Sujet Précédent Sujet Suivant

[XP] Virus imbattable "spywarealert" A L

Fermé
adamtheboss - 29 août 2008 à 20:04
 adamtheboss - 3 sept. 2008 à 23:15
Bonjour,
AUjourd'hui je viens d'attraper un gros virus qui j'espere se desinfectera grace à votre aide.
Voici certains symptômes :
- Fond d'ecran du bureau TOUT BLANC !!!
- A côté de l'heure en bas à droite, il est ecrit : VIRUS ALERT !
- Dans le menu demarrer je n'ai plus "tous mes programmes" nbi "panneau de configuration" !!!
- Je ne peux pas acceder au gestionnaire de taches car ça me marque "le gestionnaire de taches a été desactivé par l'administrateur" !
- 4 Logiciels se sont installés tous seuls : "SPYWARE AND MALWARE PROTECTION" ; "PRIVACY PROTECTOR" ; "ERROR CLEANER" et "PLAY PORTAIL NOW" !!!
- J'ai aussi des fenetres internet qui s'ouvrent toutes seules pa exemple ; "pc privacy cleaner" ou "Virusremouver2008" et quelques fenetres windows par exemple : "Windows security alert" où il est marqué : "Windows has detected an internet attack attempt..."

Bref, je n'ai jamai eu de virus semblable à celui-ci !!!!!!!!!! J'espere que vous pourrez m'aider car j'ai fait tout ce que j'ai pu (scan avec avg free, avg anti-spyware...) sans resultat. Pour vous aider, voici un log HiJackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:01: VIRUS ALERT!, on 29/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\PROGRA~1\AVG\AVG8\avgtray.exe
I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
I:\WINDOWS\system32\RUNDLL32.EXE
I:\WINDOWS\RTHDCPL.EXE
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
I:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
I:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
I:\Program Files\DAP\DAP.EXE
I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\PROGRA~1\AVG\AVG8\avgrsx.exe
I:\PROGRA~1\AVG\AVG8\avgemc.exe
I:\Program Files\PC Connectivity Solution\ServiceLayer.exe
I:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
I:\Program Files\Windows Live\installer\WLSetupSvc.exe
I:\Program Files\Windows Live\Messenger\msnmsgr.exe
I:\Program Files\Windows Live\Messenger\usnsvc.exe
I:\WINDOWS\system32\rundll32.exe
I:\WINDOWS\system32\rundll32.exe
I:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\Program Files\AVG\AVG8\avgui.exe
I:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe
I:\WINDOWS\system32\NOTEPAD.EXE
I:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\WINDOWS\explorer.exe
I:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar1.dll
O3 - Toolbar: qalkfxor - {63271185-F8AC-4E37-85C8-5CCB942BC177} - I:\WINDOWS\qalkfxor.dll
O4 - HKLM\..\Run: [AVG8_TRAY] I:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [000000af] rundll32.exe "I:\WINDOWS\system32\pfktpcmf.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "I:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "I:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [DownloadAccelerator] "I:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Clean Traces - I:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - I:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - I:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u7-windows-i586-jc.cab&AuthParam=1580978829_3fac487ff39b191ded7866fc4973d48d&ext=.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - I:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll eyropc.dll
O21 - SSODL: pdoskegl - {8E9514C1-6603-4A96-B328-05E3CFF3B46A} - I:\WINDOWS\pdoskegl.dll
O21 - SSODL: rqbmvpso - {BBEB4773-D9FB-4A46-A3A3-ACA0598B9369} - I:\WINDOWS\rqbmvpso.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - I:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - I:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: Privacy Protection - file:///I:\WINDOWS\privacy_danger\index.htm
A voir également:

26 réponses

  • 1
  • 2
Réponse 1 / 26
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
29 août 2008 à 20:10
Bonsoir

oui en effet plusieurs infections
ne t'inquiète pas je vais te guider pour désinfecter ton PC

Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Déconnecte toi d'internet et ferme toutes tes applications.
* Désactive tes protections (antivirus, parefeu,antispyware) provisoirement et seulement le temps de l'utilisation de ComboFix,
* Double-clic sur combofix.exe, il est possible que ton parefeu te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
* /! Ne touche à rien tant que le scan n'est pas terminé.Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne /!
* Attends que Combofix ait terminé, un rapport sera créé.
* réactive ton parefeu, ton antivirus, la garde de ton antispyware
* copie/colle le rapport, le rapport se trouve dans : C:Combofix.txt
* Réactive tes protections en temps réel, Antivirus, Antispywares, avant de te reconnecter à internet.

@+
1
Réponse 2 / 26
adamtheboss
29 août 2008 à 20:33
Salut, merci pour ta prompte reponse.
Le logiciel a bien marché, il a fait redemarrer le systeme mais apres le redemmarage il reste bloqué sur "Compte rendu en cours de preparation , ne lancer aucun programme tant que combofix n'est pas fini" car en faite une fenetre est apparue disant : "la modification du registre a été desactivée par l'administrateur"
Sinon j'ai recupéré "tous mes programmes" et le panneau de configuration et le "VIRUS ALERT" est parti mais j'ai encore les fenetres intempestives, les 4 logiciels et le fond d'ecran blanc.
Merci pour ton aide.
0
Réponse 3 / 26
adamtheboss
29 août 2008 à 20:36
C'est bon j'ai enlevé le message "la modification du registre............." est le log est apparu par contre le "VIRUS ALERT!" est revenu. voici le log :

