKLM\..\RUN: [9c21edd7] - rundll32.exe "C:\WINDOWS\system32\vbphbabf.dll",b
04 - HKLU\..\RUN: [CTFMON.EXE] - C:\WINDOWS\system32\ctfmon.exe
04 - HKLU\..\RUN: [MsnMsgr] - "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
04 - HKLU\..\RUN: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe
04 - HKLU\..\RUN: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
04 - HKLU\..\RUN: [AlcoholAutomount] - "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
04 - HKLM\..\RunOnce: [SpybotDeletingC242] - C:\WINDOWS\system32\ctfmon.exe
04 - HKUS\S-1-5-18\..\RUN: [CTFMON.EXE] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
04 - HKUS\S-1-5-18\..\RUN: [Picasa Media Detector] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
04 - HKUS\S-1-5-19\..\RUN: [CTFMON.EXE] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
04 - HKUS\S-1-5-20\..\RUN: [CTFMON.EXE] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
04 - HKUS\S-1-5-21-3618015508-3629909785-1147112342-1007\..\RUN: [CTFMON.EXE] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
04 - HKUS\S-1-5-21-3618015508-3629909785-1147112342-1007\..\RUN: [MsnMsgr] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
04 - HKUS\S-1-5-21-3618015508-3629909785-1147112342-1007\..\RUN: [WMPNSCFG] - nwiz.exe /install
04 - HKUS\S-1-5-21-3618015508-3629909785-1147112342-1007\..\RUN: [SpybotSD TeaTimer] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
04 - HKUS\S-1-5-21-3618015508-3629909785-1147112342-1007\..\RUN: [AlcoholAutomount] - SOUNDMAN.EXE
04 - Global Startup: Réglages souris Labtec.lnk= C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Réglages souris Labtec.lnk
04 - Global Startup: Sitecom Wireless Utility.lnk= C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Sitecom Wireless Utility.lnk
04 - Startup: OpenOffice.org 2.2.lnk= C:\Documents and Settings\johan\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.2.lnk
04 - Startup: RocketDock.lnk= C:\Documents and Settings\johan\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk
04 - Startup: TransBar.lnk= C:\Documents and Settings\johan\Menu Démarrer\Programmes\Démarrage\TransBar.lnk
04 - Startup: UberIcon.lnk= C:\Documents and Settings\johan\Menu Démarrer\Programmes\Démarrage\UberIcon.lnk
04 - Startup: Y'z Shadow.lnk= C:\Documents and Settings\johan\Menu Démarrer\Programmes\Démarrage\Y'z Shadow.lnk
//05 - Accès au panneau de contrôle d'Internet Explorer (control.ini)
//06- interdiction à l' accès au options (Internet Explorer)
//07 - blocage de l'exécution de Regedit
//08 - lignes supplémentaires dans le menu contextuel d'Internet Explorer
//09 - boutons situés sur la barre d'outils principale d'Internet Explorer
09 - Extra button: - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
09 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
09 - Extra button: - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
09 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
09 - Extra button: - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
09 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
09 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
09 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
//O10 - Pirates de Winsock
//O11 - Onglet supplémentaire dans les options avancées d'Internet Explorer)
O11 - Options group: [INTERNATIONAL] - International*
//O12 - IE plugins
//013 : DefaultPrefix
//014 - Option : (Rétablir les paramètres Web)
//015 - Zone de confiance d'Internet Explorer
//O16 - Objets ActiveX
O16 - DPF : QuickTime Object - {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - C:\Program Files\QuickTime\QTPlugin.ocx
O16 - DPF : Shockwave ActiveX Control - {166B1BCA-3F9C-11CF-8075-444553540000} - C:\WINDOWS\system32\macromed\Director\SwDir.dll
O16 - DPF : Checkers Class - {20A60F0D-9AFA-4515-A0FD-83BD84642501} - C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
O16 - DPF : Shockwave ActiveX Control - {233C1507-6A77-46A4-9443-F871F945D258} - C:\WINDOWS\system32\Macromed\Director\SwDir.dll
O16 - DPF : TotalScan Installer Class - {512FC5A1-7DE1-43F1-BC0C-371622FCB409} - C:\WINDOWS\Downloaded Program Files\ascstubie.dll
O16 - DPF : UnoCtrl Class - {5D6F45B3-9043-443D-A792-115447494D24} - C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll
O16 - DPF : WUWebControl Class - {6414512B-B978-451D-A0D8-FCFDF33E833C} - C:\WINDOWS\system32\wuweb.dll
O16 - DPF : MessengerStatsClient Class - {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
O16 - DPF : Minesweeper Flags Class - {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - C:\WINDOWS\Downloaded Program Files\MineSweeper.dll
//O17 - piratage de domaine Lop.com
//O18 - protocoles additionnels
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} -
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
//O19 - feuille de style de l'utilisateur
//O20 - valeur de Registre AppInit_DLLs et les sous-clés Winlogon Notify
O20 - AppInit_DLLs : C:\WINDOWS\system32\__c0029F9C.dat
//O21 - ShellServiceObjectDelayLoad
//O22 - SharedTaskScheduler
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - %SystemRoot%\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll
//O23 - services de XP,NT, 2000, et 2003
O23 - Service: [a-squared Free Service] -
O23 - Service: [Ad-Aware 2007 Service] - "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"
O23 - Service: [Service de la passerelle de la couche Application] - %SystemRoot%\System32\alg.exe
O23 - Service: [Service d'état ASP.NET] - %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
O23 - Service: [avast! iAVS4 Control Service] - "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
O23 - Service: [avast! Antivirus] - "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
O23 - Service: [avast! Mail Scanner] - "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
O23 - Service: [avast! Web Scanner] - "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
O23 - Service: [CyberLink Background Capture Service (CBCS)] - "c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe"
O23 - Service: [Gestionnaire de l'Album] - %SystemRoot%\system32\clipsrv.exe
O23 - Service: [.NET Runtime Optimization Service v2.0.50727_X86] - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
O23 - Service: [CyberLink Task Scheduler (CTS)] - "c:\APPS\Powercinema\Kernel\TV\CLSched.exe"
O23 - Service: [Application système COM+] - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
O23 - Service: [CyberLink Media Library Service] - "c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe"
O23 - Service: [DomainService] - C:\WINDOWS\system32\wuqdhxbm.exe /service
O23 - Service: [Forceware Web Interface] - "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice
O23 - Service: [Google Updater Service] - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
O23 - Service: [InstallDriver Table Manager] - "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: [Service COM de gravage de CD IMAPI] -
O23 - Service: [LiveUpdate] - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
O23 - Service: [Partage de Bureau à distance NetMeeting] - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: [ForceWare IP service] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: [ForceWare user log service] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: [NVIDIA Display Driver Service] - %SystemRoot%\system32\nvsvc32.exe
O23 - Service: [Planificateur LiveUpdate automatique] - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
O23 - Service: [PnkBstrA] - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: [Gestionnaire de session d'aide sur le Bureau à distance] - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: [Localisateur d'appels de procédure distante (RPC)] - %SystemRoot%\system32\locator.exe
O23 - Service: [QoS RSVP] - %SystemRoot%\system32\rsvp.exe
O23 - Service: [Spouleur d'impression] - %SystemRoot%\system32\spoolsv.exe
O23 - Service: [StarWind AE Service] - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: [MS Software Shadow Copy Provider] - C:\WINDOWS\system32\dllhost.exe /Processid:{DC0E0607-432C-4B27-86F3-8CFCBAD1B8EB}
O23 - Service: [Journaux et alertes de performance] - %SystemRoot%\system32\smlogsvc.exe
O23 - Service: [Onduleur] - %SystemRoot%\System32\ups.exe
O23 - Service: [USBDeviceService] - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: [Service Messenger Sharing Folders USN Journal Reader] - "C:\Program Files\MSN Messenger\usnsvc.exe"
O23 - Service: [Cliché instantané de volume] - %SystemRoot%\System32\vssvc.exe
O23 - Service: [Carte de performance WMI] - C:\WINDOWS\system32\wbem\wmiapsrv.exe
0
Réponse 3 / 23
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 123
5 déc. 2007 à 11:19
Re,

# Télécharge Vundofix (par Atribune) sur ton Bureau : http://www.atribune.org/ccount/click.php?id=4
# Double-clique VundoFix.exe afin de le lancer.
# Clique sur le bouton Scan for Vundo.
# Lorsque le scan est complété, clique sur le bouton Remove Vundo (uniquement si des fichiers infectieux sont trouvés).
# Une invite te demandera si tu veux supprimer les fichiers, clique YES.
# Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
# Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK.
# Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport PCA dans ta prochaine réponse.

FillPCA
0
Réponse 4 / 23
Killi
5 déc. 2007 à 12:06
Voila le raport de vundofix :

VundoFix V6.6.2

Checking Java version...

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 18:46:37 23/11/2007

Listing files found while scanning....

C:\windows\system32\__c00124E2.dat
C:\windows\system32\__c0016C9.dat
C:\windows\system32\__c001D84F.dat
C:\windows\system32\__c00400F1.dat
C:\windows\system32\__c004701E.dat
C:\windows\system32\__c0056F31.dat
C:\windows\system32\__c007D0E0.dat
C:\windows\system32\__c00813EA.dat
C:\windows\system32\__c0095BF6.dat
C:\windows\system32\__c00A91F1.dat
C:\windows\system32\__c00ADE9F.dat
C:\windows\system32\__c00ADFF3.dat
C:\windows\system32\__c00B4964.dat
C:\windows\system32\__c00BCD48.dat
C:\windows\system32\__c00C4657.dat
C:\windows\system32\__c00C5A49.dat
C:\windows\system32\__c00D698A.dat
C:\windows\system32\__c00EB9DD.dat
C:\windows\system32\bbhsgiku.dllbox
C:\WINDOWS\system32\envhdkpt.dll
C:\WINDOWS\system32\gebxuss.dll
C:\windows\system32\qzqlypeu.dllbox

Beginning removal...

Attempting to delete C:\windows\system32\__c00124E2.dat
C:\windows\system32\__c00124E2.dat Has been deleted!

Attempting to delete C:\windows\system32\__c0016C9.dat
C:\windows\system32\__c0016C9.dat Has been deleted!

Attempting to delete C:\windows\system32\__c001D84F.dat
C:\windows\system32\__c001D84F.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00400F1.dat
C:\windows\system32\__c00400F1.dat Has been deleted!

Attempting to delete C:\windows\system32\__c004701E.dat
C:\windows\system32\__c004701E.dat Has been deleted!

Attempting to delete C:\windows\system32\__c0056F31.dat
C:\windows\system32\__c0056F31.dat Has been deleted!

Attempting to delete C:\windows\system32\__c007D0E0.dat
C:\windows\system32\__c007D0E0.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00813EA.dat
C:\windows\system32\__c00813EA.dat Has been deleted!

Attempting to delete C:\windows\system32\__c0095BF6.dat
C:\windows\system32\__c0095BF6.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00A91F1.dat
C:\windows\system32\__c00A91F1.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00ADE9F.dat
C:\windows\system32\__c00ADE9F.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00ADFF3.dat
C:\windows\system32\__c00ADFF3.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00B4964.dat
C:\windows\system32\__c00B4964.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00BCD48.dat
C:\windows\system32\__c00BCD48.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00C4657.dat
C:\windows\system32\__c00C4657.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00C5A49.dat
C:\windows\system32\__c00C5A49.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00D698A.dat
C:\windows\system32\__c00D698A.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00EB9DD.dat
C:\windows\system32\__c00EB9DD.dat Has been deleted!

Attempting to delete C:\windows\system32\bbhsgiku.dllbox
C:\windows\system32\bbhsgiku.dllbox Has been deleted!

Attempting to delete C:\windows\system32\qzqlypeu.dllbox
C:\windows\system32\qzqlypeu.dllbox Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.6.2

Checking Java version...

