Version anglaiseVersion espagnoleVersion françaiseInscrivez-vous, c'est gratuit ! (mot de passe oublié)
- Samedi 26 juillet 2008 - 05:58:07
- inscrits : 889916
- connectés : 6217
- questions/jour : 4126
- Taux de réponse : 84.64%
"trojan: win 32/vundo.gen!l Comment supprimer de virus win 32 conhook d Comment supprimer trojan-spy.win 32@mx Supprimer trojan downloader win 32 Supprimer win 32: trojan-gen other Trojan Trojan win 32 Trojan win 32 conhook Trojan win 32 monder Trojan win 32 monderc Trojan win 32 skintrin gen!a Trojan win 32 vundo.gen!r Trojan win.32 Trojan win32/conhook Trojan-clicker.win.32.tiny.h Trojan-downloader.win 32.vb.bou Trojan. win 32 monder. gen Trojan:win32/conhook.d Trojan:win32/conhook.i Virus win 32 trojan Win 32 trojan Win 32 trojan gen Win 32 trojan-gen Win 32/psw.onlinegames.nmy trojan virus Win.32 conhook.i. Windows 32 neptunia kh trojan horsePlus
Ils ont besoin de votre aide
- 05:46 connexion pc vers tv (Vidéo numérique)
- 05:42 Où est mon DD externe au redémarrage... (Matériel/Hardware)
- 05:09 probleme connexion network... (Jeux vidéos)
- 04:49 blockage (Matériel/Hardware)
- 04:42 outlook express (Windows)
- 04:35 Pignon tournant sans arret sur corel.com (Internet)
Liste des forumsAidez-lesStatistiquesRechercherCharte
Plateformes d'assistanceDiscussions & Opinions des Communautés
|
|
|
|
Bonjour, j'ai un problem avec le trojan conhook-cf quelqun peut maider?
Configuration: Windows XP Internet Explorer 7.0
Bonjour,
* Télécharge PCA (d'Evosla) : http://www.evosla.com/pca_cpt.php?agr=pca_securite * Dézippe-le dans un répertoire dédié comme c:\PCA au moyen d'un clic droit (Extraire...), * Clique sur l'onglet "diagnostic du PC" puis "analyser". * Laisse l'analyse se dérouler. Cela ne prend que quelques secondes. * Clique sur "enregistrer le rapport" en bas à droite et sauvegarde-le sur le bureau. * Edite le contenu de ce rapport dans ta prochaine réponse. Il se nomme PCA_LOG.txt FillPCA |
  Killi, le mercredi 5 décembre 2007 à 11:00:20Voila le raport :
# PCA Sécurité V 1.0.2, (fichier LOG). # Rapport du :05/12/2007 10:59:17 Microsoft Windows XP Service Pack 2 ==>> Processus <== \SystemRoot\System32\smss.exe \??\C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\WINDOWS\Explorer.EXE c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\APPS\Powercinema\PCMService.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Labtec Laser Mouse Software\MulMouse.exe C:\Program Files\Sitecom\Wireless Network USB Adapter 54G WL-113_002\Installer\WLANUTL.EXE C:\Program Files\OpenOffice.org 2.2\program\soffice.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\johan\Bureau\pca.exe //pages de démarrage et de recherche d'Internet Explorer RO - HKLM\Software\Microsoft\Internet Explorer\Main\Start Page = http://www.ustart.org RO - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 RO - HKCU\Software\Microsoft\Internet Explorer\Main\Start Page = http://www.pspgen.com/ RO - HKCU\Software\Microsoft\Internet Explorer\Toolbar\LinksFolderName = Liens R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\Main\Search Page = http://www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Search\CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Search\SearchAssistant = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Connection Wizard\ShellNext = iexplore //applications lancées depuis system.ini,win.ini //03 - Browser Helper Objects (BHOs) 02 - BHO: - {01960937-90F6-4A37-8EF3-272A79B92393} - 02 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll 02 - BHO: - {0451E078-8F69-4112-B912-069485A4FD4E} - 02 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll 02 - BHO: - {15B35764-C5C2-4446-9AE7-95AD09FDB313} - 02 - BHO: - {18F06E47-85B3-4B25-8E38-8F02435BA4D4} - 02 - BHO: - {236742D3-CB05-40FD-9EF2-CCC8FE395DA9} - 02 - BHO: - {2B5D9C8D-2371-4A42-9021-9DEFE114FC13} - 02 - BHO: - {40E6EF44-7C05-4572-9C1F-8663A9F5B609} - 02 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll 02 - BHO: - {5A4F7DEA-D6E8-408F-8A9F-9D44ADCBD564} - 02 - BHO: - {5C831DCB-4D12-4ABF-BA9E-8712D3C5B41F} - 02 - BHO: - {6273CDB9-1A4B-4D21-A8E1-C4C9806DBBFC} - 02 - BHO: - {6F2225B6-CDEE-4382-AF1B-6B0EE3C651E3} - C:\WINDOWS\system32\awtsq.dll 02 - BHO: - {70F02488-8629-40FB-BF42-E3BCEEAF4EC7} - 02 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll 02 - BHO: - {7A7C1820-EDEA-48F4-8851-F79B571BB8D3} - 02 - BHO: - {7CA81AF5-4F44-430A-A03E-0BC20074BCAE} - 02 - BHO: - {7E853D72-626A-48EC-A868-BA8D5E23E045} - 02 - BHO: - {80FBECCE-C17E-48F2-BBDF-8C7EA2C1891E} - 02 - BHO: - {812F8732-E71C-4DC4-A5A9-A7DE629E9ADE} - 02 - BHO: - {81A40807-DFB1-4D59-914C-8C6154AB1EF6} - 02 - BHO: - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\envhdkpt.dll 02 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 02 - BHO: - {9403621D-F14F-4C53-84C4-FAA72D07F8FA} - 02 - BHO: - {947F403E-DCF7-4ADB-8989-60ABA3C742FA} - 02 - BHO: - {9DA411D9-ED04-4E92-9D58-72D51A2EBD69} - 02 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll 02 - BHO: - {ABB580C8-1C2F-4209-8386-B75B457F4E67} - 02 - BHO: - {B3B5B2B8-43B1-444A-A1C1-9784EE5D96D8} - 02 - BHO: - {C6009EA7-2759-4385-8BB9-AE270D10B8B4} - 02 - BHO: - {D751FD0B-885D-47D5-96FB-6D0FACDC4E3C} - 02 - BHO: - {EFEE2945-4665-4CFE-9F12-2934FFF9F1E4} - O3 - Toolbar : Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar : &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar : - {11A69AE4-FBED-4832-A2BF-45AF82825583} - //04 - applications chargées automatiquement 04 - HKLM\..\RUN: [nTrayFw] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe 04 - HKLM\..\RUN: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup 04 - HKLM\..\RUN: [nwiz] - nwiz.exe /install 04 - HKLM\..\RUN: [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit 04 - HKLM\..\RUN: [SoundMan] - SOUNDMAN.EXE 04 - HKLM\..\RUN: [DetectorApp] - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe 04 - HKLM\..\RUN: [ISUSPM Startup] - "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup 04 - HKLM\..\RUN: [ISUSScheduler] - "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start 04 - HKLM\..\RUN: [PCMService] - "c:\APPS\Powercinema\PCMService.exe" 04 - HKLM\..\RUN: [SunJavaUpdateSched] - "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" 04 - HKLM\..\RUN: [avast!] - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 04 - HKLM\..\RUN: [QuickTime Task] - "C:\Program Files\QuickTime\qttask.exe" -atboottime 04 - HKLM\..\RUN: [IdiomaX Office] - C:\Program Files\IdiomaX\Office Translator 4.0\IdxOffice.exe 04 - HKLM\..\RUN: [IdiomaX Product Update] - C:\Program Files\Fichiers communs\IdiomaX Shared\Cat 6.0\IdxLUpdate.exe /AUTOSTART 04 - HKLM\..\RUN: [PWRISOVM.EXE] - C:\Program Files\PowerISO\PWRISOVM.EXE 04 - HKLM\..\RUN: [VirtualCloneDrive] - "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s 04 - HKLM\..\RUN: [Picasa Media Detector] - C:\Program Files\Picasa2\PicasaMediaDetector.exe 04 - HKLM\..\RUN: [9c21edd7] - rundll32.exe "C:\WINDOWS\system32\vbphbabf.dll",b 04 - HKLU\..\RUN: [CTFMON.EXE] - C:\WINDOWS\system32\ctfmon.exe 04 - HKLU\..