ComboFix 08-08-28.06 - Adam 2008-08-29 20:17:54.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1582 [GMT 2:00]
Endroit: I:\Documents and Settings\Adam\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

I:\Documents and Settings\Adam\Bureau\Error Cleaner.url
I:\Documents and Settings\Adam\Bureau\Privacy Protector.url
I:\Documents and Settings\Adam\Bureau\Spyware&Malware Protection.url
I:\Documents and Settings\Adam\Favoris\Error Cleaner.url
I:\Documents and Settings\Adam\Favoris\Privacy Protector.url
I:\Documents and Settings\Adam\Favoris\Spyware&Malware Protection.url
I:\setup.exe
I:\WINDOWS\cookies.ini
I:\WINDOWS\eevk.exe
I:\WINDOWS\privacy_danger
I:\WINDOWS\privacy_danger\images\capt.gif
I:\WINDOWS\privacy_danger\images\danger.jpg
I:\WINDOWS\privacy_danger\images\down.gif
I:\WINDOWS\privacy_danger\images\spacer.gif
I:\WINDOWS\system32\cbXoPfFY.dll
I:\WINDOWS\system32\eyropc.dll
I:\WINDOWS\system32\fmcptkfp.ini
I:\WINDOWS\system32\ljJASjgG.dll
I:\WINDOWS\system32\pfktpcmf.dll
I:\WINDOWS\system32\qWGfPqru.ini
I:\WINDOWS\system32\qWGfPqru.ini2
I:\WINDOWS\system32\xnuagtkq.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-28 to 2008-08-29 ))))))))))))))))))))))))))))))))))))
.