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 21:29:55 23/11/2007

Listing files found while scanning....

C:\windows\system32\ombnjeab.dll
C:\windows\system32\ovmeipum.dll
C:\windows\system32\padlpklf.dll
C:\windows\system32\pcqqgork.dll
C:\windows\system32\pxewdayg.dll
C:\windows\system32\qoalyejr.ini
C:\windows\system32\qskwohhg.dll
C:\windows\system32\riormvsy.dll
C:\windows\system32\rjeylaoq.dll
C:\windows\system32\rjnqmuxk.dll
C:\windows\system32\rjrufarm.dll

Beginning removal...

Attempting to delete C:\windows\system32\ombnjeab.dll
C:\windows\system32\ombnjeab.dll Has been deleted!

Attempting to delete C:\windows\system32\ovmeipum.dll
C:\windows\system32\ovmeipum.dll Has been deleted!

Attempting to delete C:\windows\system32\padlpklf.dll
C:\windows\system32\padlpklf.dll Has been deleted!

Attempting to delete C:\windows\system32\pcqqgork.dll
C:\windows\system32\pcqqgork.dll Has been deleted!

Attempting to delete C:\windows\system32\pxewdayg.dll
C:\windows\system32\pxewdayg.dll Has been deleted!

Attempting to delete C:\windows\system32\qoalyejr.ini
C:\windows\system32\qoalyejr.ini Has been deleted!

Attempting to delete C:\windows\system32\qskwohhg.dll
C:\windows\system32\qskwohhg.dll Has been deleted!

Attempting to delete C:\windows\system32\riormvsy.dll
C:\windows\system32\riormvsy.dll Has been deleted!

Attempting to delete C:\windows\system32\rjeylaoq.dll
C:\windows\system32\rjeylaoq.dll Has been deleted!

Attempting to delete C:\windows\system32\rjnqmuxk.dll
C:\windows\system32\rjnqmuxk.dll Has been deleted!

Attempting to delete C:\windows\system32\rjrufarm.dll
C:\windows\system32\rjrufarm.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.6.2

Checking Java version...

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 22:13:03 23/11/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.7.0

Checking Java version...

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 11:25:39 05/12/2007

Listing files found while scanning....

C:\windows\system32\__c00749B8.dat
C:\windows\system32\aovwqbnf.dll
C:\windows\system32\atdqkubr.dll
C:\windows\system32\bclycrns.dll
C:\WINDOWS\system32\envhdkpt.dll
C:\WINDOWS\system32\gebxuss.dll
C:\windows\system32\iwpogdqq.dll
C:\windows\system32\ombnjeab.dll
C:\windows\system32\rutcuepk.dll
C:\windows\system32\xtgykvaf.dll

Beginning removal...

Attempting to delete C:\windows\system32\__c00749B8.dat
C:\windows\system32\__c00749B8.dat Has been deleted!

Attempting to delete C:\windows\system32\aovwqbnf.dll
C:\windows\system32\aovwqbnf.dll Has been deleted!

Attempting to delete C:\windows\system32\atdqkubr.dll
C:\windows\system32\atdqkubr.dll Has been deleted!

Attempting to delete C:\windows\system32\bclycrns.dll
C:\windows\system32\bclycrns.dll Has been deleted!

Attempting to delete C:\windows\system32\iwpogdqq.dll
C:\windows\system32\iwpogdqq.dll Has been deleted!

Attempting to delete C:\windows\system32\ombnjeab.dll
C:\windows\system32\ombnjeab.dll Has been deleted!

Attempting to delete C:\windows\system32\rutcuepk.dll
C:\windows\system32\rutcuepk.dll Has been deleted!

Attempting to delete C:\windows\system32\xtgykvaf.dll
C:\windows\system32\xtgykvaf.dll Has been deleted!

Performing Repairs to the registry.
Done!



ET le raport de PCA :

# PCA Sécurité V 1.0.2, (fichier LOG).
# Rapport du :05/12/2007 12:03:06
Microsoft Windows XP Service Pack 2

==>> Processus <==
\SystemRoot\System32\smss.exe
\??\C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\APPS\Powercinema\PCMService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Labtec Laser Mouse Software\MulMouse.exe
C:\Program Files\Sitecom\Wireless Network USB Adapter 54G WL-113_002\Installer\WLANUTL.EXE
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\johan\Bureau\pca.exe

//pages de démarrage et de recherche d'Internet Explorer
RO - HKLM\Software\Microsoft\Internet Explorer\Main\Start Page = http://www.ustart.org
RO - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
RO - HKCU\Software\Microsoft\Internet Explorer\Main\Start Page = https://gamergen.com/psp/
RO - HKCU\Software\Microsoft\Internet Explorer\Toolbar\LinksFolderName = Liens
R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main\Search Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Search\CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Search\SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard\ShellNext = iexplore
//applications lancées depuis system.ini,win.ini
//03 - Browser Helper Objects (BHOs)
02 - BHO: - {01960937-90F6-4A37-8EF3-272A79B92393} -
02 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
02 - BHO: - {0451E078-8F69-4112-B912-069485A4FD4E} -
02 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
02 - BHO: - {15B35764-C5C2-4446-9AE7-95AD09FDB313} -
02 - BHO: - {18F06E47-85B3-4B25-8E38-8F02435BA4D4} -
02 - BHO: - {236742D3-CB05-40FD-9EF2-CCC8FE395DA9} -
02 - BHO: - {2B5D9C8D-2371-4A42-9021-9DEFE114FC13} -
02 - BHO: - {40E6EF44-7C05-4572-9C1F-8663A9F5B609} -
02 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
02 - BHO: - {5A4F7DEA-D6E8-408F-8A9F-9D44ADCBD564} -
02 - BHO: - {5C831DCB-4D12-4ABF-BA9E-8712D3C5B41F} -
02 - BHO: - {6273CDB9-1A4B-4D21-A8E1-C4C9806DBBFC} -
02 - BHO: - {6F2225B6-CDEE-4382-AF1B-6B0EE3C651E3} - C:\WINDOWS\system32\awtsq.dll
02 - BHO: - {70F02488-8629-40FB-BF42-E3BCEEAF4EC7} -
02 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
02 - BHO: - {7A7C1820-EDEA-48F4-8851-F79B571BB8D3} -
02 - BHO: - {7CA81AF5-4F44-430A-A03E-0BC20074BCAE} -
02 - BHO: - {7E853D72-626A-48EC-A868-BA8D5E23E045} -
02 - BHO: - {80FBECCE-C17E-48F2-BBDF-8C7EA2C1891E} -
02 - BHO: - {812F8732-E71C-4DC4-A5A9-A7DE629E9ADE} -
02 - BHO: - {81A40807-DFB1-4D59-914C-8C6154AB1EF6} -
02 - BHO: - {89AD4D75-2429-462e-BD4E-443F233F6033} -
02 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
02 - BHO: - {9403621D-F14F-4C53-84C4-FAA72D07F8FA} -
02 - BHO: - {947F403E-DCF7-4ADB-8989-60ABA3C742FA} -
02 - BHO: - {9DA411D9-ED04-4E92-9D58-72D51A2EBD69} -
02 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
02 - BHO: - {ABB580C8-1C2F-4209-8386-B75B457F4E67} -
02 - BHO: - {B3B5B2B8-43B1-444A-A1C1-9784EE5D96D8} -
02 - BHO: - {C6009EA7-2759-4385-8BB9-AE270D10B8B4} -
02 - BHO: - {D751FD0B-885D-47D5-96FB-6D0FACDC4E3C} -
02 - BHO: - {EFEE2945-4665-4CFE-9F12-2934FFF9F1E4} -
O3 - Toolbar : Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar : &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar : - {11A69AE4-FBED-4832-A2BF-45AF82825583} -
//04 - applications chargées automatiquement
04 - HKLM\..\RUN: [nTrayFw] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
04 - HKLM\..\RUN: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
04 - HKLM\..\RUN: [nwiz] - nwiz.exe /install
04 - HKLM\..\RUN: [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
04 - HKLM\..\RUN: [SoundMan] - SOUNDMAN.EXE
04 - HKLM\..\RUN: [DetectorApp] - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
04 - HKLM\..\RUN: [ISUSPM Startup] - "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
04 - HKLM\..\RUN: [ISUSScheduler] - "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
04 - HKLM\..\RUN: [PCMService] - "c:\APPS\Powercinema\PCMService.exe"
04 - HKLM\..\RUN: [SunJavaUpdateSched] - "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
04 - HKLM\..\RUN: [avast!] - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
04 - HKLM\..\RUN: [QuickTime Task] - "C:\Program Files\QuickTime\qttask.exe" -atboottime
04 - HKLM\..\RUN: [IdiomaX Office] - C:\Program Files\IdiomaX\Office Translator 4.0\IdxOffice.exe
04 - HKLM\..\RUN: [IdiomaX Product Update] - C:\Program Files\Fichiers communs\IdiomaX Shared\Cat 6.0\IdxLUpdate.exe /AUTOSTART
04 - HKLM\..\RUN: [PWRISOVM.EXE] - C:\Program Files\PowerISO\PWRISOVM.EXE
04 - HKLM\..\RUN: [VirtualCloneDrive] - "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
04 - HKLM\..\RUN: [Picasa Media Detector] - C:\Program Files\Picasa2\PicasaMediaDetector.exe
04 - HKLM\..\RUN: [9c21edd7] - rundll32.exe "C:\WINDOWS\system32\vbphbabf.dll",b
04 - HKLU\..\RUN: [CTFMON.EXE] - C:\WINDOWS\system32\ctfmon.exe
04 - HKLU\..\RUN: [MsnMsgr] - "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
04 - HKLU\..\RUN: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe
04 - HKLU\..\RUN: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
04 - HKLU\..\RUN: [AlcoholAutomount] - "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
04 - HKLM\..\RunOnce: [SpybotDeletingC242] - C:\WINDOWS\system32\ctfmon.exe
04 - HKUS\S-1-5-18\..\RUN: [CTFMON.EXE] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
04 - HKUS\S-1-5-18\..\RUN: [Picasa Media Detector] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
04 - HKUS\S-1-5-19\..\RUN: [CTFMON.EXE] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
04 - HKUS\S-1-5-20\..\RUN: [CTFMON.EXE] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
04 - HKUS\S-1-5-21-3618015508-3629909785-1147112342-1007\..\RUN: [CTFMON.EXE] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
04 - HKUS\S-1-5-21-3618015508-3629909785-1147112342-1007\..\RUN: [MsnMsgr] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
04 - HKUS\S-1-5-21-3618015508-3629909785-1147112342-1007\..\RUN: [WMPNSCFG] - nwiz.exe /install
04 - HKUS\S-1-5-21-3618015508-3629909785-1147112342-1007\..\RUN: [SpybotSD TeaTimer] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
04 - HKUS\S-1-5-21-3618015508-3629909785-1147112342-1007\..\RUN: [AlcoholAutomount] - SOUNDMAN.EXE
04 - Global Startup: Réglages souris Labtec.lnk= C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Réglages souris Labtec.lnk
04 - Global Startup: Sitecom Wireless Utility.lnk= C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Sitecom Wireless Utility.lnk
04 - Startup: OpenOffice.org 2.2.lnk= C:\Documents and Settings\johan\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.2.lnk
04 - Startup: RocketDock.lnk= C:\Documents and Settings\johan\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk
04 - Startup: TransBar.lnk= C:\Documents and Settings\johan\Menu Démarrer\Programmes\Démarrage\TransBar.lnk
04 - Startup: UberIcon.lnk= C:\Documents and Settings\johan\Menu Démarrer\Programmes\Démarrage\UberIcon.lnk
04 - Startup: Y'z Shadow.lnk= C:\Documents and Settings\johan\Menu Démarrer\Programmes\Démarrage\Y'z Shadow.lnk
//05 - Accès au panneau de contrôle d'Internet Explorer (control.ini)
//06- interdiction à l' accès au options (Internet Explorer)
//07 - blocage de l'exécution de Regedit
//08 - lignes supplémentaires dans le menu contextuel d'Internet Explorer
//09 - boutons situés sur la barre d'outils principale d'Internet Explorer
09 - Extra button: - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
09 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
09 - Extra button: - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
09 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
09 - Extra button: - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
09 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
09 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
09 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
//O10 - Pirates de Winsock
//O11 - Onglet supplémentaire dans les options avancées d'Internet Explorer)
O11 - Options group: [INTERNATIONAL] - International*
//O12 - IE plugins
//013 : DefaultPrefix
//014 - Option : (Rétablir les paramètres Web)
//015 - Zone de confiance d'Internet Explorer
//O16 - Objets ActiveX
O16 - DPF : QuickTime Object - {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - C:\Program Files\QuickTime\QTPlugin.ocx
O16 - DPF : Shockwave ActiveX Control - {166B1BCA-3F9C-11CF-8075-444553540000} - C:\WINDOWS\system32\macromed\Director\SwDir.dll
O16 - DPF : Checkers Class - {20A60F0D-9AFA-4515-A0FD-83BD84642501} - C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
O16 - DPF : Shockwave ActiveX Control - {233C1507-6A77-46A4-9443-F871F945D258} - C:\WINDOWS\system32\Macromed\Director\SwDir.dll
O16 - DPF : TotalScan Installer Class - {512FC5A1-7DE1-43F1-BC0C-371622FCB409} - C:\WINDOWS\Downloaded Program Files\ascstubie.dll
O16 - DPF : UnoCtrl Class - {5D6F45B3-9043-443D-A792-115447494D24} - C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll
O16 - DPF : WUWebControl Class - {6414512B-B978-451D-A0D8-FCFDF33E833C} - C:\WINDOWS\system32\wuweb.dll
O16 - DPF : MessengerStatsClient Class - {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
O16 - DPF : Minesweeper Flags Class - {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - C:\WINDOWS\Downloaded Program Files\MineSweeper.dll
//O17 - piratage de domaine Lop.com
//O18 - protocoles additionnels
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} -
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
//O19 - feuille de style de l'utilisateur
//O20 - valeur de Registre AppInit_DLLs et les sous-clés Winlogon Notify
O20 - AppInit_DLLs : C:\WINDOWS\system32\__c0029F9C.dat
//O21 - ShellServiceObjectDelayLoad
//O22 - SharedTaskScheduler
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - %SystemRoot%\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll
//O23 - services de XP,NT, 2000, et 2003
O23 - Service: [a-squared Free Service] -
O23 - Service: [Ad-Aware 2007 Service] - "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"
O23 - Service: [Service de la passerelle de la couche Application] - %SystemRoot%\System32\alg.exe
O23 - Service: [Service d'état ASP.NET] - %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
O23 - Service: [avast! iAVS4 Control Service] - "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
O23 - Service: [avast! Antivirus] - "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
O23 - Service: [avast! Mail Scanner] - "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
O23 - Service: [avast! Web Scanner] - "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
O23 - Service: [CyberLink Background Capture Service (CBCS)] - "c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe"
O23 - Service: [Gestionnaire de l'Album] - %SystemRoot%\system32\clipsrv.exe
O23 - Service: [.NET Runtime Optimization Service v2.0.50727_X86] - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
O23 - Service: [CyberLink Task Scheduler (CTS)] - "c:\APPS\Powercinema\Kernel\TV\CLSched.exe"
O23 - Service: [Application système COM+] - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
O23 - Service: [CyberLink Media Library Service] - "c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe"
O23 - Service: [DomainService] - C:\WINDOWS\system32\wuqdhxbm.exe /service
O23 - Service: [Forceware Web Interface] - "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice
O23 - Service: [Google Updater Service] - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
O23 - Service: [InstallDriver Table Manager] - "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: [Service COM de gravage de CD IMAPI] -
O23 - Service: [LiveUpdate] - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
O23 - Service: [Partage de Bureau à distance NetMeeting] - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: [ForceWare IP service] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: [ForceWare user log service] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: [NVIDIA Display Driver Service] - %SystemRoot%\system32\nvsvc32.exe
O23 - Service: [Planificateur LiveUpdate automatique] - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
O23 - Service: [PnkBstrA] - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: [Gestionnaire de session d'aide sur le Bureau à distance] - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: [Localisateur d'appels de procédure distante (RPC)] - %SystemRoot%\system32\locator.exe
O23 - Service: [QoS RSVP] - %SystemRoot%\system32\rsvp.exe
O23 - Service: [Spouleur d'impression] - %SystemRoot%\system32\spoolsv.exe
O23 - Service: [StarWind AE Service] - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: [MS Software Shadow Copy Provider] - C:\WINDOWS\system32\dllhost.exe /Processid:{DC0E0607-432C-4B27-86F3-8CFCBAD1B8EB}
O23 - Service: [Journaux et alertes de performance] - %SystemRoot%\system32\smlogsvc.exe
O23 - Service: [Onduleur] - %SystemRoot%\System32\ups.exe
O23 - Service: [USBDeviceService] - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: [Service Messenger Sharing Folders USN Journal Reader] - "C:\Program Files\MSN Messenger\usnsvc.exe"
O23 - Service: [Cliché instantané de volume] - %SystemRoot%\System32\vssvc.exe
O23 - Service: [Carte de performance WMI] - C:\WINDOWS\system32\wbem\wmiapsrv.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 23
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 123
5 déc. 2007 à 12:28
Re,