\RUN: [MsnMsgr] - "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background 04 - HKLU\..\RUN: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe 04 - HKLU\..\RUN: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 04 - HKLU\..\RUN: [AlcoholAutomount] - "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount 04 - HKLM\..\RunOnce: [SpybotDeletingC242] - C:\WINDOWS\system32\ctfmon.exe 04 - HKUS\S-1-5-18\..\RUN: [CTFMON.EXE] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe 04 - HKUS\S-1-5-18\..\RUN: [Picasa Media Detector] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup 04 - HKUS\S-1-5-19\..\RUN: [CTFMON.EXE] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe 04 - HKUS\S-1-5-20\..\RUN: [CTFMON.EXE] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe 04 - HKUS\S-1-5-21-3618015508-3629909785-1147112342-1007\..\RUN: [CTFMON.EXE] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe 04 - HKUS\S-1-5-21-3618015508-3629909785-1147112342-1007\..\RUN: [MsnMsgr] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup 04 - HKUS\S-1-5-21-3618015508-3629909785-1147112342-1007\..\RUN: [WMPNSCFG] - nwiz.exe /install 04 - HKUS\S-1-5-21-3618015508-3629909785-1147112342-1007\..\RUN: [SpybotSD TeaTimer] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit 04 - HKUS\S-1-5-21-3618015508-3629909785-1147112342-1007\..\RUN: [AlcoholAutomount] - SOUNDMAN.EXE 04 - Global Startup: Réglages souris Labtec.lnk= C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Réglages souris Labtec.lnk 04 - Global Startup: Sitecom Wireless Utility.lnk= C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Sitecom Wireless Utility.lnk 04 - Startup: OpenOffice.org 2.2.lnk= C:\Documents and Settings\johan\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.2.lnk 04 - Startup: RocketDock.lnk= C:\Documents and Settings\johan\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk 04 - Startup: TransBar.lnk= C:\Documents and Settings\johan\Menu Démarrer\Programmes\Démarrage\TransBar.lnk 04 - Startup: UberIcon.lnk= C:\Documents and Settings\johan\Menu Démarrer\Programmes\Démarrage\UberIcon.lnk 04 - Startup: Y'z Shadow.lnk= C:\Documents and Settings\johan\Menu Démarrer\Programmes\Démarrage\Y'z Shadow.lnk //05 - Accès au panneau de contrôle d'Internet Explorer (control.ini) //06- interdiction à l' accès au options (Internet Explorer) //07 - blocage de l'exécution de Regedit //08 - lignes supplémentaires dans le menu contextuel d'Internet Explorer //09 - boutons situés sur la barre d'outils principale d'Internet Explorer 09 - Extra button: - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll 09 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll 09 - Extra button: - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll 09 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll 09 - Extra button: - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe 09 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe 09 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 09 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe //O10 - Pirates de Winsock //O11 - Onglet supplémentaire dans les options avancées d'Internet Explorer) O11 - Options group: [INTERNATIONAL] - International* //O12 - IE plugins //013 : DefaultPrefix //014 - Option : (Rétablir les paramètres Web) //015 - Zone de confiance d'Internet Explorer //O16 - Objets ActiveX O16 - DPF : QuickTime Object - {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - C:\Program Files\QuickTime\QTPlugin.ocx O16 - DPF : Shockwave ActiveX Control - {166B1BCA-3F9C-11CF-8075-444553540000} - C:\WINDOWS\system32\macromed\Director\SwDir.dll O16 - DPF : Checkers Class - {20A60F0D-9AFA-4515-A0FD-83BD84642501} - C:\WINDOWS\Downloaded Program Files\msgrchkr.dll O16 - DPF : Shockwave ActiveX Control - {233C1507-6A77-46A4-9443-F871F945D258} - C:\WINDOWS\system32\Macromed\Director\SwDir.dll O16 - DPF : TotalScan Installer Class - {512FC5A1-7DE1-43F1-BC0C-371622FCB409} - C:\WINDOWS\Downloaded Program Files\ascstubie.dll O16 - DPF : UnoCtrl Class - {5D6F45B3-9043-443D-A792-115447494D24} - C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll O16 - DPF : WUWebControl Class - {6414512B-B978-451D-A0D8-FCFDF33E833C} - C:\WINDOWS\system32\wuweb.dll O16 - DPF : MessengerStatsClient Class - {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll O16 - DPF : Minesweeper Flags Class - {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - C:\WINDOWS\Downloaded Program Files\MineSweeper.dll //O17 - piratage de domaine Lop.com //O18 - protocoles additionnels O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL //O19 - feuille de style de l'utilisateur //O20 - valeur de Registre AppInit_DLLs et les sous-clés Winlogon Notify O20 - AppInit_DLLs : C:\WINDOWS\system32\__c0029F9C.dat //O21 - ShellServiceObjectDelayLoad //O22 - SharedTaskScheduler O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - %SystemRoot%\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll //O23 - services de XP,NT, 2000, et 2003 O23 - Service: [a-squared Free Service] - O23 - Service: [Ad-Aware 2007 Service] - "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe" O23 - Service: [Service de la passerelle de la couche Application] - %SystemRoot%\System32\alg.exe O23 - Service: [Service d'état ASP.NET] - %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe O23 - Service: [avast! iAVS4 Control Service] - "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" O23 - Service: [avast! Antivirus] - "C:\Program Files\Alwil Software\Avast4\ashServ.exe" O23 - Service: [avast! Mail Scanner] - "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service O23 - Service: [avast! Web Scanner] - "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service O23 - Service: [CyberLink Background Capture Service (CBCS)] - "c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe" O23 - Service: [Gestionnaire de l'Album] - %SystemRoot%\system32\clipsrv.exe O23 - Service: [.NET Runtime Optimization Service v2.0.50727_X86] - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe O23 - Service: [CyberLink Task Scheduler (CTS)] - "c:\APPS\Powercinema\Kernel\TV\CLSched.exe" O23 - Service: [Application système COM+] - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} O23 - Service: [CyberLink Media Library Service] - "c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe" O23 - Service: [DomainService] - C:\WINDOWS\system32\wuqdhxbm.exe /service O23 - Service: [Forceware Web Interface] - "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice O23 - Service: [Google Updater Service] - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" O23 - Service: [InstallDriver Table Manager] - "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe" O23 - Service: [Service COM de gravage de CD IMAPI] - O23 - Service: [LiveUpdate] - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" O23 - Service: [Partage de Bureau à distance NetMeeting] - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: [ForceWare IP service] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: [ForceWare user log service] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: [NVIDIA Display Driver Service] - %SystemRoot%\system32\nvsvc32.exe O23 - Service: [Planificateur LiveUpdate automatique] - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" O23 - Service: [PnkBstrA] - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: [Gestionnaire de session d'aide sur le Bureau à distance] - C:\WINDOWS\system32\sessmgr.exe O23 - Service: [Localisateur d'appels de procédure distante (RPC)] - %SystemRoot%\system32\locator.exe O23 - Service: [QoS RSVP] - %SystemRoot%\system32\rsvp.exe O23 - Service: [Spouleur d'impression] - %SystemRoot%\system32\spoolsv.exe O23 - Service: [StarWind AE Service] - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: [MS Software Shadow Copy Provider] - C:\WINDOWS\system32\dllhost.exe /Processid:{DC0E0607-432C-4B27-86F3-8CFCBAD1B8EB} O23 - Service: [Journaux et alertes de performance] - %SystemRoot%\system32\smlogsvc.exe O23 - Service: [Onduleur] - %SystemRoot%\System32\ups.exe O23 - Service: [USBDeviceService] - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe O23 - Service: [Service Messenger Sharing Folders USN Journal Reader] - "C:\Program Files\MSN Messenger\usnsvc.exe" O23 - Service: [Cliché instantané de volume] - %SystemRoot%\System32\vssvc.exe O23 - Service: [Carte de performance WMI] - C:\WINDOWS\system32\wbem\wmiapsrv.exe |
Re,
# Télécharge Vundofix (par Atribune) sur ton Bureau : http://www.atribune.org/ccount/click.php?id=4 # Double-clique VundoFix.exe afin de le lancer. # Clique sur le bouton Scan for Vundo. # Lorsque le scan est complété, clique sur le bouton Remove Vundo (uniquement si des fichiers infectieux sont trouvés). # Une invite te demandera si tu veux supprimer les fichiers, clique YES. # Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers. # Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK. # Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport PCA dans ta prochaine réponse. FillPCA |
| Killi, le mercredi 5 décembre 2007 à 12:06:06 Voila le raport de vundofix :
VundoFix V6.6.2 Checking Java version... Java version is 1.5.0.4 Old versions of java are exploitable and should be removed. Java version is 1.5.0.11 Scan started at 18:46:37 23/11/2007 Listing files found while scanning.... C:\windows\system32\__c00124E2.dat C:\windows\system32\__c0016C9.dat C:\windows\system32\__c001D84F.dat C:\windows\system32\__c00400F1.dat C:\windows\system32\__c004701E.dat C:\windows\system32\__c0056F31.dat C:\windows\system32\__c007D0E0.dat C:\windows\system32\__c00813EA.dat C:\windows\system32\__c0095BF6.dat C:\windows\system32\__c00A91F1.dat C:\windows\system32\__c00ADE9F.dat C:\windows\system32\__c00ADFF3.dat C:\windows\system32\__c00B4964.dat C:\windows\system32\__c00BCD48.dat C:\windows\system32\__c00C4657.dat C:\windows\system32\__c00C5A49.dat C:\windows\system32\__c00D698A.dat C:\windows\system32\__c00EB9DD.dat C:\windows\system32\bbhsgiku.dllbox C:\WINDOWS\system32\envhdkpt.dll C:\WINDOWS\system32\gebxuss.dll C:\windows\system32\qzqlypeu.dllbox Beginning removal... Attempting to delete C:\windows\system32\__c00124E2.dat C:\windows\system32\__c00124E2.dat Has been deleted! Attempting to delete C:\windows\system32\__c0016C9.dat C:\windows\system32\__c0016C9.dat Has been deleted! Attempting to delete C:\windows\system32\__c001D84F.dat C:\windows\system32\__c001D84F.dat Has been deleted! Attempting to delete C:\windows\system32\__c00400F1.dat C:\windows\system32\__c00400F1.dat Has been deleted! Attempting to delete C:\windows\system32\__c004701E.dat C:\windows\system32\__c004701E.dat Has been deleted! Attempting to delete C:\windows\system32\__c0056F31.dat C:\windows\system32\__c0056F31.dat Has been deleted! Attempting to delete C:\windows\system32\__c007D0E0.dat C:\windows\system32\__c007D0E0.dat Has been deleted! Attempting to delete C:\windows\system32\__c00813EA.dat C:\windows\system32\__c00813EA.dat Has been deleted! Attempting to delete C:\windows\system32\__c0095BF6.dat C:\windows\system32\__c0095BF6.dat Has been deleted! Attempting to delete C:\windows\system32\__c00A91F1.dat C:\windows\system32\__c00A91F1.dat Has been deleted! Attempting to delete C:\windows\system32\__c00ADE9F.dat C:\windows\system32\__c00ADE9F.dat Has been deleted! Attempting to delete C:\windows\system32\__c00ADFF3.dat C:\windows\system32\__c00ADFF3.dat Has been deleted! Attempting to delete C:\windows\system32\__c00B4964.dat C:\windows\system32\__c00B4964.dat Has been deleted! Attempting to delete C:\windows\system32\__c00BCD48.dat C:\windows\system32\__c00BCD48.dat Has been deleted! Attempting to delete C:\windows\system32\__c00C4657.dat C:\windows\system32\__c00C4657.dat Has been deleted! Attempting to delete C:\windows\system32\__c00C5A49.dat C:\windows\system32\__c00C5A49.dat Has been deleted! Attempting to delete C:\windows\system32\__c00D698A.dat C:\windows\system32\__c00D698A.dat Has been deleted! Attempting to delete C:\windows\system32\__c00EB9DD.dat C:\windows\system32\__c00EB9DD.dat Has been deleted! Attempting to delete C:\windows\system32\bbhsgiku.dllbox C:\windows\system32\bbhsgiku.dllbox Has been deleted! Attempting to delete C:\windows\system32\qzqlypeu.dllbox C:\windows\system32\qzqlypeu.dllbox Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.6.2 Checking Java version... Java version is 1.5.0.4 Old versions of java are exploitable and should be removed. Java version is 1.5.0.11 Scan started at 21:29:55 23/11/2007 Listing files found while scanning.... C:\windows\system32\ombnjeab.dll C:\windows\system32\ovmeipum.dll C:\windows\system32\padlpklf.dll C:\windows\system32\pcqqgork.dll C:\windows\system32\pxewdayg.dll C:\windows\system32\qoalyejr.ini C:\windows\system32\qskwohhg.dll C:\windows\system32\riormvsy.dll C:\windows\system32\rjeylaoq.dll C:\windows\system32\rjnqmuxk.dll C:\windows\system32\rjrufarm.dll Beginning removal... Attempting to delete C:\windows\system32\ombnjeab.dll C:\windows\system32\ombnjeab.dll Has been deleted! Attempting to delete C:\windows\system32\ovmeipum.dll C:\windows\system32\ovmeipum.dll Has been deleted! Attempting to delete C:\windows\system32\padlpklf.dll C:\windows\system32\padlpklf.dll Has been deleted! Attempting to delete C:\windows\system32\pcqqgork.dll C:\windows\system32\pcqqgork.dll Has been deleted! Attempting to delete C:\windows\system32\pxewdayg.dll C:\windows\system32\pxewdayg.dll Has been deleted! Attempting to delete C:\windows\system32\qoalyejr.ini C:\windows\system32\qoalyejr.ini Has been deleted! Attempting to delete C:\windows\system32\qskwohhg.dll C:\windows\system32\qskwohhg.dll Has been deleted! Attempting to delete C:\windows\system32\riormvsy.dll C:\windows\system32\riormvsy.dll Has been deleted! Attempting to delete C:\windows\system32\rjeylaoq.dll C:\windows\system32\rjeylaoq.dll Has been deleted! Attempting to delete C:\windows\system32\rjnqmuxk.dll C:\windows\system32\rjnqmuxk.dll Has been deleted! Attempting to delete C:\windows\system32\rjrufarm.dll C:\windows\system32\rjrufarm.