2008-08-29 20:21: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\Adam\Application Data\TmpRecentIcons
2008-08-29 20:19: . VIRUS I:\ComboFix\ALERT! <REP> temp
2008-08-29 20:19: . VIRUS I:\ComboFix\ALERT! 53,248 PSEXESVC.EXE
2008-08-29 20:16: . VIRUS I:\ComboFix\ALERT! <REP> ComboFix
2008-08-29 19:44: . VIRUS I:\ComboFix\ALERT! <REP> I:\Program Files\Trend Micro
2008-08-29 19:26: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\All Users\Application Data\Grisoft
2008-08-29 19:26: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\Adam\Application Data\Grisoft
2008-08-29 19:26 . 2007-05-30 14:10: VIRUS ALERT! 10,872 --a------ I:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-08-29 19:03 . 2008-08-29 19:03: VIRUS ALERT! 323,840 --a------ I:\WINDOWS\system32\urqPfGWq.dll
2008-08-29 18:57: . VIRUS I:\ComboFix\ALERT! 380,928 rodqgpvltbp.dll
2008-08-29 18:57: . VIRUS I:\ComboFix\ALERT! 233,472 pdoskegl.dll
2008-08-29 18:57: . VIRUS I:\ComboFix\ALERT! 204,800 rqbmvpso.dll
2008-08-29 18:57: . VIRUS I:\ComboFix\ALERT! 159,744 qalkfxor.dll
2008-08-29 18:57: . VIRUS I:\ComboFix\ALERT! 86,016 rvoelbxt.exe
2008-08-29 18:33: . VIRUS I:\ComboFix\ALERT! <REP> $AVG8.VAULT$
2008-08-29 18:10: . VIRUS I:\ComboFix\ALERT! <REP> I:\Program Files\K-Lite Codec Pack
2008-08-29 17:26 . 2004-08-05 14:00: VIRUS ALERT! 221,184 --a------ I:\WINDOWS\system32\wmpns.dll
2008-08-29 17:21: . VIRUS I:\ComboFix\ALERT! <REP> I:\Program Files\LimeWire
2008-08-29 17:21: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\Adam\Application Data\LimeWire
2008-08-29 17:09: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\Adam\Contacts
2008-08-29 16:28: . VIRUS I:\ComboFix\ALERT! <REP> I:\Program Files\Windows Live
2008-08-29 16:28: . VIRUS I:\ComboFix\ALERT! <REP> I:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-08-29 16:27: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-29 16:26: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\All Users\Application Data\TEMP
2008-08-29 16:25: . VIRUS I:\ComboFix\ALERT! <REP> $MSI31Uninstall_KB893803v2$
2008-08-29 16:21 . 2008-08-29 16:21: VIRUS ALERT! 479,298 --a------ I:\WINDOWS\system32\wbocx.ocx
2008-08-29 16:21 . 2008-08-29 16:21: VIRUS ALERT! 172,032 --a------ I:\WINDOWS\system32\AniGIF.ocx
2008-08-29 16:21 . 2008-08-29 16:21: VIRUS ALERT! 50,688 --a------ I:\WINDOWS\system32\wbhelp2.dll
2008-08-29 16:15 . 2001-06-12 22:07: VIRUS ALERT! 200,704 --a------ I:\WINDOWS\system32\dapres.dll
2008-08-29 16:12 . 2008-08-29 16:12: VIRUS ALERT! 53,760 --a------ I:\WINDOWS\system32\zlib.dll
2008-08-29 15:12: . VIRUS I:\ComboFix\ALERT! <REP> nvidia icons
2008-08-29 15:10: . VIRUS I:\ComboFix\ALERT! <REP> nview
2008-08-29 15:06 . 2008-04-30 17:27: VIRUS ALERT! 442,368 --a------ I:\WINDOWS\system32\NVUNINST.EXE
2008-08-29 14:46: . VIRUS I:\ComboFix\ALERT! <REP> I:\Program Files\DAP
2008-08-29 14:46: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\All Users\Application Data\SpeedBit
2008-08-29 14:14: . VIRUS I:\ComboFix\ALERT! <REP> I:\Program Files\AIDA32 - Personal System Information
2008-08-29 14:10: . VIRUS I:\ComboFix\ALERT! <REP> I:\Program Files\SystemRequirementsLab
2008-08-29 14:10 . 2008-08-29 14:10: VIRUS ALERT! 664 --a------ I:\WINDOWS\system32\d3d9caps.dat
2008-08-29 14:10 . 2008-08-29 14:10: VIRUS ALERT! 552 --a------ I:\WINDOWS\system32\d3d8caps.dat
2008-08-29 14:02 . 2008-08-29 14:02: VIRUS ALERT! <REP> d-------- I:\WINDOWS\system32\Lang
2008-08-29 14:02 . 2008-08-29 14:02: VIRUS ALERT! 940,794 --a------ I:\WINDOWS\system32\LoopyMusic.wav
2008-08-29 14:02 . 2008-08-29 14:02: VIRUS ALERT! 146,650 --a------ I:\WINDOWS\system32\BuzzingBee.wav
2008-08-29 14:00: . VIRUS I:\ComboFix\ALERT! <REP> I:\Program Files\Fichiers communs\InstallShield
2008-08-29 14:00: . VIRUS I:\ComboFix\ALERT! <REP> $NtUninstallKB888111WXPSP2$
2008-08-29 13:57: . VIRUS I:\ComboFix\ALERT! 319,488 HideWin.exe
2008-08-29 13:55: . VIRUS I:\ComboFix\ALERT! <REP> I:\Program Files\Lavalys
2008-08-28 23:04: . VIRUS I:\ComboFix\ALERT! <REP> $NtUninstallKB898461$
2008-08-28 21:21: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\All Users\Application Data\Nokia
2008-08-28 21:20: . VIRUS I:\ComboFix\ALERT! <REP> I:\Program Files\MSXML 6.0
2008-08-28 21:20 . 2008-02-01 16:17: VIRUS ALERT! 138,112 --a------ I:\WINDOWS\system32\drivers\nmwcdnsu.sys
2008-08-28 21:20 . 2008-02-01 16:17: VIRUS ALERT! 8,320 --a------ I:\WINDOWS\system32\drivers\nmwcdnsuc.sys
2008-08-28 21:07: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\All Users\Application Data\PC Suite
2008-08-28 21:07: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\Adam\Application Data\PC Suite
2008-08-28 21:07: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\Adam\Application Data\Nokia
2008-08-28 20:59: . VIRUS I:\ComboFix\ALERT! <REP> I:\Program Files\PC Connectivity Solution
2008-08-28 20:59: . VIRUS I:\ComboFix\ALERT! <REP> I:\Program Files\Fichiers communs\PCSuite
2008-08-28 20:59: . VIRUS I:\ComboFix\ALERT! <REP> I:\Program Files\Fichiers communs\Nokia
2008-08-28 20:59: . VIRUS I:\ComboFix\ALERT! <REP> I:\Program Files\DIFX
2008-08-28 20:59 . 2007-09-17 15:53: VIRUS ALERT! 21,632 --a------ I:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-08-28 20:58: . VIRUS I:\ComboFix\ALERT! <REP> I:\Program Files\Nokia
2008-08-28 20:58 . 2008-08-29 16:34: VIRUS ALERT! <REP> d----c--- I:\WINDOWS\system32\DRVSTORE
2008-08-28 20:58 . 2008-05-07 07:39: VIRUS ALERT! 1,419,232 --a------ I:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-08-28 20:58 . 2008-05-07 07:38: VIRUS ALERT! 659,968 --a------ I:\WINDOWS\system32\nmwcdcocls.dll
2008-08-28 20:58 . 2008-05-07 07:38: VIRUS ALERT! 20,864 --a------ I:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-08-28 20:58 . 2008-05-07 07:38: VIRUS ALERT! 17,536 --a------ I:\WINDOWS\system32\drivers\ccdcmb.sys
2008-08-28 20:58 . 2008-05-07 07:38: VIRUS ALERT! 8,064 --a------ I:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-08-28 20:58 . 2008-06-06 09:24: VIRUS ALERT! 8,064 --a------ I:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-08-28 20:57: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\All Users\Application Data\Installations
2008-08-28 20:44 . 2006-08-29 16:56: VIRUS ALERT! 32,377 --a------ I:\WINDOWS\system32\drivers\prodigy.sys
2008-08-28 20:43: . VIRUS I:\ComboFix\ALERT! <REP> I:\Program Files\NSS
2008-08-28 20:42: . VIRUS I:\ComboFix\ALERT! 25,600 usbser.sys
2008-08-28 20:42 . 2004-08-03 23:08: VIRUS ALERT! 25,600 --a------ I:\WINDOWS\system32\drivers\usbser.sys
2008-08-28 20:41: . VIRUS I:\ComboFix\ALERT! <REP> $NtUninstallWdf01005$