* Lance Vundofix mais ne clique pas sur "Scan for Vundo".
* Fais un clic droit sur la fenêtre blanche et choisis "add more files".
* Indique le ou les fichiers suivants dans les cases (un fichier par case) :

C:\WINDOWS\system32\__c0029F9C.dat
C:\WINDOWS\system32\awtsq.dll
C:\WINDOWS\system32\wuqdhxbm.exe

* Clique sur "add files" puis "close windows".
* Clique sur "Remove Vundo". Un redémarrage sera peut-être nécessaire.
* Poste le rapport généré. Il se trouve ici : C:\vundofix.txt

Edite aussi un nouveau rapport PCA.

FillPCA
0
Réponse 6 / 23
Killi
5 déc. 2007 à 12:47
Re , il a pas reussit a suprimer C:\WINDOWS\system32\__c0029F9C.dat , voila les raport :



Beginning removal...

Attempting to delete C:\WINDOWS\system32\__c0029F9C.dat
C:\WINDOWS\system32\__c0029F9C.dat Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\__c0029F9C.dat
C:\WINDOWS\system32\__c0029F9C.dat Could not be deleted.

Performing Repairs to the registry.
Done!




PCA Sécurité V 1.0.2, (fichier LOG).
# Rapport du :05/12/2007 12:47:08
Microsoft Windows XP Service Pack 2

==>> Processus <==
\SystemRoot\System32\smss.exe
\??\C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\APPS\Powercinema\PCMService.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Labtec Laser Mouse Software\MulMouse.exe
C:\Program Files\Sitecom\Wireless Network USB Adapter 54G WL-113_002\Installer\WLANUTL.EXE
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\johan\Bureau\pca.exe