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.6.2 Checking Java version... Java version is 1.5.0.4 Old versions of java are exploitable and should be removed. Java version is 1.5.0.11 Scan started at 22:13:03 23/11/2007 Listing files found while scanning.... No infected files were found. VundoFix V6.7.0 Checking Java version... Java version is 1.5.0.4 Old versions of java are exploitable and should be removed. Java version is 1.5.0.11 Scan started at 11:25:39 05/12/2007 Listing files found while scanning.... C:\windows\system32\__c00749B8.dat C:\windows\system32\aovwqbnf.dll C:\windows\system32\atdqkubr.dll C:\windows\system32\bclycrns.dll C:\WINDOWS\system32\envhdkpt.dll C:\WINDOWS\system32\gebxuss.dll C:\windows\system32\iwpogdqq.dll C:\windows\system32\ombnjeab.dll C:\windows\system32\rutcuepk.dll C:\windows\system32\xtgykvaf.dll Beginning removal... Attempting to delete C:\windows\system32\__c00749B8.dat C:\windows\system32\__c00749B8.dat Has been deleted! Attempting to delete C:\windows\system32\aovwqbnf.dll C:\windows\system32\aovwqbnf.dll Has been deleted! Attempting to delete C:\windows\system32\atdqkubr.dll C:\windows\system32\atdqkubr.dll Has been deleted! Attempting to delete C:\windows\system32\bclycrns.dll C:\windows\system32\bclycrns.dll Has been deleted! Attempting to delete C:\windows\system32\iwpogdqq.dll C:\windows\system32\iwpogdqq.dll Has been deleted! Attempting to delete C:\windows\system32\ombnjeab.dll C:\windows\system32\ombnjeab.dll Has been deleted! Attempting to delete C:\windows\system32\rutcuepk.dll C:\windows\system32\rutcuepk.dll Has been deleted! Attempting to delete C:\windows\system32\xtgykvaf.dll C:\windows\system32\xtgykvaf.dll Has been deleted! Performing Repairs to the registry. Done! ET le raport de PCA : # PCA Sécurité V 1.0.2, (fichier LOG). # Rapport du :05/12/2007 12:03:06 Microsoft Windows XP Service Pack 2 ==>> Processus <== \SystemRoot\System32\smss.exe \??\C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\APPS\Powercinema\PCMService.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Labtec Laser Mouse Software\MulMouse.exe C:\Program Files\Sitecom\Wireless Network USB Adapter 54G WL-113_002\Installer\WLANUTL.EXE C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\johan\Bureau\pca.exe //pages de démarrage et de recherche d'Internet Explorer RO - HKLM\Software\Microsoft\Internet Explorer\Main\Start Page = http://www.ustart.org RO - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 RO - HKCU\Software\Microsoft\Internet Explorer\Main\Start Page = http://www.pspgen.com/ RO - HKCU\Software\Microsoft\Internet Explorer\Toolbar\LinksFolderName = Liens R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\Main\Search Page = http://www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Search\CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Search\SearchAssistant = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Connection Wizard\ShellNext = iexplore //applications lancées depuis system.ini,win.ini //03 - Browser Helper Objects (BHOs) 02 - BHO: - {01960937-90F6-4A37-8EF3-272A79B92393} - 02 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll 02 - BHO: - {0451E078-8F69-4112-B912-069485A4FD4E} - 02 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll 02 - BHO: - {15B35764-C5C2-4446-9AE7-95AD09FDB313} - 02 - BHO: - {18F06E47-85B3-4B25-8E38-8F02435BA4D4} - 02 - BHO: - {236742D3-CB05-40FD-9EF2-CCC8FE395DA9} - 02 - BHO: - {2B5D9C8D-2371-4A42-9021-9DEFE114FC13} - 02 - BHO: - {40E6EF44-7C05-4572-9C1F-8663A9F5B609} - 02 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll 02 - BHO: - {5A4F7DEA-D6E8-408F-8A9F-9D44ADCBD564} - 02 - BHO: - {5C831DCB-4D12-4ABF-BA9E-8712D3C5B41F} - 02 - BHO: - {6273CDB9-1A4B-4D21-A8E1-C4C9806DBBFC} - 02 - BHO: - {6F2225B6-CDEE-4382-AF1B-6B0EE3C651E3} - C:\WINDOWS\system32\awtsq.dll 02 - BHO: - {70F02488-8629-40FB-BF42-E3BCEEAF4EC7} - 02 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll 02 - BHO: - {7A7C1820-EDEA-48F4-8851-F79B571BB8D3} - 02 - BHO: - {7CA81AF5-4F44-430A-A03E-0BC20074BCAE} - 02 - BHO: - {7E853D72-626A-48EC-A868-BA8D5E23E045} - 02 - BHO: - {80FBECCE-C17E-48F2-BBDF-8C7EA2C1891E} - 02 - BHO: - {812F8732-E71C-4DC4-A5A9-A7DE629E9ADE} - 02 - BHO: - {81A40807-DFB1-4D59-914C-8C6154AB1EF6} - 02 - BHO: - {89AD4D75-2429-462e-BD4E-443F233F6033} - 02 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 02 - BHO: - {9403621D-F14F-4C53-84C4-FAA72D07F8FA} - 02 - BHO: - {947F403E-DCF7-4ADB-8989-60ABA3C742FA} - 02 - BHO: - {9DA411D9-ED04-4E92-9D58-72D51A2EBD69} - 02 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll 02 - BHO: - {ABB580C8-1C2F-4209-8386-B75B457F4E67} - 02 - BHO: - {B3B5B2B8-43B1-444A-A1C1-9784EE5D96D8} - 02 - BHO: - {C6009EA7-2759-4385-8BB9-AE270D10B8B4} - 02 - BHO: - {D751FD0B-885D-47D5-96FB-6D0FACDC4E3C} - 02 - BHO: - {EFEE2945-4665-4CFE-9F12-2934FFF9F1E4} - O3 - Toolbar : Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar : &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar : - {11A69AE4-FBED-4832-A2BF-45AF82825583} - //04 - applications chargées automatiquement 04 - HKLM\..\RUN: [nTrayFw] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe 04 - HKLM\..\RUN: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup 04 - HKLM\..\RUN: [nwiz] - nwiz.exe /install 04 - HKLM\..\RUN: [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit 04 - HKLM\..\RUN: [SoundMan] - SOUNDMAN.EXE 04 - HKLM\..\RUN: [DetectorApp] - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe 04 - HKLM\..\RUN: [ISUSPM Startup] - "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup 04 - HKLM\..\RUN: [ISUSScheduler] - "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start 04 - HKLM\..\RUN: [PCMService] - "c:\APPS\Powercinema\PCMService.exe" 04 - HKLM\..\RUN: [SunJavaUpdateSched] - "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" 04 - HKLM\..\RUN: [avast!] - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 04 - HKLM\..\RUN: [QuickTime Task] - "C:\Program Files\QuickTime\qttask.exe" -atboottime 04 - HKLM\..\RUN: [IdiomaX Office] - C:\Program Files\IdiomaX\Office Translator 4.0\IdxOffice.exe 04 - HKLM\..\RUN: [IdiomaX Product Update] - C:\Program Files\Fichiers communs\IdiomaX Shared\Cat 6.0\IdxLUpdate.exe /AUTOSTART 04 - HKLM\..\RUN: [PWRISOVM.EXE] - C:\Program Files\PowerISO\PWRISOVM.EXE 04 - HKLM\..\RUN: [VirtualCloneDrive] - "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s 04 - HKLM\..\RUN: [Picasa Media Detector] - C:\Program Files\Picasa2\PicasaMediaDetector.exe 04 - HKLM\..\RUN: [9c21edd7] - rundll32.exe "C:\WINDOWS\system32\vbphbabf.dll",b 04 - HKLU\..\RUN: [CTFMON.EXE] - C:\WINDOWS\system32\ctfmon.exe 04 - HKLU\..\RUN: [MsnMsgr] - "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background 04 - HKLU\..\RUN: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe 04 - HKLU\..\RUN: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 04 - HKLU\..\RUN: [AlcoholAutomount] - "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount 04 - HKLM\..