2008-08-28 20:41 . 2008-08-28 20:41: VIRUS ALERT! 0 --ah----- I:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-08-28 20:41 . 2008-08-28 20:41: VIRUS ALERT! 0 --ah----- I:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-08-28 20:19: . VIRUS I:\ComboFix\ALERT! <REP> I:\Program Files\Google
2008-08-28 20:19: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-28 20:11: . VIRUS I:\ComboFix\ALERT! <REP> ie7updates
2008-08-28 20:11 . 2008-08-28 20:11: VIRUS ALERT! <REP> d-------- I:\WINDOWS\system32\fr-fr
2008-08-28 20:10: . VIRUS I:\ComboFix\ALERT! <REP> WBEM
2008-08-28 20:09: . VIRUS I:\ComboFix\ALERT! <REP> ie7
2008-08-28 20:09: . VIRUS I:\ComboFix\ALERT! <REP> $NtUninstallKB915865$
2008-08-28 20:09: . VIRUS I:\ComboFix\ALERT! <REP> $NtServicePackUninstallNLSDownlevelMapping$
2008-08-28 20:09: . VIRUS I:\ComboFix\ALERT! <REP> $NtServicePackUninstallIDNMitigationAPIs$
2008-08-28 20:09 . 2006-10-08 21:51: VIRUS ALERT! 23,856 --a------ I:\WINDOWS\system32\spupdsvc.exe
2008-08-28 20:04 . 2008-08-28 20:04: VIRUS ALERT! 13,752 --a------ I:\WINDOWS\system32\wpa.bak
2008-08-28 18:59: . VIRUS I:\ComboFix\ALERT! <REP> I:\Program Files\AVG
2008-08-28 18:59: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\All Users\Application Data\avg8
2008-08-28 18:59 . 2008-08-29 13:49: VIRUS ALERT! <REP> d-------- I:\WINDOWS\system32\drivers\Avg
2008-08-28 18:59 . 2008-08-29 13:48: VIRUS ALERT! 97,928 --a------ I:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-28 18:59 . 2008-08-28 18:59: VIRUS ALERT! 76,040 --a------ I:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-28 18:59 . 2008-08-28 18:59: VIRUS ALERT! 10,520 --a------ I:\WINDOWS\system32\avgrsstx.dll
2008-08-28 18:53: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\Adam\UserData
2008-08-28 18:47: . VIRUS I:\ComboFix\ALERT! <REP> OPTIONS
2008-08-28 18:47: . VIRUS I:\ComboFix\ALERT! <REP> I:\Program Files\Realtek
2008-08-28 18:47: . VIRUS I:\ComboFix\ALERT! <REP> I:\Program Files\InstallShield Installation Information
2008-08-28 18:47: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\Adam\Application Data\InstallShield
2008-08-28 18:47 . 2008-02-25 20:54: VIRUS ALERT! 105,088 --a------ I:\WINDOWS\system32\drivers\Rtnicxp.sys
2008-08-28 18:47 . 2008-07-22 00:14: VIRUS ALERT! 9,728 --a------ I:\WINDOWS\system32\RtNicProp32.dll
2008-08-28 18:03: . VIRUS I:\ComboFix\ALERT! <REP> SoftwareDistribution
2008-08-28 18:03: . VIRUS I:\ComboFix\ALERT! <REP> Prefetch
2008-08-28 18:03: . VIRUS I:\ComboFix\ALERT! <REP> LocalService
2008-08-28 18:03: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\Adam\Voisinage r‚seau
2008-08-28 18:03: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\Adam\Voisinage d'impression
2008-08-28 18:03: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\Adam\ModŠles
2008-08-28 18:03: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\Adam\Mes documents
2008-08-28 18:03: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\Adam\Menu D‚marrer
2008-08-28 18:03: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\Adam\Favoris
2008-08-28 18:03: . VIRUS I:\ComboFix\ALERT! <REP> I:\Documents and Settings\Adam\Bureau
2008-08-28 18:03: . VIRUS I:\ComboFix\ALERT! <REP> Adam
2008-08-28 18:03: . VIRUS I:\ComboFix\ALERT! 1,572,864 NTUSER.DAT
2008-08-28 18:03: . VIRUS I:\ComboFix\ALERT! 229,376 NTUSER.DAT
2008-08-28 18:03 . 2008-08-28 18:03: VIRUS ALERT! <REP> d---s---- I:\WINDOWS\system32\Microsoft
2008-08-28 18:02: . VIRUS I:\ComboFix\ALERT! <REP> NetworkService
2008-08-28 18:02: . VIRUS I:\ComboFix\ALERT! 229,376 NTUSER.DAT
2008-08-28 18:02: . VIRUS I:\ComboFix\ALERT! 8,192 REGLOCS.OLD
2008-08-28 18:01: . VIRUS I:\ComboFix\ALERT! <REP> I:\WINDOWS\system32\config\systemprofile\Voisinage r‚seau
2008-08-28 18:01: . VIRUS I:\ComboFix\ALERT! <REP> I:\WINDOWS\system32\config\systemprofile\Voisinage d'impression
2008-08-28 18:01: . VIRUS I:\ComboFix\ALERT! <REP> I:\WINDOWS\system32\config\systemprofile\ModŠles
2008-08-28 18:01: . VIRUS I:\ComboFix\ALERT! <REP> I:\WINDOWS\system32\config\systemprofile\Mes documents
2008-08-28 18:01: . VIRUS I:\ComboFix\ALERT! <REP> I:\WINDOWS\system32\config\systemprofile\Menu D‚marrer
2008-08-28 18:01: . VIRUS I:\ComboFix\ALERT! <REP> I:\WINDOWS\system32\config\systemprofile\Favoris
2008-08-28 18:01: . VIRUS I:\ComboFix\ALERT! <REP> I:\WINDOWS\system32\config\systemprofile\Bureau
2008-08-28 18:00: . VIRUS I:\ComboFix\ALERT! <REP> I:\Program Files\microsoft frontpage
2008-08-28 18:00: . VIRUS I:\ComboFix\ALERT! 13,463,552 hwxjpn.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-29 12:48 --------- d-----w I:\Documents and Settings\Adam\Application Data\Azureus
2008-08-29 12:00 319,488 ----a-w I:\WINDOWS\HideWin.exe
2008-08-29 10:57 86,016 ----a-w I:\WINDOWS\rvoelbxt.exe
2008-08-29 10:57 380,928 ----a-w I:\WINDOWS\rodqgpvltbp.dll
2008-08-29 10:57 233,472 ----a-w I:\WINDOWS\pdoskegl.dll
2008-08-29 10:57 204,800 ----a-w I:\WINDOWS\rqbmvpso.dll
2008-08-29 10:57 159,744 ----a-w I:\WINDOWS\qalkfxor.dll
2008-08-28 17:47 --------- d-----w I:\Documents and Settings\All Users\Application Data\Azureus
2008-08-28 17:45 --------- d-----w I:\Program Files\Vuze
2008-08-28 17:45 --------- d-----w I:\Program Files\Java
2008-08-28 17:44 --------- d-----w I:\Program Files\Fichiers communs\Java
2008-08-28 15:58 --------- d-----w I:\Program Files\Services en ligne
2008-08-06 15:12 4,755,968 ----a-w I:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-07-31 13:05 16,806,912 ----a-w I:\WINDOWS\RTHDCPL.exe
2008-07-29 13:42 528,384 ----a-w I:\WINDOWS\RtlExUpd.dll
2008-07-25 08:34 81,920 ----a-w I:\WINDOWS\system32\dpl100.dll
2008-07-25 08:34 683,520 ----a-w I:\WINDOWS\system32\divx.dll
2008-07-23 16:50 3,596,288 ----a-w I:\WINDOWS\system32\qt-dx331.dll
2008-07-16 18:51 2,041,363 ----a-w I:\WINDOWS\system32\x264vfw.dll
2008-07-15 13:20 69,632 ----a-w I:\WINDOWS\system32\ChCfg.exe
2008-07-15 11:47 1,196,032 ----a-w I:\WINDOWS\RtlUpd.exe
2008-06-23 16:28 826,368 ----a-w I:\WINDOWS\system32\wininet.dll
2008-06-19 14:42 2,808,832 ----a-w I:\WINDOWS\ALCWZRD.EXE
2008-06-19 14:27 9,715,200 ----a-w I:\WINDOWS\RTLCPL.EXE
2008-06-19 14:20 57,344 ----a-w I:\WINDOWS\ALCMTR.EXE
2008-06-18 16:01 77,824 ----a-w I:\WINDOWS\SOUNDMAN.EXE
2008-06-12 18:36 7,680 ----a-w I:\WINDOWS\system32\ff_vfw.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{750572CE-0B99-47EF-9A63-BC7BE4F2B5EE}]
2008-08-29 19:03: VIRUS ALERT! 323840 --a------ I:\WINDOWS\system32\urqPfGWq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCF16171-9753-4FDB-AF00-98D14C339A63}]
2008-08-29 12:57: VIRUS ALERT! 380928 --a------ I:\WINDOWS\rodqgpvltbp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{63271185-F8AC-4E37-85C8-5CCB942BC177}"= "I:\WINDOWS\qalkfxor.dll" [2008-08-29 12:57: VIRUS ALERT! 159744]