//pages de démarrage et de recherche d'Internet Explorer
RO - HKLM\Software\Microsoft\Internet Explorer\Main\Start Page = http://www.ustart.org
RO - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
RO - HKCU\Software\Microsoft\Internet Explorer\Main\Start Page = https://gamergen.com/psp/
RO - HKCU\Software\Microsoft\Internet Explorer\Toolbar\LinksFolderName = Liens
R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main\Search Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Search\CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Search\SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard\ShellNext = iexplore
//applications lancées depuis system.ini,win.ini
//03 - Browser Helper Objects (BHOs)
02 - BHO: - {01960937-90F6-4A37-8EF3-272A79B92393} -
02 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
02 - BHO: - {0451E078-8F69-4112-B912-069485A4FD4E} -
02 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
02 - BHO: - {15B35764-C5C2-4446-9AE7-95AD09FDB313} -
02 - BHO: - {18F06E47-85B3-4B25-8E38-8F02435BA4D4} -
02 - BHO: - {236742D3-CB05-40FD-9EF2-CCC8FE395DA9} -
02 - BHO: - {2B5D9C8D-2371-4A42-9021-9DEFE114FC13} -
02 - BHO: - {40E6EF44-7C05-4572-9C1F-8663A9F5B609} -
02 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
02 - BHO: - {5A4F7DEA-D6E8-408F-8A9F-9D44ADCBD564} -
02 - BHO: - {5C831DCB-4D12-4ABF-BA9E-8712D3C5B41F} -
02 - BHO: - {6273CDB9-1A4B-4D21-A8E1-C4C9806DBBFC} -
02 - BHO: - {6F2225B6-CDEE-4382-AF1B-6B0EE3C651E3} - C:\WINDOWS\system32\awtsq.dll
02 - BHO: - {70F02488-8629-40FB-BF42-E3BCEEAF4EC7} -
02 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
02 - BHO: - {7A7C1820-EDEA-48F4-8851-F79B571BB8D3} -
02 - BHO: - {7CA81AF5-4F44-430A-A03E-0BC20074BCAE} -
02 - BHO: - {7E853D72-626A-48EC-A868-BA8D5E23E045} -
02 - BHO: - {80FBECCE-C17E-48F2-BBDF-8C7EA2C1891E} -
02 - BHO: - {812F8732-E71C-4DC4-A5A9-A7DE629E9ADE} -
02 - BHO: - {81A40807-DFB1-4D59-914C-8C6154AB1EF6} -
02 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
02 - BHO: - {9403621D-F14F-4C53-84C4-FAA72D07F8FA} -
02 - BHO: - {947F403E-DCF7-4ADB-8989-60ABA3C742FA} -
02 - BHO: - {9DA411D9-ED04-4E92-9D58-72D51A2EBD69} -
02 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
02 - BHO: - {ABB580C8-1C2F-4209-8386-B75B457F4E67} -
02 - BHO: - {B3B5B2B8-43B1-444A-A1C1-9784EE5D96D8} -
02 - BHO: - {C6009EA7-2759-4385-8BB9-AE270D10B8B4} -
02 - BHO: - {D751FD0B-885D-47D5-96FB-6D0FACDC4E3C} -
02 - BHO: - {EFEE2945-4665-4CFE-9F12-2934FFF9F1E4} -
O3 - Toolbar : Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar : &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar : - {11A69AE4-FBED-4832-A2BF-45AF82825583} -
//04 - applications chargées automatiquement
04 - HKLM\..\RUN: [nTrayFw] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
04 - HKLM\..\RUN: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
04 - HKLM\..\RUN: [nwiz] - nwiz.exe /install
04 - HKLM\..\RUN: [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
04 - HKLM\..\RUN: [SoundMan] - SOUNDMAN.EXE
04 - HKLM\..\RUN: [DetectorApp] - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
04 - HKLM\..\RUN: [ISUSPM Startup] - "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
04 - HKLM\..\RUN: [ISUSScheduler] - "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
04 - HKLM\..\RUN: [PCMService] - "c:\APPS\Powercinema\PCMService.exe"
04 - HKLM\..\RUN: [SunJavaUpdateSched] - "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
04 - HKLM\..\RUN: [avast!] - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
04 - HKLM\..\RUN: [QuickTime Task] - "C:\Program Files\QuickTime\qttask.exe" -atboottime
04 - HKLM\..\RUN: [IdiomaX Office] - C:\Program Files\IdiomaX\Office Translator 4.0\IdxOffice.exe
04 - HKLM\..\RUN: [IdiomaX Product Update] - C:\Program Files\Fichiers communs\IdiomaX Shared\Cat 6.0\IdxLUpdate.exe /AUTOSTART
04 - HKLM\..\RUN: [PWRISOVM.EXE] - C:\Program Files\PowerISO\PWRISOVM.EXE
04 - HKLM\..\RUN: [VirtualCloneDrive] - "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
04 - HKLM\..\RUN: [Picasa Media Detector] - C:\Program Files\Picasa2\PicasaMediaDetector.exe
04 - HKLM\..\RUN: [9c21edd7] - rundll32.exe "C:\WINDOWS\system32\vbphbabf.dll",b
04 - HKLU\..\RUN: [CTFMON.EXE] - C:\WINDOWS\system32\ctfmon.exe
04 - HKLU\..\RUN: [MsnMsgr] - "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
04 - HKLU\..\RUN: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe
04 - HKLU\..\RUN: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
04 - HKLU\..\RUN: [AlcoholAutomount] - "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
04 - HKLM\..\RunOnce: [SpybotDeletingC242] - C:\WINDOWS\system32\ctfmon.exe
04 - HKUS\S-1-5-18\..\RUN: [CTFMON.EXE] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
04 - HKUS\S-1-5-18\..\RUN: [Picasa Media Detector] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
04 - HKUS\S-1-5-19\..\RUN: [CTFMON.EXE] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
04 - HKUS\S-1-5-20\..\RUN: [CTFMON.EXE] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
04 - HKUS\S-1-5-21-3618015508-3629909785-1147112342-1007\..\RUN: [CTFMON.EXE] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
04 - HKUS\S-1-5-21-3618015508-3629909785-1147112342-1007\..\RUN: [MsnMsgr] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
04 - HKUS\S-1-5-21-3618015508-3629909785-1147112342-1007\..\RUN: [WMPNSCFG] - nwiz.exe /install
04 - HKUS\S-1-5-21-3618015508-3629909785-1147112342-1007\..\RUN: [SpybotSD TeaTimer] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
04 - HKUS\S-1-5-21-3618015508-3629909785-1147112342-1007\..\RUN: [AlcoholAutomount] - SOUNDMAN.EXE
04 - Global Startup: Réglages souris Labtec.lnk= C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Réglages souris Labtec.lnk
04 - Global Startup: Sitecom Wireless Utility.lnk= C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Sitecom Wireless Utility.lnk
04 - Startup: OpenOffice.org 2.2.lnk= C:\Documents and Settings\johan\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.2.lnk
04 - Startup: RocketDock.lnk= C:\Documents and Settings\johan\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk
04 - Startup: TransBar.lnk= C:\Documents and Settings\johan\Menu Démarrer\Programmes\Démarrage\TransBar.lnk
04 - Startup: UberIcon.lnk= C:\Documents and Settings\johan\Menu Démarrer\Programmes\Démarrage\UberIcon.lnk
04 - Startup: Y'z Shadow.lnk= C:\Documents and Settings\johan\Menu Démarrer\Programmes\Démarrage\Y'z Shadow.lnk
//05 - Accès au panneau de contrôle d'Internet Explorer (control.ini)
//06- interdiction à l' accès au options (Internet Explorer)
//07 - blocage de l'exécution de Regedit
//08 - lignes supplémentaires dans le menu contextuel d'Internet Explorer
//09 - boutons situés sur la barre d'outils principale d'Internet Explorer
09 - Extra button: - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
09 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
09 - Extra button: - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
09 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
09 - Extra button: - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
09 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
09 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
09 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
//O10 - Pirates de Winsock
//O11 - Onglet supplémentaire dans les options avancées d'Internet Explorer)
O11 - Options group: [INTERNATIONAL] - International*
//O12 - IE plugins
//013 : DefaultPrefix
//014 - Option : (Rétablir les paramètres Web)
//015 - Zone de confiance d'Internet Explorer
//O16 - Objets ActiveX
O16 - DPF : QuickTime Object - {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - C:\Program Files\QuickTime\QTPlugin.ocx
O16 - DPF : Shockwave ActiveX Control - {166B1BCA-3F9C-11CF-8075-444553540000} - C:\WINDOWS\system32\macromed\Director\SwDir.dll
O16 - DPF : Checkers Class - {20A60F0D-9AFA-4515-A0FD-83BD84642501} - C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
O16 - DPF : Shockwave ActiveX Control - {233C1507-6A77-46A4-9443-F871F945D258} - C:\WINDOWS\system32\Macromed\Director\SwDir.dll
O16 - DPF : TotalScan Installer Class - {512FC5A1-7DE1-43F1-BC0C-371622FCB409} - C:\WINDOWS\Downloaded Program Files\ascstubie.dll
O16 - DPF : UnoCtrl Class - {5D6F45B3-9043-443D-A792-115447494D24} - C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll
O16 - DPF : WUWebControl Class - {6414512B-B978-451D-A0D8-FCFDF33E833C} - C:\WINDOWS\system32\wuweb.dll
O16 - DPF : MessengerStatsClient Class - {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
O16 - DPF : Minesweeper Flags Class - {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - C:\WINDOWS\Downloaded Program Files\MineSweeper.dll
//O17 - piratage de domaine Lop.com
//O18 - protocoles additionnels
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} -
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
//O19 - feuille de style de l'utilisateur
//O20 - valeur de Registre AppInit_DLLs et les sous-clés Winlogon Notify
O20 - AppInit_DLLs : C:\WINDOWS\system32\__c0029F9C.dat
//O21 - ShellServiceObjectDelayLoad
//O22 - SharedTaskScheduler
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - %SystemRoot%\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll
//O23 - services de XP,NT, 2000, et 2003
O23 - Service: [a-squared Free Service] -
O23 - Service: [Ad-Aware 2007 Service] - "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"
O23 - Service: [Service de la passerelle de la couche Application] - %SystemRoot%\System32\alg.exe
O23 - Service: [Service d'état ASP.NET] - %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
O23 - Service: [avast! iAVS4 Control Service] - "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
O23 - Service: [avast! Antivirus] - "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
O23 - Service: [avast! Mail Scanner] - "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
O23 - Service: [avast! Web Scanner] - "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
O23 - Service: [CyberLink Background Capture Service (CBCS)] - "c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe"
O23 - Service: [Gestionnaire de l'Album] - %SystemRoot%\system32\clipsrv.exe
O23 - Service: [.NET Runtime Optimization Service v2.0.50727_X86] - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
O23 - Service: [CyberLink Task Scheduler (CTS)] - "c:\APPS\Powercinema\Kernel\TV\CLSched.exe"
O23 - Service: [Application système COM+] - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
O23 - Service: [CyberLink Media Library Service] - "c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe"
O23 - Service: [DomainService] - C:\WINDOWS\system32\wuqdhxbm.exe /service
O23 - Service: [Forceware Web Interface] - "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice
O23 - Service: [Google Updater Service] - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
O23 - Service: [InstallDriver Table Manager] - "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: [Service COM de gravage de CD IMAPI] -
O23 - Service: [LiveUpdate] - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
O23 - Service: [Partage de Bureau à distance NetMeeting] - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: [ForceWare IP service] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: [ForceWare user log service] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: [NVIDIA Display Driver Service] - %SystemRoot%\system32\nvsvc32.exe
O23 - Service: [Planificateur LiveUpdate automatique] - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
O23 - Service: [PnkBstrA] - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: [Gestionnaire de session d'aide sur le Bureau à distance] - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: [Localisateur d'appels de procédure distante (RPC)] - %SystemRoot%\system32\locator.exe
O23 - Service: [QoS RSVP] - %SystemRoot%\system32\rsvp.exe
O23 - Service: [Spouleur d'impression] - %SystemRoot%\system32\spoolsv.exe
O23 - Service: [StarWind AE Service] - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: [MS Software Shadow Copy Provider] - C:\WINDOWS\system32\dllhost.exe /Processid:{DC0E0607-432C-4B27-86F3-8CFCBAD1B8EB}
O23 - Service: [Journaux et alertes de performance] - %SystemRoot%\system32\smlogsvc.exe
O23 - Service: [Onduleur] - %SystemRoot%\System32\ups.exe
O23 - Service: [USBDeviceService] - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: [Service Messenger Sharing Folders USN Journal Reader] - "C:\Program Files\MSN Messenger\usnsvc.exe"
O23 - Service: [Cliché instantané de volume] - %SystemRoot%\System32\vssvc.exe
O23 - Service: [Carte de performance WMI] - C:\WINDOWS\system32\wbem\wmiapsrv.exe
0
Réponse 7 / 23
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 123
5 déc. 2007 à 12:49
Re,

* Télécharge combofix.exe (par sUBs) sur ton Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Double clique combofix.exe et suis les invites.
* Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

FillPCA
0
Réponse 8 / 23
Killi
5 déc. 2007 à 13:20
Voila :

ComboFix 07-12-02.6 - johan 2007-12-05 12:55:28.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.139 [GMT 1:00]
Running from: C:\Documents and Settings\johan\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\Documents and Settings\johan\Application Data\inst.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\__c0029F9C.dat
C:\WINDOWS\system32\agpdxeey.ini
C:\WINDOWS\system32\aiktaslp.dll
C:\WINDOWS\system32\auto.exe
C:\WINDOWS\system32\bjqfkaaj.dll
C:\WINDOWS\system32\bpbuqwjq.ini
C:\WINDOWS\system32\bsaubmct.exe
C:\WINDOWS\system32\crdrnekj.dll
C:\WINDOWS\system32\duyfiwla.exe
C:\WINDOWS\system32\efgguxux.ini
C:\WINDOWS\system32\eninggqf.dll
C:\WINDOWS\system32\ewdmkect.dll
C:\WINDOWS\system32\fgbwukii.ini
C:\WINDOWS\system32\fiohyagx.dll
C:\WINDOWS\system32\fjbvyssh.ini
C:\WINDOWS\system32\fjwilyey.dll
C:\WINDOWS\system32\fpfddbjp.dll
C:\WINDOWS\system32\fqggnine.ini
C:\WINDOWS\system32\gbbojafg.dll
C:\WINDOWS\system32\gdtipvxp.dll
C:\WINDOWS\system32\gfajobbg.ini
C:\WINDOWS\system32\hssyvbjf.dll
C:\WINDOWS\system32\ihvgcfco.dll
C:\WINDOWS\system32\iikuwbgf.dll
C:\WINDOWS\system32\ilxdyewq.ini
C:\WINDOWS\system32\imoumpbu.dll
C:\WINDOWS\system32\jaakfqjb.ini
C:\WINDOWS\system32\jdvkpkgo.dll
C:\WINDOWS\system32\jkenrdrc.ini
C:\WINDOWS\system32\jmlestak.ini
C:\WINDOWS\system32\jpctdwux.dll
C:\WINDOWS\system32\jpubojrn.dll
C:\WINDOWS\system32\katselmj.dll
C:\WINDOWS\system32\lamnnyje.exe
C:\WINDOWS\system32\lhejdbmp.ini
C:\WINDOWS\system32\lhxspnqy.ini
C:\WINDOWS\system32\lyyeowql.exe
C:\WINDOWS\system32\mbjabqmy.exe
C:\WINDOWS\system32\mdeonoaq.exe
C:\WINDOWS\system32\niehkgip.ini
C:\WINDOWS\system32\nnwdihlp.ini
C:\WINDOWS\system32\nrjobupj.ini
C:\WINDOWS\system32\ocfcgvhi.ini
C:\WINDOWS\system32\ogkpkvdj.ini
C:\WINDOWS\system32\okiqbtrv.ini
C:\WINDOWS\system32\onprxsju.ini
C:\WINDOWS\system32\pigkhein.dll
C:\WINDOWS\system32\pjbddfpf.ini
C:\WINDOWS\system32\plhidwnn.dll
C:\WINDOWS\system32\plsatkia.ini
C:\WINDOWS\system32\pmbdjehl.dll
C:\WINDOWS\system32\psdnqcal.exe
C:\WINDOWS\system32\pxvpitdg.ini
C:\WINDOWS\system32\qjwqubpb.dll
C:\WINDOWS\system32\qlfbowcu.ini
C:\WINDOWS\system32\qstwa.bak1
C:\WINDOWS\system32\qstwa.bak2
C:\WINDOWS\system32\qstwa.ini
C:\WINDOWS\system32\qstwa.ini2
C:\WINDOWS\system32\qstwa.tmp
C:\WINDOWS\system32\qweydxli.dll
C:\WINDOWS\system32\rjalhgau.ini
C:\WINDOWS\system32\spcwybxu.dll
C:\WINDOWS\system32\tcekmdwe.ini
C:\WINDOWS\system32\uaghlajr.dll
C:\WINDOWS\system32\ubpmuomi.ini
C:\WINDOWS\system32\ucwobflq.dll
C:\WINDOWS\system32\ujsxrpno.dll
C:\WINDOWS\system32\uxbywcps.ini
C:\WINDOWS\system32\vgpbcydf.exe
C:\WINDOWS\system32\vomiftpv.ini
C:\WINDOWS\system32\vptfimov.dll
C:\WINDOWS\system32\vrtbqiko.dll
C:\WINDOWS\system32\vsopwfsq.exe
C:\WINDOWS\system32\wqdjoyoy.dll
C:\WINDOWS\system32\wujgbnqy.ini
C:\WINDOWS\system32\xgayhoif.ini
C:\WINDOWS\system32\xjmmpeab.exe
C:\WINDOWS\system32\xuwdtcpj.ini
C:\WINDOWS\system32\xuxuggfe.dll
C:\WINDOWS\system32\xxxwuvti.exe
C:\WINDOWS\system32\yeexdpga.dll
C:\WINDOWS\system32\yeyliwjf.ini
C:\WINDOWS\system32\yoyojdqw.ini
C:\WINDOWS\system32\yqnbgjuw.dll
C:\WINDOWS\system32\yqnpsxhl.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-05 to 2007-12-05 ))))))))))))))))))))))))))))))))))))
.