\RunOnce: [SpybotDeletingC242] - C:\WINDOWS\system32\ctfmon.exe 04 - HKUS\S-1-5-18\..\RUN: [CTFMON.EXE] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe 04 - HKUS\S-1-5-18\..\RUN: [Picasa Media Detector] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup 04 - HKUS\S-1-5-19\..\RUN: [CTFMON.EXE] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe 04 - HKUS\S-1-5-20\..\RUN: [CTFMON.EXE] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe 04 - HKUS\S-1-5-21-3618015508-3629909785-1147112342-1007\..\RUN: [CTFMON.EXE] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe 04 - HKUS\S-1-5-21-3618015508-3629909785-1147112342-1007\..\RUN: [MsnMsgr] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup 04 - HKUS\S-1-5-21-3618015508-3629909785-1147112342-1007\..\RUN: [WMPNSCFG] - nwiz.exe /install 04 - HKUS\S-1-5-21-3618015508-3629909785-1147112342-1007\..\RUN: [SpybotSD TeaTimer] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit 04 - HKUS\S-1-5-21-3618015508-3629909785-1147112342-1007\..\RUN: [AlcoholAutomount] - SOUNDMAN.EXE 04 - Global Startup: Réglages souris Labtec.lnk= C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Réglages souris Labtec.lnk 04 - Global Startup: Sitecom Wireless Utility.lnk= C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Sitecom Wireless Utility.lnk 04 - Startup: OpenOffice.org 2.2.lnk= C:\Documents and Settings\johan\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.2.lnk 04 - Startup: RocketDock.lnk= C:\Documents and Settings\johan\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk 04 - Startup: TransBar.lnk= C:\Documents and Settings\johan\Menu Démarrer\Programmes\Démarrage\TransBar.lnk 04 - Startup: UberIcon.lnk= C:\Documents and Settings\johan\Menu Démarrer\Programmes\Démarrage\UberIcon.lnk 04 - Startup: Y'z Shadow.lnk= C:\Documents and Settings\johan\Menu Démarrer\Programmes\Démarrage\Y'z Shadow.lnk //05 - Accès au panneau de contrôle d'Internet Explorer (control.ini) //06- interdiction à l' accès au options (Internet Explorer) //07 - blocage de l'exécution de Regedit //08 - lignes supplémentaires dans le menu contextuel d'Internet Explorer //09 - boutons situés sur la barre d'outils principale d'Internet Explorer 09 - Extra button: - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll 09 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll 09 - Extra button: - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll 09 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll 09 - Extra button: - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe 09 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe 09 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 09 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe //O10 - Pirates de Winsock //O11 - Onglet supplémentaire dans les options avancées d'Internet Explorer) O11 - Options group: [INTERNATIONAL] - International* //O12 - IE plugins //013 : DefaultPrefix //014 - Option : (Rétablir les paramètres Web) //015 - Zone de confiance d'Internet Explorer //O16 - Objets ActiveX O16 - DPF : QuickTime Object - {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - C:\Program Files\QuickTime\QTPlugin.ocx O16 - DPF : Shockwave ActiveX Control - {166B1BCA-3F9C-11CF-8075-444553540000} - C:\WINDOWS\system32\macromed\Director\SwDir.dll O16 - DPF : Checkers Class - {20A60F0D-9AFA-4515-A0FD-83BD84642501} - C:\WINDOWS\Downloaded Program Files\msgrchkr.dll O16 - DPF : Shockwave ActiveX Control - {233C1507-6A77-46A4-9443-F871F945D258} - C:\WINDOWS\system32\Macromed\Director\SwDir.dll O16 - DPF : TotalScan Installer Class - {512FC5A1-7DE1-43F1-BC0C-371622FCB409} - C:\WINDOWS\Downloaded Program Files\ascstubie.dll O16 - DPF : UnoCtrl Class - {5D6F45B3-9043-443D-A792-115447494D24} - C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll O16 - DPF : WUWebControl Class - {6414512B-B978-451D-A0D8-FCFDF33E833C} - C:\WINDOWS\system32\wuweb.dll O16 - DPF : MessengerStatsClient Class - {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll O16 - DPF : Minesweeper Flags Class - {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - C:\WINDOWS\Downloaded Program Files\MineSweeper.dll //O17 - piratage de domaine Lop.com //O18 - protocoles additionnels O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL //O19 - feuille de style de l'utilisateur //O20 - valeur de Registre AppInit_DLLs et les sous-clés Winlogon Notify O20 - AppInit_DLLs : C:\WINDOWS\system32\__c0029F9C.dat //O21 - ShellServiceObjectDelayLoad //O22 - SharedTaskScheduler O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - %SystemRoot%\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll //O23 - services de XP,NT, 2000, et 2003 O23 - Service: [a-squared Free Service] - O23 - Service: [Ad-Aware 2007 Service] - "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe" O23 - Service: [Service de la passerelle de la couche Application] - %SystemRoot%\System32\alg.exe O23 - Service: [Service d'état ASP.NET] - %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe O23 - Service: [avast! iAVS4 Control Service] - "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" O23 - Service: [avast! Antivirus] - "C:\Program Files\Alwil Software\Avast4\ashServ.exe" O23 - Service: [avast! Mail Scanner] - "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service O23 - Service: [avast! Web Scanner] - "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service O23 - Service: [CyberLink Background Capture Service (CBCS)] - "c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe" O23 - Service: [Gestionnaire de l'Album] - %SystemRoot%\system32\clipsrv.exe O23 - Service: [.NET Runtime Optimization Service v2.0.50727_X86] - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe O23 - Service: [CyberLink Task Scheduler (CTS)] - "c:\APPS\Powercinema\Kernel\TV\CLSched.exe" O23 - Service: [Application système COM+] - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} O23 - Service: [CyberLink Media Library Service] - "c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe" O23 - Service: [DomainService] - C:\WINDOWS\system32\wuqdhxbm.exe /service O23 - Service: [Forceware Web Interface] - "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice O23 - Service: [Google Updater Service] - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" O23 - Service: [InstallDriver Table Manager] - "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe" O23 - Service: [Service COM de gravage de CD IMAPI] - O23 - Service: [LiveUpdate] - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" O23 - Service: [Partage de Bureau à distance NetMeeting] - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: [ForceWare IP service] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: [ForceWare user log service] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: [NVIDIA Display Driver Service] - %SystemRoot%\system32\nvsvc32.exe O23 - Service: [Planificateur LiveUpdate automatique] - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" O23 - Service: [PnkBstrA] - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: [Gestionnaire de session d'aide sur le Bureau à distance] - C:\WINDOWS\system32\sessmgr.exe O23 - Service: [Localisateur d'appels de procédure distante (RPC)] - %SystemRoot%\system32\locator.exe O23 - Service: [QoS RSVP] - %SystemRoot%\system32\rsvp.exe O23 - Service: [Spouleur d'impression] - %SystemRoot%\system32\spoolsv.exe O23 - Service: [StarWind AE Service] - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: [MS Software Shadow Copy Provider] - C:\WINDOWS\system32\dllhost.exe /Processid:{DC0E0607-432C-4B27-86F3-8CFCBAD1B8EB} O23 - Service: [Journaux et alertes de performance] - %SystemRoot%\system32\smlogsvc.exe O23 - Service: [Onduleur] - %SystemRoot%\System32\ups.exe O23 - Service: [USBDeviceService] - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe O23 - Service: [Service Messenger Sharing Folders USN Journal Reader] - "C:\Program Files\MSN Messenger\usnsvc.exe" O23 - Service: [Cliché instantané de volume] - %SystemRoot%\System32\vssvc.exe O23 - Service: [Carte de performance WMI] - C:\WINDOWS\system32\wbem\wmiapsrv.exe |
Re,
* Lance Vundofix mais ne clique pas sur "Scan for Vundo". * Fais un clic droit sur la fenêtre blanche et choisis "add more files". * Indique le ou les fichiers suivants dans les cases (un fichier par case) : C:\WINDOWS\system32\__c0029F9C.dat C:\WINDOWS\system32\awtsq.dll C:\WINDOWS\system32\wuqdhxbm.exe * Clique sur "add files" puis "close windows". * Clique sur "Remove Vundo". Un redémarrage sera peut-être nécessaire. * Poste le rapport généré. Il se trouve ici : C:\vundofix.txt Edite aussi un nouveau rapport PCA. FillPCA |
| Killi, le mercredi 5 décembre 2007 à 12:47:43 Re , il a pas reussit a suprimer C:\WINDOWS\system32\__c0029F9C.dat , voila les raport :
Beginning removal... Attempting to delete C:\WINDOWS\system32\__c0029F9C.dat C:\WINDOWS\system32\__c0029F9C.dat Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\__c0029F9C.dat C:\WINDOWS\system32\__c0029F9C.dat Could not be deleted. Performing Repairs to the registry. Done! PCA Sécurité V 1.0.2, (fichier LOG). # Rapport du :05/12/2007 12:47:08 Microsoft Windows XP Service Pack 2 ==>> Processus <== \SystemRoot\System32\smss.exe \??\C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\APPS\Powercinema\PCMService.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Labtec Laser Mouse Software\MulMouse.exe C:\Program Files\Sitecom\Wireless Network USB Adapter 54G WL-113_002\Installer\WLANUTL.EXE C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\johan\Bureau\pca.exe //pages de démarrage et de recherche d'Internet Explorer RO - HKLM\Software\Microsoft\Internet Explorer\Main\Start Page = http://www.ustart.org RO - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 RO - HKCU\Software\Microsoft\Internet Explorer\Main\Start Page = http://www.pspgen.com/ RO - HKCU\Software\Microsoft\Internet Explorer\Toolbar\LinksFolderName = Liens R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\Main\Search Page = http://www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Search\CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Search\SearchAssistant = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Connection Wizard\ShellNext = iexplore //applications lancées depuis system.ini,win.ini //03 - Browser Helper Objects (BHOs) 02 - BHO: - {01960937-90F6-4A37-8EF3-272A79B92393} - 02 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll 02 - BHO: - {0451E078-8F69-4112-B912-069485A4FD4E} - 02 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll 02 - BHO: - {15B35764-C5C2-4446-9AE7-95AD09FDB313} - 02 - BHO: - {18F06E47-85B3-4B25-8E38-8F02435BA4D4} - 02 - BHO: - {236742D3-CB05-40FD-9EF2-CCC8FE395DA9} - 02 - BHO: - {2B5D9C8D-2371-4A42-9021-9DEFE114FC13} - 02 - BHO: - {40E6EF44-7C05-4572-9C1F-8663A9F5B609} - 02 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll 02 - BHO: - {5A4F7DEA-D6E8-408F-8A9F-9D44ADCBD564} - 02 - BHO: - {5C831DCB-4D12-4ABF-BA9E-8712D3C5B41F} - 02 - BHO: - {6273CDB9-1A4B-4D21-A8E1-C4C9806DBBFC} - 02 - BHO: - {6F2225B6-CDEE-4382-AF1B-6B0EE3C651E3} - C:\WINDOWS\system32\awtsq.dll 02 - BHO: - {70F02488-8629-40FB-BF42-E3BCEEAF4EC7} - 02 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll 02 - BHO: - {7A7C1820-EDEA-48F4-8851-F79B571BB8D3} - 02 - BHO: - {7CA81AF5-4F44-430A-A03E-0BC20074BCAE} - 02 - BHO: - {7E853D72-626A-48EC-A868-BA8D5E23E045} - 02 - BHO: - {80FBECCE-C17E-48F2-BBDF-8C7EA2C1891E} - 02 - BHO: - {812F8732-E71C-4DC4-A5A9-A7DE629E9ADE} - 02 - BHO: - {81A40807-DFB1-4D59-914C-8C6154AB1EF6} - 02 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 02 - BHO: - {9403621D-F14F-4C53-84C4-FAA72D07F8FA} - 02 - BHO: - {947F403E-DCF7-4ADB-8989-60ABA3C742FA} - 02 - BHO: - {9DA411D9-ED04-4E92-9D58-72D51A2EBD69} - 02 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll 02 - BHO: - {ABB580C8-1C2F-4209-8386-B75B457F4E67} - 02 - BHO: - {B3B5B2B8-43B1-444A-A1C1-9784EE5D96D8} - 02 - BHO: - {C6009EA7-2759-4385-8BB9-AE270D10B8B4} - 02 - BHO: - {D751FD0B-885D-47D5-96FB-6D0FACDC4E3C} - 02 - BHO: - {EFEE2945-4665-4CFE-9F12-2934FFF9F1E4} - O3 - Toolbar : Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar : &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar : - {11A69AE4-FBED-4832-A2BF-45AF82825583} - //04 - applications chargées automatiquement 04 - HKLM\..\RUN: [nTrayFw] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe 04 - HKLM\..\RUN: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup 04 - HKLM\..\RUN: [nwiz] - nwiz.exe /install 04 - HKLM\..\RUN: [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit 04 - HKLM\..\RUN: [SoundMan] - SOUNDMAN.EXE 04 - HKLM\..\RUN: [DetectorApp] - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe 04 - HKLM\..\RUN: [ISUSPM Startup] - "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup 04 - HKLM\..\RUN: [ISUSScheduler] - "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start 04 - HKLM\..\RUN: [PCMService] - "c:\APPS\Powercinema\PCMService.exe" 04 - HKLM\..\RUN: [SunJavaUpdateSched] - "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" 04 - HKLM\..\RUN: [avast!] - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 04 - HKLM\..\RUN: [QuickTime Task] - "C:\Program Files\QuickTime\qttask.exe" -atboottime 04 - HKLM\..\RUN: [IdiomaX Office] - C:\Program Files\IdiomaX\Office Translator 4.0\IdxOffice.exe 04 - HKLM\..\RUN: [IdiomaX Product Update] - C:\Program Files\Fichiers communs\IdiomaX Shared\Cat 6.0\IdxLUpdate.exe /AUTOSTART 04 - HKLM\..\RUN: [PWRISOVM.EXE] - C:\Program Files\PowerISO\PWRISOVM.EXE 04 - HKLM\..\RUN: [VirtualCloneDrive] - "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s 04 - HKLM\..\RUN: [Picasa Media Detector] - C:\Program Files\Picasa2\PicasaMediaDetector.exe 04 - HKLM\..\RUN: [9c21edd7] - rundll32.exe "C:\WINDOWS\system32\vbphbabf.dll",b 04 - HKLU\..\RUN: [CTFMON.EXE] - C:\WINDOWS\system32\ctfmon.exe 04 - HKLU\..\RUN: [MsnMsgr] - "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background 04 - HKLU\..