[HKEY_CLASSES_ROOT\clsid\{63271185-f8ac-4e37-85c8-5ccb942bc177}]
[HKEY_CLASSES_ROOT\qalkfxor.1]
[HKEY_CLASSES_ROOT\TypeLib\{AE23524F-1EBA-4EBB-9013-9218F5BD0E2D}]
[HKEY_CLASSES_ROOT\qalkfxor]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
"NoDispCPL"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)
"NoStartMenuMorePrograms"= 1 (0x1)
"NoSetFolders"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]]
Source= file:///I:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"pdoskegl"= {8E9514C1-6603-4A96-B328-05E3CFF3B46A} - I:\WINDOWS\pdoskegl.dll [2008-08-29 12:57: VIRUS ALERT! 233472]
"rqbmvpso"= {BBEB4773-D9FB-4A46-A3A3-ACA0598B9369} - I:\WINDOWS\rqbmvpso.dll [2008-08-29 12:57: VIRUS ALERT! 204800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll eyropc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"I:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"I:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"I:\\Program Files\\Vuze\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"I:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"I:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"I:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"I:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"I:\\Program Files\\DAP\\DAP.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;I:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-29 13:48: VIRUS ALERT!]
R2 avg8emc;AVG Free8 E-mail Scanner;I:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 13:48: VIRUS ALERT!]
R2 avg8wd;AVG Free8 WatchDog;I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 13:48: VIRUS ALERT!]
R2 AvgTdiX;AVG Free8 Network Redirector;I:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-28 18:59: VIRUS ALERT!]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;I:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 16:17: VIRUS ALERT!]
S3 nmwcdnsuc;Nokia USB Flashing Generic;I:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 16:17: VIRUS ALERT!]
S3 PRODIGY;PRODIGY;I:\WINDOWS\system32\Drivers\PRODIGY.SYS [2006-08-29 16:56: VIRUS ALERT!]