2007-12-04 16:46 . 2007-12-04 16:46 294 ---hs---- C:\WINDOWS\system32\fitljvyv.ini
2007-12-03 17:49 . 2007-12-03 17:50 414 ---hs---- C:\WINDOWS\system32\qmnehmqp.ini
2007-12-03 17:32 . 2007-12-03 17:44 354 ---hs---- C:\WINDOWS\system32\hxxhqpqr.ini
2007-12-02 17:54 . 2007-12-02 17:55 <REP> d-------- C:\Program Files\Panda Security
2007-12-02 17:43 . 2007-12-02 17:43 294 ---hs---- C:\WINDOWS\system32\jkepedtr.ini
2007-12-02 17:35 . 2007-12-02 17:36 <REP> d-------- C:\HijackThis
2007-12-02 15:07 . 2007-12-02 15:07 294 ---hs---- C:\WINDOWS\system32\pkebibjq.ini
2007-11-23 19:24 . 2007-11-23 19:24 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-23 18:46 . 2007-12-05 12:38 <REP> d-------- C:\VundoFix Backups
2007-11-21 20:41 . 2007-11-22 15:58 23 --a------ C:\WINDOWS\BlendSettings.ini
2007-11-21 18:12 . 2007-11-21 18:12 <REP> d-------- C:\Program Files\Bethesda Softworks
2007-11-18 21:24 . 2006-09-29 11:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2007-11-18 21:24 . 2006-09-29 11:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2007-11-18 21:24 . 2006-09-29 11:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2007-11-17 23:37 . 2007-11-24 13:18 <REP> d-------- C:\Program Files\eMule
2007-11-17 13:15 . 2007-11-21 14:40 <REP> d-------- C:\Documents and Settings\johan\Application Data\CopyToDvd
2007-11-17 13:05 . 2007-11-18 21:24 <REP> d-------- C:\Program Files\VSO
2007-11-17 13:05 . 2007-11-21 14:40 <REP> d-------- C:\Documents and Settings\johan\Application Data\Vso
2007-11-17 13:05 . 2007-11-17 13:05 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-11-17 13:05 . 2007-11-17 13:05 47,360 --a------ C:\Documents and Settings\johan\Application Data\pcouffin.sys
2007-11-14 12:27 . 2007-11-14 12:27 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-11-09 17:38 . 2007-11-09 17:38 294 ---hs---- C:\WINDOWS\system32\fcwasyrf.ini
2007-11-05 21:32 . 2007-11-05 21:43 <REP> d-------- C:\Program Files\AutoWebCam

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-05 11:54 --------- d-----w C:\Documents and Settings\johan\Application Data\OpenOffice.org2
2007-12-03 19:35 --------- d-----w C:\Program Files\CSO-DAX Compressor
2007-11-24 21:43 --------- d-----w C:\Program Files\Sitecom
2007-11-21 17:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-19 17:28 --------- d-----w C:\Program Files\eChanblard
2007-11-14 12:03 --------- d-----w C:\Program Files\Alcohol Soft
2007-11-14 11:47 --------- d-----w C:\Documents and Settings\johan\Application Data\DMCache
2007-11-11 14:21 --------- d-----w C:\Program Files\BitLord
2007-11-03 18:48 --------- d-----w C:\Program Files\Picasa2
2007-11-03 18:25 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-03 11:00 --------- d-----w C:\Program Files\Age of Empires III
2007-11-01 13:13 --------- d-----w C:\Program Files\Microsoft Games
2007-10-29 08:46 --------- d-----w C:\Program Files\a-squared Free
2007-10-26 20:46 --------- d-----w C:\Documents and Settings\johan\Application Data\F4
2007-10-23 13:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-22 20:00 --------- d-----w C:\Documents and Settings\johan\Application Data\Grisoft
2007-10-22 19:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-22 19:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-10-22 19:25 --------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment
2007-10-22 19:13 --------- d-----w C:\Program Files\AtomixMP3
2007-10-22 15:38 --------- d-----w C:\Program Files\Lavasoft
2007-10-22 15:38 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-22 15:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-21 09:39 --------- d-----w C:\Program Files\PowerISO
2007-10-20 19:08 --------- d-----w C:\Program Files\Smart Projects
2007-10-20 18:26 --------- d-----w C:\Program Files\Elaborate Bytes
2007-10-17 19:12 --------- d-----w C:\Documents and Settings\johan\Application Data\GetRightToGo
2007-10-14 16:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Age of Empires 3
2007-10-13 16:27 11,376 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-12 17:47 --------- d-----w C:\Program Files\UHARC for Windows
2007-10-10 21:13 --------- d-----w C:\Program Files\Google
2007-10-10 12:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Age of Empires 3 YPack Trial
2007-10-07 18:49 --------- d-----w C:\Program Files\Fichiers communs\IdiomaX Uninstall
2007-10-07 18:49 --------- d-----w C:\Program Files\Fichiers communs\IdiomaX Shared
2007-10-07 18:48 --------- d-----w C:\Program Files\IdiomaX
2007-06-25 21:58 6,369 --sh--w C:\WINDOWS\system32\nnnmp.bak1
2007-06-26 08:57 1,159,722 --sh--w C:\WINDOWS\system32\nnnmp.bak2
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01960937-90F6-4A37-8EF3-272A79B92393}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0451E078-8F69-4112-B912-069485A4FD4E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15B35764-C5C2-4446-9AE7-95AD09FDB313}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18F06E47-85B3-4B25-8E38-8F02435BA4D4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{236742D3-CB05-40FD-9EF2-CCC8FE395DA9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B5D9C8D-2371-4A42-9021-9DEFE114FC13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40E6EF44-7C05-4572-9C1F-8663A9F5B609}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A4F7DEA-D6E8-408F-8A9F-9D44ADCBD564}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C831DCB-4D12-4ABF-BA9E-8712D3C5B41F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6273CDB9-1A4B-4D21-A8E1-C4C9806DBBFC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F2225B6-CDEE-4382-AF1B-6B0EE3C651E3}]
C:\WINDOWS\system32\awtsq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70F02488-8629-40FB-BF42-E3BCEEAF4EC7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A7C1820-EDEA-48F4-8851-F79B571BB8D3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7CA81AF5-4F44-430A-A03E-0BC20074BCAE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{80FBECCE-C17E-48F2-BBDF-8C7EA2C1891E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{812F8732-E71C-4DC4-A5A9-A7DE629E9ADE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81A40807-DFB1-4D59-914C-8C6154AB1EF6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9403621D-F14F-4C53-84C4-FAA72D07F8FA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{947F403E-DCF7-4ADB-8989-60ABA3C742FA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9DA411D9-ED04-4E92-9D58-72D51A2EBD69}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABB580C8-1C2F-4209-8386-B75B457F4E67}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B3B5B2B8-43B1-444A-A1C1-9784EE5D96D8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6009EA7-2759-4385-8BB9-AE270D10B8B4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D751FD0B-885D-47D5-96FB-6D0FACDC4E3C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EFEE2945-4665-4CFE-9F12-2934FFF9F1E4}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 15:46]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 11:27]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-07-29 16:25]
"NvCplDaemon"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2005-12-10 02:06 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 09:22 C:\WINDOWS\soundman.exe]
"DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 05:15]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-08-11 13:30]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 13:30]
"PCMService"="c:\APPS\Powercinema\PCMService.exe" [2006-02-23 11:08]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-17 23:20]
"IdiomaX Office"="C:\Program Files\IdiomaX\Office Translator 4.0\IdxOffice.exe" [2005-11-08 19:30]
"IdiomaX Product Update"="C:\Program Files\Fichiers communs\IdiomaX Shared\Cat 6.0\IdxLUpdate.exe" [2005-11-08 19:30]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 01:05]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 14:21]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18]
"9c21edd7"="C:\WINDOWS\system32\vbphbabf.dll" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingC242"="cmd /c del C:\WINDOWS\system32\hhwsikim.dll" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebxuss]
gebxuss.dll

R1 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\drivers\moufiltr.sys
R1 MUsbFltr;WayTechUSBFilterDriver;C:\WINDOWS\system32\drivers\MUsbFltr.sys
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
S3 SoC PC-Camera Service;Q-TEC WEBCAM 100 USB;C:\WINDOWS\system32\DRIVERS\pfc027.sys
S3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 ZD1211U(Sitecom);Sitecom Wireless Network USB Adapter Driver(Sitecom);C:\WINDOWS\system32\DRIVERS\zd1211u.sys
S3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\ZDPNDIS5.SYS

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-02 11:00:00 C:\WINDOWS\Tasks\Mise à jour des produits IdiomaX.job"
"2007-09-12 16:54:34 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2007-12-04 17:14:12 C:\WINDOWS\Tasks\User_Feed_Synchronization-{C164E178-F6F2-40FA-A41F-D284DCC2C913}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-05 13:13:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-05 13:17:08 - machine was rebooted
.
--- E O F ---
0
Réponse 9 / 23
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 123
5 déc. 2007 à 13:40
Re,

* Sélectionne le texte suivant :