\RUN: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe 04 - HKLU\..\RUN: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 04 - HKLU\..\RUN: [AlcoholAutomount] - "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount 04 - HKLM\..\RunOnce: [SpybotDeletingC242] - C:\WINDOWS\system32\ctfmon.exe 04 - HKUS\S-1-5-18\..\RUN: [CTFMON.EXE] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe 04 - HKUS\S-1-5-18\..\RUN: [Picasa Media Detector] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup 04 - HKUS\S-1-5-19\..\RUN: [CTFMON.EXE] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe 04 - HKUS\S-1-5-20\..\RUN: [CTFMON.EXE] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe 04 - HKUS\S-1-5-21-3618015508-3629909785-1147112342-1007\..\RUN: [CTFMON.EXE] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe 04 - HKUS\S-1-5-21-3618015508-3629909785-1147112342-1007\..\RUN: [MsnMsgr] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup 04 - HKUS\S-1-5-21-3618015508-3629909785-1147112342-1007\..\RUN: [WMPNSCFG] - nwiz.exe /install 04 - HKUS\S-1-5-21-3618015508-3629909785-1147112342-1007\..\RUN: [SpybotSD TeaTimer] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit 04 - HKUS\S-1-5-21-3618015508-3629909785-1147112342-1007\..\RUN: [AlcoholAutomount] - SOUNDMAN.EXE 04 - Global Startup: Réglages souris Labtec.lnk= C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Réglages souris Labtec.lnk 04 - Global Startup: Sitecom Wireless Utility.lnk= C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Sitecom Wireless Utility.lnk 04 - Startup: OpenOffice.org 2.2.lnk= C:\Documents and Settings\johan\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.2.lnk 04 - Startup: RocketDock.lnk= C:\Documents and Settings\johan\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk 04 - Startup: TransBar.lnk= C:\Documents and Settings\johan\Menu Démarrer\Programmes\Démarrage\TransBar.lnk 04 - Startup: UberIcon.lnk= C:\Documents and Settings\johan\Menu Démarrer\Programmes\Démarrage\UberIcon.lnk 04 - Startup: Y'z Shadow.lnk= C:\Documents and Settings\johan\Menu Démarrer\Programmes\Démarrage\Y'z Shadow.lnk //05 - Accès au panneau de contrôle d'Internet Explorer (control.ini) //06- interdiction à l' accès au options (Internet Explorer) //07 - blocage de l'exécution de Regedit //08 - lignes supplémentaires dans le menu contextuel d'Internet Explorer //09 - boutons situés sur la barre d'outils principale d'Internet Explorer 09 - Extra button: - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll 09 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll 09 - Extra button: - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll 09 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll 09 - Extra button: - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe 09 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe 09 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 09 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe //O10 - Pirates de Winsock //O11 - Onglet supplémentaire dans les options avancées d'Internet Explorer) O11 - Options group: [INTERNATIONAL] - International* //O12 - IE plugins //013 : DefaultPrefix //014 - Option : (Rétablir les paramètres Web) //015 - Zone de confiance d'Internet Explorer //O16 - Objets ActiveX O16 - DPF : QuickTime Object - {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - C:\Program Files\QuickTime\QTPlugin.ocx O16 - DPF : Shockwave ActiveX Control - {166B1BCA-3F9C-11CF-8075-444553540000} - C:\WINDOWS\system32\macromed\Director\SwDir.dll O16 - DPF : Checkers Class - {20A60F0D-9AFA-4515-A0FD-83BD84642501} - C:\WINDOWS\Downloaded Program Files\msgrchkr.dll O16 - DPF : Shockwave ActiveX Control - {233C1507-6A77-46A4-9443-F871F945D258} - C:\WINDOWS\system32\Macromed\Director\SwDir.dll O16 - DPF : TotalScan Installer Class - {512FC5A1-7DE1-43F1-BC0C-371622FCB409} - C:\WINDOWS\Downloaded Program Files\ascstubie.dll O16 - DPF : UnoCtrl Class - {5D6F45B3-9043-443D-A792-115447494D24} - C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll O16 - DPF : WUWebControl Class - {6414512B-B978-451D-A0D8-FCFDF33E833C} - C:\WINDOWS\system32\wuweb.dll O16 - DPF : MessengerStatsClient Class - {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll O16 - DPF : Minesweeper Flags Class - {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - C:\WINDOWS\Downloaded Program Files\MineSweeper.dll //O17 - piratage de domaine Lop.com //O18 - protocoles additionnels O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL //O19 - feuille de style de l'utilisateur //O20 - valeur de Registre AppInit_DLLs et les sous-clés Winlogon Notify O20 - AppInit_DLLs : C:\WINDOWS\system32\__c0029F9C.dat //O21 - ShellServiceObjectDelayLoad //O22 - SharedTaskScheduler O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - %SystemRoot%\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll //O23 - services de XP,NT, 2000, et 2003 O23 - Service: [a-squared Free Service] - O23 - Service: [Ad-Aware 2007 Service] - "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe" O23 - Service: [Service de la passerelle de la couche Application] - %SystemRoot%\System32\alg.exe O23 - Service: [Service d'état ASP.NET] - %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe O23 - Service: [avast! iAVS4 Control Service] - "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" O23 - Service: [avast! Antivirus] - "C:\Program Files\Alwil Software\Avast4\ashServ.exe" O23 - Service: [avast! Mail Scanner] - "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service O23 - Service: [avast! Web Scanner] - "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service O23 - Service: [CyberLink Background Capture Service (CBCS)] - "c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe" O23 - Service: [Gestionnaire de l'Album] - %SystemRoot%\system32\clipsrv.exe O23 - Service: [.NET Runtime Optimization Service v2.0.50727_X86] - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe O23 - Service: [CyberLink Task Scheduler (CTS)] - "c:\APPS\Powercinema\Kernel\TV\CLSched.exe" O23 - Service: [Application système COM+] - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} O23 - Service: [CyberLink Media Library Service] - "c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe" O23 - Service: [DomainService] - C:\WINDOWS\system32\wuqdhxbm.exe /service O23 - Service: [Forceware Web Interface] - "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice O23 - Service: [Google Updater Service] - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" O23 - Service: [InstallDriver Table Manager] - "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe" O23 - Service: [Service COM de gravage de CD IMAPI] - O23 - Service: [LiveUpdate] - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" O23 - Service: [Partage de Bureau à distance NetMeeting] - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: [ForceWare IP service] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: [ForceWare user log service] - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: [NVIDIA Display Driver Service] - %SystemRoot%\system32\nvsvc32.exe O23 - Service: [Planificateur LiveUpdate automatique] - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" O23 - Service: [PnkBstrA] - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: [Gestionnaire de session d'aide sur le Bureau à distance] - C:\WINDOWS\system32\sessmgr.exe O23 - Service: [Localisateur d'appels de procédure distante (RPC)] - %SystemRoot%\system32\locator.exe O23 - Service: [QoS RSVP] - %SystemRoot%\system32\rsvp.exe O23 - Service: [Spouleur d'impression] - %SystemRoot%\system32\spoolsv.exe O23 - Service: [StarWind AE Service] - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: [MS Software Shadow Copy Provider] - C:\WINDOWS\system32\dllhost.exe /Processid:{DC0E0607-432C-4B27-86F3-8CFCBAD1B8EB} O23 - Service: [Journaux et alertes de performance] - %SystemRoot%\system32\smlogsvc.exe O23 - Service: [Onduleur] - %SystemRoot%\System32\ups.exe O23 - Service: [USBDeviceService] - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe O23 - Service: [Service Messenger Sharing Folders USN Journal Reader] - "C:\Program Files\MSN Messenger\usnsvc.exe" O23 - Service: [Cliché instantané de volume] - %SystemRoot%\System32\vssvc.exe O23 - Service: [Carte de performance WMI] - C:\WINDOWS\system32\wbem\wmiapsrv.exe |
Re,
* Télécharge combofix.exe (par sUBs) sur ton Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe * Double clique combofix.exe et suis les invites. * Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. FillPCA |
| Killi, le mercredi 5 décembre 2007 à 13:20:24 Voila :
ComboFix 07-12-02.6 - johan 2007-12-05 12:55:28.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.139 [GMT 1:00] Running from: C:\Documents and Settings\johan\Bureau\ComboFix.exe * Created a new restore point . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf C:\Documents and Settings\johan\Application Data\inst.exe C:\WINDOWS\cookies.ini C:\WINDOWS\system32\__c0029F9C.dat C:\WINDOWS\system32\agpdxeey.ini C:\WINDOWS\system32\aiktaslp.dll C:\WINDOWS\system32\auto.exe C:\WINDOWS\system32\bjqfkaaj.dll C:\WINDOWS\system32\bpbuqwjq.ini C:\WINDOWS\system32\bsaubmct.exe C:\WINDOWS\system32\crdrnekj.dll C:\WINDOWS\system32\duyfiwla.exe C:\WINDOWS\system32\efgguxux.ini C:\WINDOWS\system32\eninggqf.dll C:\WINDOWS\system32\ewdmkect.dll C:\WINDOWS\system32\fgbwukii.ini C:\WINDOWS\system32\fiohyagx.dll C:\WINDOWS\system32\fjbvyssh.ini C:\WINDOWS\system32\fjwilyey.dll C:\WINDOWS\system32\fpfddbjp.dll C:\WINDOWS\system32\fqggnine.ini C:\WINDOWS\system32\gbbojafg.dll C:\WINDOWS\system32\gdtipvxp.dll C:\WINDOWS\system32\gfajobbg.ini C:\WINDOWS\system32\hssyvbjf.dll C:\WINDOWS\system32\ihvgcfco.dll C:\WINDOWS\system32\iikuwbgf.dll C:\WINDOWS\system32\ilxdyewq.ini C:\WINDOWS\system32\imoumpbu.dll C:\WINDOWS\system32\jaakfqjb.ini C:\WINDOWS\system32\jdvkpkgo.dll C:\WINDOWS\system32\jkenrdrc.ini C:\WINDOWS\system32\jmlestak.ini C:\WINDOWS\system32\jpctdwux.dll C:\WINDOWS\system32\jpubojrn.dll C:\WINDOWS\system32\katselmj.dll C:\WINDOWS\system32\lamnnyje.exe C:\WINDOWS\system32\lhejdbmp.ini C:\WINDOWS\system32\lhxspnqy.ini C:\WINDOWS\system32\lyyeowql.exe C:\WINDOWS\system32\mbjabqmy.exe C:\WINDOWS\system32\mdeonoaq.exe C:\WINDOWS\system32\niehkgip.ini C:\WINDOWS\system32\nnwdihlp.ini C:\WINDOWS\system32\nrjobupj.ini C:\WINDOWS\system32\ocfcgvhi.ini C:\WINDOWS\system32\ogkpkvdj.ini C:\WINDOWS\system32\okiqbtrv.ini C:\WINDOWS\system32\onprxsju.ini C:\WINDOWS\system32\pigkhein.dll C:\WINDOWS\system32\pjbddfpf.ini C:\WINDOWS\system32\plhidwnn.dll C:\WINDOWS\system32\plsatkia.ini C:\WINDOWS\system32\pmbdjehl.dll C:\WINDOWS\system32\psdnqcal.exe C:\WINDOWS\system32\pxvpitdg.ini C:\WINDOWS\system32\qjwqubpb.dll C:\WINDOWS\system32\qlfbowcu.ini C:\WINDOWS\system32\qstwa.bak1 C:\WINDOWS\system32\qstwa.bak2 C:\WINDOWS\system32\qstwa.ini C:\WINDOWS\system32\qstwa.ini2 C:\WINDOWS\system32\qstwa.tmp C:\WINDOWS\system32\qweydxli.dll C:\WINDOWS\system32\rjalhgau.ini C:\WINDOWS\system32\spcwybxu.dll C:\WINDOWS\system32\tcekmdwe.ini C:\WINDOWS\system32\uaghlajr.dll C:\WINDOWS\system32\ubpmuomi.ini C:\WINDOWS\system32\ucwobflq.dll C:\WINDOWS\system32\ujsxrpno.dll C:\WINDOWS\system32\uxbywcps.ini C:\WINDOWS\system32\vgpbcydf.exe C:\WINDOWS\system32\vomiftpv.ini C:\WINDOWS\system32\vptfimov.dll C:\WINDOWS\system32\vrtbqiko.dll C:\WINDOWS\system32\vsopwfsq.exe C:\WINDOWS\system32\wqdjoyoy.dll C:\WINDOWS\system32\wujgbnqy.ini C:\WINDOWS\system32\xgayhoif.ini C:\WINDOWS\system32\xjmmpeab.exe C:\WINDOWS\system32\xuwdtcpj.ini C:\WINDOWS\system32\xuxuggfe.dll C:\WINDOWS\system32\xxxwuvti.exe C:\WINDOWS\system32\yeexdpga.dll C:\WINDOWS\system32\yeyliwjf.ini C:\WINDOWS\system32\yoyojdqw.ini C:\WINDOWS\system32\yqnbgjuw.dll C:\WINDOWS\system32\yqnpsxhl.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE -------\DomainService ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-05 to 2007-12-05 )))))))))))))))))))))))))))))))))))) . 2007-12-04 16:46 . 2007-12-04 16:46 294 ---hs---- C:\WINDOWS\system32\fitljvyv.ini 2007-12-03 17:49 . 2007-12-03 17:50 414 ---hs---- C:\WINDOWS\system32\qmnehmqp.ini 2007-12-03 17:32 . 2007-12-03 17:44 354 ---hs---- C:\WINDOWS\system32\hxxhqpqr.ini 2007-12-02 17:54 . 2007-12-02 17:55 <REP> d-------- C:\Program Files\Panda Security 2007-12-02 17:43 . 2007-12-02 17:43 294 ---hs---- C:\WINDOWS\system32\jkepedtr.ini 2007-12-02 17:35 . 2007-12-02 17:36 <REP> d-------- C:\HijackThis 2007-12-02 15:07 . 2007-12-02 15:07 294 ---hs---- C:\WINDOWS\system32\pkebibjq.ini 2007-11-23 19:24 . 2007-11-23 19:24 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-11-23 18:46 . 2007-12-05 12:38 <REP> d-------- C:\VundoFix Backups 2007-11-21 20:41 . 2007-11-22 15:58 23 --a------ C:\WINDOWS\BlendSettings.ini 2007-11-21 18:12 . 2007-11-21 18:12 <REP> d-------- C:\Program Files\Bethesda Softworks 2007-11-18 21:24 . 2006-09-29 11:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll 2007-11-18 21:24 . 2006-09-29 11:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll 2007-11-18 21:24 . 2006-09-29 11:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll 2007-11-17 23:37 . 2007-11-24 13:18 <REP> d-------- C:\Program Files\eMule 2007-11-17 13:15 . 2007-11-21 14:40 <REP> d-------- C:\Documents and Settings\johan\Application Data\CopyToDvd 2007-11-17 13:05 . 2007-11-18 21:24 <REP> d-------- C:\Program Files\VSO 2007-11-17 13:05 . 2007-11-21 14:40 <REP> d-------- C:\Documents and Settings\johan\Application Data\Vso 2007-11-17 13:05 . 2007-11-17 13:05 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2007-11-17 13:05 . 2007-11-17 13:05 47,360 --a------ C:\Documents and Settings\johan\Application Data\pcouffin.sys 2007-11-14 12:27 . 2007-11-14 12:27 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-11-09 17:38 . 2007-11-09 17:38 294 ---hs---- C:\WINDOWS\system32\fcwasyrf.ini 2007-11-05 21:32 . 2007-11-05 21:43 <REP> d-------- C:\Program Files\AutoWebCam . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-05 11:54 --------- d-----w C:\Docum |