*Newly Created Service* - AVGASCLN
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{E2B532CC-0605-40D4-9659-54B020ABCEC3} - I:\WINDOWS\system32\ljJASjgG.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
O8 -: &Clean Traces - I:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 -: &Download with &DAP - I:\Program Files\DAP\dapextie.htm
O8 -: Download &all with DAP - I:\Program Files\DAP\dapextie2.htm

O16 -: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
I:\WINDOWS\Downloaded Program Files\ewidoOnlineScan.dll

O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
I:\WINDOWS\Downloaded Program Files\SysReqLab3.osd
I:\WINDOWS\Downloaded Program Files\sysreqlab3.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-29 20:21:49
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Abiosdsk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\abp480n5]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPI]
"ImagePath"="system32\DRIVERS\ACPI.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPIEC]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\adpu160m]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aec]
"ImagePath"="system32\drivers\aec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AFD]
"ImagePath"="\SystemRoot\System32\drivers\afd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aha154x]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78u2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78xx]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Alerter]
"ServiceDll"="%SystemRoot%\system32\alrsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AliIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\amsint]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3350p]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3550]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi]
"ImagePath"="system32\DRIVERS\atapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atdisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atmarpc]
"ImagePath"="system32\DRIVERS\atmarpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\audiosrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\audstub]
"ImagePath"="system32\DRIVERS\audstub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVG Anti-Spyware Driver]
"ImagePath"="\??\I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVG Anti-Spyware Guard]
"ImagePath"="I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avg8emc]
"ImagePath"="I:\PROGRA~1\AVG\AVG8\avgemc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avg8wd]
"ImagePath"="I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AvgAsCln]
"ImagePath"="System32\DRIVERS\AvgAsCln.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AvgLdx86]
"ImagePath"="\SystemRoot\System32\Drivers\avgldx86.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AvgMfx86]
"ImagePath"="\SystemRoot\System32\Drivers\avgmfx86.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AvgTdiX]
"ImagePath"="\SystemRoot\System32\Drivers\avgtdix.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BattC]
"MofImagePath"="System32\Drivers\battc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Beep]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme]
"ImagePath"="\??\I:\ComboFix\catchme.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbidf2k]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cd20xrnt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdaudio]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Changer]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvc]
"ImagePath"="%SystemRoot%\system32\cisvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ClipSrv]
"ImagePath"="%SystemRoot%\system32\clipsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysApp]
"ImagePath"="I:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentFilter]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentIndex]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cpqarray]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac2w2k]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac960nt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcp]
"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmadmin]
"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmboot]
"ImagePath"="System32\drivers\dmboot.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmio]
"ImagePath"="System32\drivers\dmio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmload]
"ImagePath"="System32\drivers\dmload.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserver]
"ServiceDll"="%SystemRoot%\System32\dmserver.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMusic]
"ImagePath"="system32\drivers\DMusic.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dpti2o]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvc]
"ServiceDll"="%SystemRoot%\System32\ersvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Eventlog]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
"ServiceDll"="I:\WINDOWS\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
"ImagePath"="system32\DRIVERS\fltMgr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvc]
"ImagePath"="\"I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hidusb]
"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntcAzAudAddService]
"ImagePath"="system32\drivers\RtkHDAud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]
"ImagePath"="system32\DRIVERS\Ip6Fw.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
"ImagePath"="I:\WINDOWS\system32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]
"ImagePath"="I:\WINDOWS\system32\msdtc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nmwcd]
"ImagePath"="system32\drivers\ccdcmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nmwcdc]
"ImagePath"="system32\drivers\ccdcmbo.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nmwcdnsu]
"ImagePath"="system32\drivers\nmwcdnsu.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nmwcdnsuc]
"ImagePath"="system32\drivers\nmwcdnsuc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nv]
"ImagePath"="system32\DRIVERS\nv4_mini.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVSvc]
"ImagePath"="%SystemRoot%\system32\nvsvc32.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]
"ImagePath"="system32\DRIVERS\parport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pccsmcfd]
"ImagePath"="system32\DRIVERS\pccsmcfd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PRODIGY]
"ImagePath"="System32\Drivers\PRODIGY.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr]
"ImagePath"="system32\DRIVERS\rdpdr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
"ImagePath"="I:\WINDOWS\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RTL8023xp]
"ImagePath"="system32\DRIVERS\Rtnicxp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceLayer]
"ImagePath"="\"I:\Program Files\PC Connectivity Solution\ServiceLayer.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
"ServiceDll"="I:\WINDOWS\system32\srsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]
"ImagePath"="I:\WINDOWS\system32\dllhost.exe /Processid:{AB10C359-6DB6-459E-BEE7-38C0379D37C4}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr]
"ImagePath"="I:\WINDOWS\system32\tlntsvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upperdev]
"ImagePath"="system32\DRIVERS\usbser_lowerflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbser]
"ImagePath"="system32\drivers\usbser.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UsbserFilt]
"ImagePath"="system32\DRIVERS\usbser_lowerfltj.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbstor]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usnjsvc]
"ImagePath"="\"I:\Program Files\Windows Live\Messenger\usnsvc.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wdf01000]
"ImagePath"="system32\DRIVERS\Wdf01000.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WLSetupSvc]
"ImagePath"="\"I:\Program Files\Windows Live\installer\WLSetupSvc.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]
"ServiceDll"="I:\WINDOWS\system32\mspmsnsv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi]
"ServiceDll"="%SystemRoot%\System32\advapi32.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv]
"ImagePath"="I:\WINDOWS\system32\wbem\wmiapsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv]
"ServiceDll"="I:\WINDOWS\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1EA79951-FFA2-47BF-997B-3E1C239EFEDA}]
.
------------------------ Other Running Processes ------------------------
.
I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
I:\WINDOWS\system32\rundll32.exe
I:\WINDOWS\RTHDCPL.exe
I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
I:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
I:\Program Files\PC Connectivity Solution\ServiceLayer.exe
I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
I:\Program Files\DAP\DAP.exe
I:\Program Files\Internet Explorer\iexplore.exe
I:\Program Files\AVG\AVG8\avgrsx.exe
I:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-29 20:34:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-29 18:34:39