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01960937-90F6-4A37-8EF3-272A79B92393}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0451E078-8F69-4112-B912-069485A4FD4E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15B35764-C5C2-4446-9AE7-95AD09FDB313}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18F06E47-85B3-4B25-8E38-8F02435BA4D4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{236742D3-CB05-40FD-9EF2-CCC8FE395DA9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B5D9C8D-2371-4A42-9021-9DEFE114FC13}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40E6EF44-7C05-4572-9C1F-8663A9F5B609}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5A4F7DEA-D6E8-408F-8A9F-9D44ADCBD564}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C831DCB-4D12-4ABF-BA9E-8712D3C5B41F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6273CDB9-1A4B-4D21-A8E1-C4C9806DBBFC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F2225B6-CDEE-4382-AF1B-6B0EE3C651E3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70F02488-8629-40FB-BF42-E3BCEEAF4EC7}]
[-HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7A7C1820-EDEA-48F4-8851-F79B571BB8D3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7CA81AF5-4F44-430A-A03E-0BC20074BCAE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{80FBECCE-C17E-48F2-BBDF-8C7EA2C1891E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{812F8732-E71C-4DC4-A5A9-A7DE629E9ADE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{81A40807-DFB1-4D59-914C-8C6154AB1EF6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9403621D-F14F-4C53-84C4-FAA72D07F8FA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{947F403E-DCF7-4ADB-8989-60ABA3C742FA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9DA411D9-ED04-4E92-9D58-72D51A2EBD69}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABB580C8-1C2F-4209-8386-B75B457F4E67}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B3B5B2B8-43B1-444A-A1C1-9784EE5D96D8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C6009EA7-2759-4385-8BB9-AE270D10B8B4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D751FD0B-885D-47D5-96FB-6D0FACDC4E3C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EFEE2945-4665-4CFE-9F12-2934FFF9F1E4}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebxuss]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"9c21edd7"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebxuss]

File::
C:\WINDOWS\system32\awtsq.dll
C:\WINDOWS\system32\vbphbabf.dll
C:\WINDOWS\system32\fitljvyv.ini
C:\WINDOWS\system32\qmnehmqp.ini
C:\WINDOWS\system32\hxxhqpqr.ini
C:\WINDOWS\system32\jkepedtr.ini
C:\WINDOWS\system32\fcwasyrf.ini
C:\WINDOWS\system32\nnnmp.bak1
C:\WINDOWS\system32\nnnmp.bak2

* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-note (programme>Accessoire>bloc-note).
* Colle le texte copié dans ce bloc-note (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Edite aussi un nouveau rapport PCA et dis-moi comment le pc se porte.

FillPCA
0
Réponse 10 / 23
Killi
5 déc. 2007 à 14:00
Voila :

C:\WINDOWS\system32\nnnmp.bak2
C:\WINDOWS\system32\qmnehmqp.ini
C:\WINDOWS\system32\vbphbabf.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\fcwasyrf.ini
C:\WINDOWS\system32\fitljvyv.ini
C:\WINDOWS\system32\hxxhqpqr.ini
C:\WINDOWS\system32\jkepedtr.ini
C:\WINDOWS\system32\nnnmp.bak1
C:\WINDOWS\system32\nnnmp.bak2
C:\WINDOWS\system32\qmnehmqp.ini

.
((((((((((((((((((((((((((((( Fichiers créés 2007-11-05 to 2007-12-05 ))))))))))))))))))))))))))))))))))))
.

2007-12-02 17:54 . 2007-12-02 17:55 <REP> d-------- C:\Program Files\Panda Security
2007-12-02 17:35 . 2007-12-02 17:36 <REP> d-------- C:\HijackThis
2007-12-02 15:07 . 2007-12-02 15:07 294 ---hs---- C:\WINDOWS\system32\pkebibjq.ini
2007-11-23 19:24 . 2007-11-23 19:24 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-23 18:46 . 2007-12-05 12:38 <REP> d-------- C:\VundoFix Backups
2007-11-21 20:41 . 2007-11-22 15:58 23 --a------ C:\WINDOWS\BlendSettings.ini
2007-11-21 18:12 . 2007-11-21 18:12 <REP> d-------- C:\Program Files\Bethesda Softworks
2007-11-18 21:24 . 2006-09-29 11:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2007-11-18 21:24 . 2006-09-29 11:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2007-11-18 21:24 . 2006-09-29 11:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2007-11-17 23:37 . 2007-11-24 13:18 <REP> d-------- C:\Program Files\eMule
2007-11-17 13:15 . 2007-11-21 14:40 <REP> d-------- C:\Documents and Settings\johan\Application Data\CopyToDvd
2007-11-17 13:05 . 2007-11-18 21:24 <REP> d-------- C:\Program Files\VSO
2007-11-17 13:05 . 2007-11-21 14:40 <REP> d-------- C:\Documents and Settings\johan\Application Data\Vso
2007-11-17 13:05 . 2007-11-17 13:05 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-11-17 13:05 . 2007-11-17 13:05 47,360 --a------ C:\Documents and Settings\johan\Application Data\pcouffin.sys
2007-11-14 12:27 . 2007-11-14 12:27 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-11-05 21:32 . 2007-11-05 21:43 <REP> d-------- C:\Program Files\AutoWebCam

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-05 12:15 --------- d-----w C:\Documents and Settings\johan\Application Data\OpenOffice.org2
2007-12-03 19:35 --------- d-----w C:\Program Files\CSO-DAX Compressor
2007-11-24 21:43 --------- d-----w C:\Program Files\Sitecom
2007-11-21 17:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-19 17:28 --------- d-----w C:\Program Files\eChanblard
2007-11-14 12:03 --------- d-----w C:\Program Files\Alcohol Soft
2007-11-14 11:47 --------- d-----w C:\Documents and Settings\johan\Application Data\DMCache
2007-11-11 14:21 --------- d-----w C:\Program Files\BitLord
2007-11-03 18:48 --------- d-----w C:\Program Files\Picasa2
2007-11-03 18:25 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-03 18:24 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-11-03 11:00 --------- d-----w C:\Program Files\Age of Empires III
2007-11-01 13:13 --------- d-----w C:\Program Files\Microsoft Games
2007-10-29 08:46 --------- d-----w C:\Program Files\a-squared Free
2007-10-26 20:46 --------- d-----w C:\Documents and Settings\johan\Application Data\F4
2007-10-26 17:35 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-10-26 17:35 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-23 13:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-22 20:00 --------- d-----w C:\Documents and Settings\johan\Application Data\Grisoft
2007-10-22 19:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-22 19:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-10-22 19:25 --------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment
2007-10-22 19:13 --------- d-----w C:\Program Files\AtomixMP3
2007-10-22 15:38 --------- d-----w C:\Program Files\Lavasoft
2007-10-22 15:38 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-22 15:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-21 09:39 --------- d-----w C:\Program Files\PowerISO
2007-10-20 19:08 --------- d-----w C:\Program Files\Smart Projects
2007-10-20 18:26 --------- d-----w C:\Program Files\Elaborate Bytes
2007-10-17 19:12 --------- d-----w C:\Documents and Settings\johan\Application Data\GetRightToGo
2007-10-14 16:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Age of Empires 3
2007-10-13 19:13 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-10-13 16:27 11,376 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-12 17:47 --------- d-----w C:\Program Files\UHARC for Windows
2007-10-10 21:13 --------- d-----w C:\Program Files\Google
2007-10-10 12:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Age of Empires 3 YPack Trial
2007-10-07 18:49 --------- d-----w C:\Program Files\Fichiers communs\IdiomaX Uninstall
2007-10-07 18:49 --------- d-----w C:\Program Files\Fichiers communs\IdiomaX Shared
2007-10-07 18:48 --------- d-----w C:\Program Files\IdiomaX
2007-10-03 22:36 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-09-05 22:22 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 15:46]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 11:27]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-07-29 16:25]
"NvCplDaemon"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2005-12-10 02:06 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 09:22 C:\WINDOWS\soundman.exe]
"DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 05:15]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-08-11 13:30]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 13:30]
"PCMService"="c:\APPS\Powercinema\PCMService.exe" [2006-02-23 11:08]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-17 23:20]
"IdiomaX Office"="C:\Program Files\IdiomaX\Office Translator 4.0\IdxOffice.exe" [2005-11-08 19:30]
"IdiomaX Product Update"="C:\Program Files\Fichiers communs\IdiomaX Shared\Cat 6.0\IdxLUpdate.exe" [2005-11-08 19:30]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 01:05]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 14:21]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingC242"="cmd /c del C:\WINDOWS\system32\hhwsikim.dll" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18]

C:\Documents and Settings\johan\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 16:54:56]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 23:05:02]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 20:41:18]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 08:43:08]
Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 08:43:14]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
R‚glages souris Labtec.lnk - C:\Program Files\Labtec Laser Mouse Software\MulMouse.exe [2007-04-05 16:36:28]
Sitecom Wireless Utility.lnk - C:\Program Files\Sitecom\Wireless Network USB Adapter 54G WL-113_002\Installer\WLANUTL.EXE [2007-02-05 16:29:47]

R1 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\drivers\moufiltr.sys
R1 MUsbFltr;WayTechUSBFilterDriver;C:\WINDOWS\system32\drivers\MUsbFltr.sys
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
S3 SoC PC-Camera Service;Q-TEC WEBCAM 100 USB;C:\WINDOWS\system32\DRIVERS\pfc027.sys
S3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 ZD1211U(Sitecom);Sitecom Wireless Network USB Adapter Driver(Sitecom);C:\WINDOWS\system32\DRIVERS\zd1211u.sys
S3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\ZDPNDIS5.SYS

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-02 11:00:00 C:\WINDOWS\Tasks\Mise à jour des produits IdiomaX.job"
- C:\Program Files\Fichiers communs\IdiomaX Shared\Cat 6.0\IdxLUpdate.exe
"2007-09-12 16:54:34 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2007-12-04 17:14:12 C:\WINDOWS\Tasks\User_Feed_Synchronization-{C164E178-F6F2-40FA-A41F-D284DCC2C913}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-05 13:55:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-05 13:56:18
.
--- E O F ---


Et celui de PCA :


PCA Sécurité V 1.0.2, (fichier LOG).
# Rapport du :05/12/2007 13:59:36
Microsoft Windows XP Service Pack 2

==>> Processus <==
\SystemRoot\System32\smss.exe
\??\C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\APPS\Powercinema\PCMService.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Labtec Laser Mouse Software\MulMouse.exe
C:\Program Files\Sitecom\Wireless Network USB Adapter 54G WL-113_002\Installer\WLANUTL.EXE
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\johan\Bureau\pca.exe