Pre-Run: 741,719,912,448 octets libres
Post-Run: 741,830,586,368 octets libres

773 --- E O F --- 2008-08-28 21:04:31
0
Réponse 4 / 26
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
29 août 2008 à 22:00
ok

normal que ça ne soit pas rentre dans l'ordre car tu es sur-infecté

selectionne ceci 

Registry::
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]      
"{63271185-F8AC-4E37-85C8-5CCB942BC177}"=-
[-HKEY_CLASSES_ROOT\clsid\{63271185-f8ac-4e37-85c8-5ccb942bc177}]  
[-HKEY_CLASSES_ROOT\qalkfxor.1]     
[-HKEY_CLASSES_ROOT\TypeLib\{AE23524F-1EBA-4EBB-9013-9218F5BD0E2D}]  
[-HKEY_CLASSES_ROOT\qalkfxor]       
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0/u]  
"Source"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]       
"rqbmvpso"=-

File::
I:\Documents and Settings\Adam\Application Data\TmpRecentIcons   
I:\WINDOWS\system32\urqPfGWq.dll  
I:\WINDOWS\rodqgpvltbp.dll  
I:\WINDOWS\pdoskegl.dll  
I:\WINDOWS\rvoelbxt.exe       
I:\WINDOWS\qalkfxor.dll       
I:\WINDOWS\rqbmvpso.dll





* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Veille à ce que Retour à la ligne ne soit pas coché dans Format.
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme ceci
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.
si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.

@+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 26
adamtheboss
29 août 2008 à 22:05
salut, malheureusement je n'arrive pas à accéder dans le bloc notes car le "tous mes programmes" a encore disparu dans le menu demarrer. Que dois-je faire ?
0
Réponse 6 / 26
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
29 août 2008 à 22:11
fait démarrer > Exécuter et tape Notepad.exe > ensuite ok et ton bloc note va s'ouvrir
0
Réponse 7 / 26
adamtheboss
29 août 2008 à 22:21
merci , voilà le log :

ComboFix 08-08-28.06 - Adam 2008-08-29 22:16:20.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1552 [GMT 2:00]
Endroit: I:\Documents and Settings\Adam\Bureau\ComboFix.exe
Command switches used :: I:\Documents and Settings\Adam\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
I:\Documents and Settings\Adam\Application Data\TmpRecentIcons
I:\WINDOWS\pdoskegl.dll
I:\WINDOWS\qalkfxor.dll
I:\WINDOWS\rodqgpvltbp.dll
I:\WINDOWS\rqbmvpso.dll
I:\WINDOWS\rvoelbxt.exe
I:\WINDOWS\system32\urqPfGWq.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

I:\Documents and Settings\Adam\Bureau\Error Cleaner.url
I:\Documents and Settings\Adam\Bureau\Privacy Protector.url
I:\Documents and Settings\Adam\Bureau\Spyware&Malware Protection.url
I:\Documents and Settings\Adam\Favoris\Error Cleaner.url
I:\Documents and Settings\Adam\Favoris\Privacy Protector.url
I:\Documents and Settings\Adam\Favoris\Spyware&Malware Protection.url
I:\WINDOWS\pdoskegl.dll
I:\WINDOWS\privacy_danger
I:\WINDOWS\privacy_danger\images\capt.gif
I:\WINDOWS\privacy_danger\images\danger.jpg
I:\WINDOWS\privacy_danger\images\down.gif
I:\WINDOWS\privacy_danger\images\spacer.gif
I:\WINDOWS\privacy_danger\index.htm
I:\WINDOWS\qalkfxor.dll
I:\WINDOWS\rodqgpvltbp.dll
I:\WINDOWS\rqbmvpso.dll
I:\WINDOWS\rvoelbxt.exe
I:\WINDOWS\system32\onbcwlto.dll
I:\WINDOWS\system32\otlwcbno.ini
I:\WINDOWS\system32\qWGfPqru.ini
I:\WINDOWS\system32\qWGfPqru.ini2
I:\WINDOWS\system32\szbbhf.dll
I:\WINDOWS\system32\urqPfGWq.dll
I:\WINDOWS\system32\xaehlhhy.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-28 to 2008-08-29 ))))))))))))))))))))))))))))))))))))
.