//pages de démarrage et de recherche d'Internet Explorer
RO - HKLM\Software\Microsoft\Internet Explorer\Main\Start Page = http://www.ustart.org
RO - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
RO - HKCU\Software\Microsoft\Internet Explorer\Main\Start Page = https://gamergen.com/psp/
RO - HKCU\Software\Microsoft\Internet Explorer\Toolbar\LinksFolderName = Liens
R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main\Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Search\CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Search\SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard\ShellNext = iexplore
//applications lancées depuis system.ini,win.ini
//03 - Browser Helper Objects (BHOs)
02 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
02 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
02 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
02 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
02 - BHO: - {7E853D72-626A-48EC-A868-BA8D5E23E045} -
02 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
02 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar : Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar : &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
//04 - applications chargées automatiquement
04 - HKLM\..\RUN: [nTrayFw] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
04 - HKLM\..\RUN: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
04 - HKLM\..\RUN: [nwiz] - nwiz.exe /install
04 - HKLM\..\RUN: [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
04 - HKLM\..\RUN: [SoundMan] - SOUNDMAN.EXE
04 - HKLM\..\RUN: [DetectorApp] - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
04 - HKLM\..\RUN: [ISUSPM Startup] - "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
04 - HKLM\..\RUN: [ISUSScheduler] - "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
04 - HKLM\..\RUN: [PCMService] - "c:\APPS\Powercinema\PCMService.exe"
04 - HKLM\..\RUN: [SunJavaUpdateSched] - "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
04 - HKLM\..\RUN: [avast!] - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
04 - HKLM\..\RUN: [QuickTime Task] - "C:\Program Files\QuickTime\qttask.exe" -atboottime
04 - HKLM\..\RUN: [IdiomaX Office] - C:\Program Files\IdiomaX\Office Translator 4.0\IdxOffice.exe
04 - HKLM\..\RUN: [IdiomaX Product Update] - C:\Program Files\Fichiers communs\IdiomaX Shared\Cat 6.0\IdxLUpdate.exe /AUTOSTART
04 - HKLM\..\RUN: [PWRISOVM.EXE] - C:\Program Files\PowerISO\PWRISOVM.EXE
04 - HKLM\..\RUN: [VirtualCloneDrive] - "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
04 - HKLM\..\RUN: [Picasa Media Detector] - C:\Program Files\Picasa2\PicasaMediaDetector.exe
04 - HKLU\..\RUN: [CTFMON.EXE] - C:\WINDOWS\system32\ctfmon.exe
04 - HKLU\..\RUN: [MsnMsgr] - "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
04 - HKLU\..\RUN: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe
04 - HKLU\..\RUN: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
04 - HKLU\..\RUN: [AlcoholAutomount] - "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
04 - HKLM\..\RunOnce: [SpybotDeletingC242] - C:\WINDOWS\system32\ctfmon.exe
04 - HKUS\S-1-5-18\..\RUN: [CTFMON.EXE] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
04 - HKUS\S-1-5-18\..\RUN: [Picasa Media Detector] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
04 - HKUS\S-1-5-19\..\RUN: [CTFMON.EXE] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
04 - HKUS\S-1-5-20\..\RUN: [CTFMON.EXE] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
04 - HKUS\S-1-5-21-3618015508-3629909785-1147112342-1007\..\RUN: [CTFMON.EXE] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
04 - HKUS\S-1-5-21-3618015508-3629909785-1147112342-1007\..\RUN: [MsnMsgr] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
04 - HKUS\S-1-5-21-3618015508-3629909785-1147112342-1007\..\RUN: [WMPNSCFG] - nwiz.exe /install
04 - HKUS\S-1-5-21-3618015508-3629909785-1147112342-1007\..\RUN: [SpybotSD TeaTimer] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
04 - HKUS\S-1-5-21-3618015508-3629909785-1147112342-1007\..\RUN: [AlcoholAutomount] - SOUNDMAN.EXE
04 - Global Startup: Réglages souris Labtec.lnk= C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Réglages souris Labtec.lnk
04 - Global Startup: Sitecom Wireless Utility.lnk= C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Sitecom Wireless Utility.lnk
04 - Startup: OpenOffice.org 2.2.lnk= C:\Documents and Settings\johan\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.2.lnk
04 - Startup: RocketDock.lnk= C:\Documents and Settings\johan\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk
04 - Startup: TransBar.lnk= C:\Documents and Settings\johan\Menu Démarrer\Programmes\Démarrage\TransBar.lnk
04 - Startup: UberIcon.lnk= C:\Documents and Settings\johan\Menu Démarrer\Programmes\Démarrage\UberIcon.lnk
04 - Startup: Y'z Shadow.lnk= C:\Documents and Settings\johan\Menu Démarrer\Programmes\Démarrage\Y'z Shadow.lnk
//05 - Accès au panneau de contrôle d'Internet Explorer (control.ini)
//06- interdiction à l' accès au options (Internet Explorer)
//07 - blocage de l'exécution de Regedit
//08 - lignes supplémentaires dans le menu contextuel d'Internet Explorer
//09 - boutons situés sur la barre d'outils principale d'Internet Explorer
09 - Extra button: - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
09 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
09 - Extra button: - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
09 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
09 - Extra button: - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
09 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
09 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
09 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
//O10 - Pirates de Winsock
//O11 - Onglet supplémentaire dans les options avancées d'Internet Explorer)
O11 - Options group: [INTERNATIONAL] - International*
//O12 - IE plugins
//013 : DefaultPrefix
//014 - Option : (Rétablir les paramètres Web)
//015 - Zone de confiance d'Internet Explorer
//O16 - Objets ActiveX
O16 - DPF : QuickTime Object - {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - C:\Program Files\QuickTime\QTPlugin.ocx
O16 - DPF : Shockwave ActiveX Control - {166B1BCA-3F9C-11CF-8075-444553540000} - C:\WINDOWS\system32\macromed\Director\SwDir.dll
O16 - DPF : Checkers Class - {20A60F0D-9AFA-4515-A0FD-83BD84642501} - C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
O16 - DPF : Shockwave ActiveX Control - {233C1507-6A77-46A4-9443-F871F945D258} - C:\WINDOWS\system32\Macromed\Director\SwDir.dll
O16 - DPF : TotalScan Installer Class - {512FC5A1-7DE1-43F1-BC0C-371622FCB409} - C:\WINDOWS\Downloaded Program Files\ascstubie.dll
O16 - DPF : UnoCtrl Class - {5D6F45B3-9043-443D-A792-115447494D24} - C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll
O16 - DPF : WUWebControl Class - {6414512B-B978-451D-A0D8-FCFDF33E833C} - C:\WINDOWS\system32\wuweb.dll
O16 - DPF : MessengerStatsClient Class - {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
O16 - DPF : Minesweeper Flags Class - {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - C:\WINDOWS\Downloaded Program Files\MineSweeper.dll
//O17 - piratage de domaine Lop.com
//O18 - protocoles additionnels
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} -
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
//O19 - feuille de style de l'utilisateur
//O20 - valeur de Registre AppInit_DLLs et les sous-clés Winlogon Notify
//O21 - ShellServiceObjectDelayLoad
//O22 - SharedTaskScheduler
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - %SystemRoot%\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll
//O23 - services de XP,NT, 2000, et 2003
O23 - Service: [a-squared Free Service] -
O23 - Service: [Ad-Aware 2007 Service] - "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"
O23 - Service: [Service de la passerelle de la couche Application] - %SystemRoot%\System32\alg.exe
O23 - Service: [Service d'état ASP.NET] - %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
O23 - Service: [avast! iAVS4 Control Service] - "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
O23 - Service: [avast! Antivirus] - "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
O23 - Service: [avast! Mail Scanner] - "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
O23 - Service: [avast! Web Scanner] - "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
O23 - Service: [CyberLink Background Capture Service (CBCS)] - "c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe"
O23 - Service: [Gestionnaire de l'Album] - %SystemRoot%\system32\clipsrv.exe
O23 - Service: [.NET Runtime Optimization Service v2.0.50727_X86] - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
O23 - Service: [CyberLink Task Scheduler (CTS)] - "c:\APPS\Powercinema\Kernel\TV\CLSched.exe"
O23 - Service: [Application système COM+] - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
O23 - Service: [CyberLink Media Library Service] - "c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe"
O23 - Service: [Forceware Web Interface] - "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice
O23 - Service: [Google Updater Service] - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
O23 - Service: [InstallDriver Table Manager] - "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: [Service COM de gravage de CD IMAPI] -
O23 - Service: [LiveUpdate] - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
O23 - Service: [Partage de Bureau à distance NetMeeting] - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: [ForceWare IP service] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: [ForceWare user log service] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: [NVIDIA Display Driver Service] - %SystemRoot%\system32\nvsvc32.exe
O23 - Service: [Planificateur LiveUpdate automatique] - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
O23 - Service: [PnkBstrA] - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: [Gestionnaire de session d'aide sur le Bureau à distance] - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: [Localisateur d'appels de procédure distante (RPC)] - %SystemRoot%\system32\locator.exe
O23 - Service: [QoS RSVP] - %SystemRoot%\system32\rsvp.exe
O23 - Service: [Spouleur d'impression] - %SystemRoot%\system32\spoolsv.exe
O23 - Service: [StarWind AE Service] - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: [MS Software Shadow Copy Provider] - C:\WINDOWS\system32\dllhost.exe /Processid:{DC0E0607-432C-4B27-86F3-8CFCBAD1B8EB}
O23 - Service: [Journaux et alertes de performance] - %SystemRoot%\system32\smlogsvc.exe
O23 - Service: [Uninterruptible Power Supply] - %SystemRoot%\System32\ups.exe
O23 - Service: [USBDeviceService] - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: [Service Messenger Sharing Folders USN Journal Reader] - "C:\Program Files\MSN Messenger\usnsvc.exe"
O23 - Service: [Cliché instantané de volume] - %SystemRoot%\System32\vssvc.exe
O23 - Service: [Carte de performance WMI] - C:\WINDOWS\system32\wbem\wmiapsrv.exe
0
Réponse 11 / 23
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 123
5 déc. 2007 à 14:02
Re,

Avant de poursuivre, je voudrais savoir si le pc se porte mieux.

FillPCA
0
Réponse 12 / 23
Killi
5 déc. 2007 à 14:10
Je pense oui
0
Réponse 13 / 23
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 123
5 déc. 2007 à 14:12
Re,

1/ Télécharge Ccleaner Basic https://www.ccleaner.com/ccleaner/download

Ouvre Ccleaner, clique sur "lancer le nettoyage".

2/ Télécharge AVGantispyware : https://www.avg.com/en-ww/free-antivirus-download
Tu l'installes.
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente.

Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas. Ensuite.
Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.

3/ * Fais un scan en ligne en cliquant ici : http://assiste.com.free.fr/...
* Choisis Kaspersky.
* Tu dois réaliser le scan en utilisant Internet explorer. Une information apparait en haut, près de la barre d'état. Tu dois accepter et installer l'activeX proposé. La mise à jour de l'antivirus se lance.
* Réalise un scan complet du système.
* Sauvegarde le rapport en mode texte à l'issue du scan.

FillPCA
0
Réponse 14 / 23
Killi
5 déc. 2007 à 16:22
Et apre?
0
Réponse 15 / 23
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 123
5 déc. 2007 à 16:25
Re,

Il me faut ces 2 rapports.

FillPCA
0
Réponse 16 / 23
Killi
5 déc. 2007 à 18:19
Re , desolé du retard , voila :

Avec le scaner en ligne

Wednesday, December 05, 2007 6:16:56 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/12/2007
Kaspersky Anti-Virus database records: 473068


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\
G:\

Scan Statistics
Total number of scanned objects 95196
Number of viruses found 18
Number of infected objects 246
Number of suspicious objects 0
Duration of the scan process 01:38:49

Infected Object Name Virus Name Last Action
C:\APPS\Powercinema\Kernel\CLML_NTService\CLML_MAIN\CLML.db Object is locked skipped

C:\BSmaxScripT[7.0]\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric.zip/oqhbpcvc.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.h skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric2.zip/hhwsikim.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.h skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric2.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-12-05_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\Documents and Settings\johan\Bureau\BSmaxScripT7.0Lite.exe/setup.zip/310 Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped

C:\Documents and Settings\johan\Bureau\BSmaxScripT7.0Lite.exe/setup.zip Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped

C:\Documents and Settings\johan\Bureau\BSmaxScripT7.0Lite.exe SEA: infected - 2 skipped

C:\Documents and Settings\johan\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\johan\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\johan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\johan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\johan\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\johan\Local Settings\Historique\History.IE5\MSHist012007120520071206\index.dat Object is locked skipped

C:\Documents and Settings\johan\Local Settings\Temp\~DFA0D.tmp Object is locked skipped

C:\Documents and Settings\johan\Local Settings\Temp\~DFA18.tmp Object is locked skipped

C:\Documents and Settings\johan\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\johan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\johan\ntuser.dat Object is locked skipped

C:\Documents and Settings\johan\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\sw_ae-20071205-131225.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt Object is locked skipped

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\access_log Object is locked skipped

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\error.log Object is locked skipped

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\error_log Object is locked skipped

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\ssl_request_log Object is locked skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\bsaubmct.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\crdrnekj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\duyfiwla.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\eninggqf.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\ewdmkect.dll.vir Infected: Trojan.Win32.BHO.rf skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\fiohyagx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\fjwilyey.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\gbbojafg.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\gdtipvxp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\hssyvbjf.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\ihvgcfco.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\katselmj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.agh skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\lamnnyje.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\lyyeowql.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\mbjabqmy.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\mdeonoaq.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\pigkhein.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\plhidwnn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\pmbdjehl.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\psdnqcal.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\qjwqubpb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\qweydxli.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\ucwobflq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\ujsxrpno.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\vgpbcydf.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\vsopwfsq.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\xjmmpeab.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\xuxuggfe.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\xxxwuvti.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\yeexdpga.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\yqnbgjuw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.bif skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\yqnpsxhl.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\qoobox\Quarantine\catchme2007-12-05_131318.18.zip/__c0029F9C.dat Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\qoobox\Quarantine\catchme2007-12-05_131318.18.zip ZIP: infected - 1 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP151\A0070523.exe Infected: Trojan-Downloader.Win32.PurityScan.eu skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP152\A0070535.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aea skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP152\A0070540.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ady skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP152\A0070554.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.h skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP155\A0070829.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ady skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP155\A0070830.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aea skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP155\A0070831.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.h skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP155\A0070832.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.h skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP155\A0071060.exe Infected: Trojan-Downloader.Win32.PurityScan.eu skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP155\A0071061.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.h skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP155\A0071083.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP158\A0071511.exe Infected: Trojan-Downloader.Win32.PurityScan.eu skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP159\A0071591.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP159\A0071665.exe Infected: Trojan-Downloader.Win32.PurityScan.eu skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP160\A0071757.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.h skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP160\A0071759.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.h skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP160\A0071762.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.h skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP165\A0076038.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP165\A0076039.exe Infected: Trojan.Win32.Agent.bck skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP165\A0076041.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aea skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP175\A0082136.exe Infected: Trojan.Win32.Obfuscated.kp skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP176\A0083216.dll Infected: Trojan.Win32.Pakes.sv skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP178\A0084791.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP181\A0086400.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087861.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087862.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087863.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087864.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087865.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087866.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087867.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087868.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087869.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087870.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087871.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087872.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087873.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087875.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087876.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087877.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087878.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087879.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087880.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087881.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087882.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087883.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087884.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087885.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087887.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087888.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087889.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087890.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087891.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087892.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087893.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087894.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087895.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087896.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087897.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087898.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087899.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087900.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087901.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087902.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087903.exe Infected: Trojan.Win32.Obfuscated.kp skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087905.exe Infected: Trojan.Win32.Obfuscated.kp skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087906.exe Infected: Trojan.Win32.Obfuscated.kp skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087907.exe Infected: Trojan.Win32.Obfuscated.kp skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087908.exe Infected: Trojan.Win32.Obfuscated.kp skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087909.exe Infected: Trojan.Win32.Obfuscated.kp skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087910.exe Infected: Trojan.Win32.Obfuscated.kp skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087911.exe Infected: Trojan.Win32.Obfuscated.kp skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087912.exe Infected: Trojan.Win32.Obfuscated.kp skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087913.exe Infected: Trojan.Win32.Obfuscated.kp skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087914.exe Infected: Trojan.Win32.Obfuscated.kp skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087915.exe Infected: Trojan.Win32.Obfuscated.kp skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087919.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087941.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087942.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087943.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087944.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087945.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087947.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087948.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087950.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP186\A0087951.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP189\A0088210.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.h skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP189\A0088211.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP189\A0088212.exe Infected: Trojan.Win32.Obfuscated.kp skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP189\A0088294.dll Infected: Trojan.Win32.BHO.zo skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP189\A0088296.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP189\A0088297.exe Infected: Trojan.Win32.Obfuscated.kp skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091534.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091535.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091536.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091537.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091538.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091539.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091540.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091541.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091542.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091543.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091545.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091546.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091547.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091548.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091549.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091550.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091551.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091552.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091553.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091554.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091555.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091556.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091557.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091558.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091559.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091560.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091561.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091563.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091564.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091566.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091567.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091568.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091569.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091570.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091571.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091572.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091573.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091574.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091575.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091576.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091577.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091578.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091579.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091580.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091581.exe Infected: Trojan.Win32.Obfuscated.kp skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091583.exe Infected: Trojan.Win32.Obfuscated.kp skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091584.exe Infected: Trojan.Win32.Obfuscated.kp skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091585.exe Infected: Trojan.Win32.Obfuscated.kp skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091586.exe Infected: Trojan.Win32.Obfuscated.kp skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091587.exe Infected: Trojan.Win32.Obfuscated.kp skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091588.exe Infected: Trojan.Win32.Obfuscated.kp skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091589.exe Infected: Trojan.Win32.Obfuscated.kp skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091590.exe Infected: Trojan.Win32.Obfuscated.kp skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091591.exe Infected: Trojan.Win32.Obfuscated.kp skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091592.exe Infected: Trojan.Win32.Obfuscated.kp skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091593.exe Infected: Trojan.Win32.Obfuscated.kp skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091594.exe Infected: Trojan.Win32.Obfuscated.kp skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP190\A0091595.exe Infected: Trojan.Win32.Obfuscated.kp skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP196\A0096987.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP197\A0099039.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP197\A0099040.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP198\A0099103.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP198\A0099153.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP198\A0099154.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP198\A0099155.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP198\A0099156.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP198\A0099157.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP198\A0099158.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP198\A0099159.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP198\A0099160.dll Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP199\A0099271.exe Infected: Trojan.Win32.Obfuscated.kp skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP199\A0099272.exe Infected: Trojan.Win32.Obfuscated.kp skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP199\A0099273.exe Infected: Trojan.Win32.Obfuscated.kp skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP199\A0099274.exe Infected: Trojan.Win32.Obfuscated.kp skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP199\A0099275.exe Infected: Trojan.Win32.Obfuscated.kp skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP199\A0099276.exe Infected: Trojan.Win32.Obfuscated.kp skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP199\A0099277.exe Infected: Trojan.Win32.Obfuscated.kp skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP199\A0099278.exe Infected: Trojan.Win32.Obfuscated.kp skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP199\A0099279.exe Infected: Trojan.Win32.Obfuscated.kp skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP199\A0099280.exe Infected: Trojan.Win32.Obfuscated.kp skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP199\A0099281.exe Infected: Trojan.Win32.Obfuscated.kp skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP199\A0099284.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP199\A0099285.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP199\A0099286.dll Infected: Trojan.Win32.BHO.rf skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP199\A0099287.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP199\A0099288.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP199\A0099290.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP199\A0099291.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP199\A0099292.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP199\A0099293.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP199\A0099299.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.agh skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP199\A0099300.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP199\A0099301.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP199\A0099302.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP199\A0099303.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP199\A0099304.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP199\A0099307.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP199\A0099308.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP199\A0099312.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP199\A0099313.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP199\A0099314.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bif skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP199\A0099315.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP200\change.log Object is locked skipped

C:\VundoFix Backups\__c00124E2.dat.bad Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\VundoFix Backups\__c0016C9.dat.bad Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\VundoFix Backups\__c001D84F.dat.bad Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\VundoFix Backups\__c0029F9C.dat.bad Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\VundoFix Backups\__c00B4964.dat.bad Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\VundoFix Backups\__c00BCD48.dat.bad Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\VundoFix Backups\__c00C4657.dat.bad Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\VundoFix Backups\__c00C5A49.dat.bad Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\VundoFix Backups\__c00D698A.dat.bad Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\VundoFix Backups\__c00EB9DD.dat.bad Infected: Trojan-Downloader.Win32.ConHook.hl skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\S16D0B6BE.tmp Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\_nvidia_xxx_.log Object is locked skipped

C:\WINDOWS\Temp\CLML_AGENT_LOG1.txt Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_67c.dat Object is locked skipped

C:\WINDOWS\Temp\sqlite_lfB3f3XdchYbEjC Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
0
Réponse 17 / 23
Killi
5 déc. 2007 à 18:23
Je n'ai pas trouver le log d'AVG
0
Réponse 18 / 23
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 123
5 déc. 2007 à 18:25
Re,

1/ Supprime ceci :
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric.zip

2/
*Télécharge OTMoveIt (de Old_Timer) sur ton bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
* Lance OTmoveIT.
* Clique sur CleanUp! (le programme va télécharger un fichier texte qui servira a nettoyer les programmes que l'on a téléchargés).

NOTE : Normalement, ton firewall (parefeu) devrait te demander si OTmoveIT peut accéder à internet, Autorise le.

* Une liste apparaît dans la partie gauche d'OTmoveIT.
* Un message apparaît pour confirmer le nettoyage. Confirme.
* Les fichiers infectés qui se trouvent dans les quarantaines seront supprimés aussi.

3/ Il est fortement recommandé d'avoir tous ses logiciels de sécurité à jour, afin d'éviter les failles par lesquelles s'engouffrent les infections.
4/ Tu peux supprimer tous les logiciels que nous avons utilisés (Type: SmitFraufix, Blacklight, SDFix, lopxpMH, ect.....) qui traitent des infections spécifiques et qui sont mis à jour régulièrement. Il est inutile de les garder sur ton PC.
Tu peux par contre, garder AVG Antispyware et CCleaner.
5/ /!\ Maintenant que ton PC n'est plus infecté, désactive puis réactive ta "Restauration du système" afin de créer un point de restauration sain.
Pour désactiver ou activer la Restauration du système, tu dois ouvrir une session Administrateur sous Windows XP.
Désactivation:
Cliquer droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > cocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer et Ok.
Activation:
Suivre le même chemin ; décocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer et Ok. Redémarrer l'ordinateur.
6/ Comment faire pour...(lettre A): https://forum.pcastuces.com/sujet.asp?f=25&s=3902
Pour améliorer la sécurité de ton PC prend quelques instants pour lire:
Sécuriser son PC +WIFI (versions "hot" & "light"): https://forum.pcastuces.com/default.asp
7/ Dénonce ton infection pour faire condamner les auteurs.

Crée un message pour faire avancer les choses sur Malware-Complaints, nous devons être les plus nombreux possibles, alors rends compte de ton infection :
- Voir les règles du forum : https://malwarecomplaints.info/
- Après t'être enregistré à l'aide du bouton en haut se nommant "Register"
Si tu as plus de 13 ans, choisir : "I Agree to these terms and am over or exactly 13 years of age"
Si tu as moins, clique sur : "I Agree to these terms and am under 13 years of age"

Tu as alors, sous forme de liste, un sujet par type d'infection (Look2Me, Smitfraud, SpywareQuake etc..).

*** Ton infection : Vundo ***
>> https://malwarecomplaints.info/
Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas par quoi tu étais infecté(e), crée un message dans le sujet Autres infections, conforme au règle du forum (âge, ville, département etc..)
Indique aussi le nom du Forum qui t'a aidé : CCM
8/ Tu peux marquer ton sujet comme résolu en cliquant sur le bouton.
9/ Je te conseille enfin de défragmenter ton PC : http://www.coupdepoucepc.com/modules/news/article.php?storyid=218

Bon surf !

FillPCA
0
Réponse 19 / 23
Killi
5 déc. 2007 à 18:33
Je n'arrive pas a supprimer

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric.zip

:S
0
Réponse 20 / 23
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 123
5 déc. 2007 à 18:36
Re,

* Double-clique sur OTMoveIt.exe pour lancer le programme : http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
* Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste List Of Files/Folders to be moved" :

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric.zip

* Clique sur MoveIt! pour lancer la suppression,
* Le résultat appraraîtra dans le cadre Results.
* Clique sur Exit pour fermer le programme.
* Poste le rapport qui est situé ici : C:\\\_OTMoveIt\MovedFiles
* Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

Reprends ensuite la procédure en 2/ du post précédent.

FillPCA
0

Discussions similaires

Virus : trojan:win32/wacatac.h!ml
Alky09 -
bazfile -

8 réponses
Problème de décodeur TV Bouygues Telecom
Massi119 -
Turone37 -

188 réponses