2008-08-29 21:13 . 2008-08-29 21:42 <REP> d-------- I:\Program Files\ezt
2008-08-29 20:26 . 2008-08-29 20:26 268 --ah----- I:\sqmdata00.sqm
2008-08-29 20:26 . 2008-08-29 20:26 244 --ah----- I:\sqmnoopt00.sqm
2008-08-29 19:44 . 2008-08-29 19:44 <REP> d-------- I:\Program Files\Trend Micro
2008-08-29 19:26 . 2008-08-29 19:26 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Grisoft
2008-08-29 19:26 . 2008-08-29 19:26 <REP> d-------- I:\Documents and Settings\Adam\Application Data\Grisoft
2008-08-29 19:26 . 2007-05-30 14:10 10,872 --a------ I:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-08-29 18:33 . 2008-08-29 20:25 <REP> d--h----- I:\$AVG8.VAULT$
2008-08-29 18:10 . 2008-08-29 18:10 <REP> d-------- I:\Program Files\K-Lite Codec Pack
2008-08-29 17:26 . 2004-08-05 14:00 221,184 --a------ I:\WINDOWS\system32\wmpns.dll
2008-08-29 17:21 . 2008-08-29 17:21 <REP> d-------- I:\Program Files\LimeWire
2008-08-29 17:21 . 2008-08-29 18:09 <REP> d-------- I:\Documents and Settings\Adam\Application Data\LimeWire
2008-08-29 17:09 . 2008-08-29 17:09 <REP> d-------- I:\Documents and Settings\Adam\Contacts
2008-08-29 16:28 . 2008-08-29 16:33 <REP> d-------- I:\Program Files\Windows Live
2008-08-29 16:28 . 2008-08-29 16:33 <REP> d--hsc--- I:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-08-29 16:27 . 2008-08-29 16:27 <REP> d-------- I:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-29 16:26 . 2008-08-29 22:14 <REP> d-a------ I:\Documents and Settings\All Users\Application Data\TEMP
2008-08-29 16:21 . 2008-08-29 16:21 479,298 --a------ I:\WINDOWS\system32\wbocx.ocx
2008-08-29 16:21 . 2008-08-29 16:21 172,032 --a------ I:\WINDOWS\system32\AniGIF.ocx
2008-08-29 16:21 . 2008-08-29 16:21 50,688 --a------ I:\WINDOWS\system32\wbhelp2.dll
2008-08-29 16:15 . 2001-06-12 22:07 200,704 --a------ I:\WINDOWS\system32\dapres.dll
2008-08-29 16:12 . 2008-08-29 16:12 53,760 --a------ I:\WINDOWS\system32\zlib.dll
2008-08-29 15:12 . 2008-08-29 15:12 <REP> d-------- I:\WINDOWS\nvidia icons
2008-08-29 15:10 . 2008-08-29 15:10 <REP> d-------- I:\WINDOWS\nview
2008-08-29 15:06 . 2008-04-30 17:27 442,368 --a------ I:\WINDOWS\system32\NVUNINST.EXE
2008-08-29 14:46 . 2008-08-29 16:21 <REP> d-------- I:\Program Files\DAP
2008-08-29 14:46 . 2008-08-29 16:21 <REP> d-------- I:\Documents and Settings\All Users\Application Data\SpeedBit
2008-08-29 14:14 . 2008-08-29 14:14 <REP> d-------- I:\Program Files\AIDA32 - Personal System Information
2008-08-29 14:10 . 2008-08-29 14:10 <REP> d-------- I:\Program Files\SystemRequirementsLab
2008-08-29 14:10 . 2008-08-29 14:10 664 --a------ I:\WINDOWS\system32\d3d9caps.dat
2008-08-29 14:10 . 2008-08-29 14:10 552 --a------ I:\WINDOWS\system32\d3d8caps.dat
2008-08-29 14:02 . 2008-08-29 14:02 <REP> d-------- I:\WINDOWS\system32\Lang
2008-08-29 14:02 . 2008-08-29 14:02 940,794 --a------ I:\WINDOWS\system32\LoopyMusic.wav
2008-08-29 14:02 . 2008-08-29 14:02 146,650 --a------ I:\WINDOWS\system32\BuzzingBee.wav
2008-08-29 14:00 . 2008-08-29 15:11 <REP> d-------- I:\WINDOWS\system32\RTCOM
2008-08-29 14:00 . 2008-08-29 14:00 <REP> d-------- I:\Program Files\Fichiers communs\InstallShield
2008-08-29 13:57 . 2008-08-29 14:00 319,488 --a------ I:\WINDOWS\HideWin.exe
2008-08-29 13:55 . 2008-08-29 13:55 <REP> d-------- I:\Program Files\Lavalys
2008-08-28 21:21 . 2008-08-28 21:21 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Nokia
2008-08-28 21:20 . 2008-08-28 21:20 <REP> d-------- I:\Program Files\MSXML 6.0
2008-08-28 21:20 . 2008-02-01 16:17 138,112 --a------ I:\WINDOWS\system32\drivers\nmwcdnsu.sys
2008-08-28 21:20 . 2008-02-01 16:17 8,320 --a------ I:\WINDOWS\system32\drivers\nmwcdnsuc.sys
2008-08-28 21:07 . 2008-08-28 21:07 <REP> d-------- I:\Documents and Settings\All Users\Application Data\PC Suite
2008-08-28 21:07 . 2008-08-28 21:08 <REP> d-------- I:\Documents and Settings\Adam\Application Data\PC Suite
2008-08-28 21:07 . 2008-08-28 21:07 <REP> d-------- I:\Documents and Settings\Adam\Application Data\Nokia
2008-08-28 20:59 . 2008-08-28 20:59 <REP> d-------- I:\Program Files\PC Connectivity Solution
2008-08-28 20:59 . 2008-08-28 20:59 <REP> d-------- I:\Program Files\Fichiers communs\PCSuite
2008-08-28 20:59 . 2008-08-28 21:19 <REP> d-------- I:\Program Files\Fichiers communs\Nokia
2008-08-28 20:59 . 2008-08-28 20:59 <REP> d-------- I:\Program Files\DIFX
2008-08-28 20:59 . 2007-09-17 15:53 21,632 --a------ I:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-08-28 20:58 . 2008-08-29 16:34 <REP> d----c--- I:\WINDOWS\system32\DRVSTORE
2008-08-28 20:58 . 2008-08-28 21:19 <REP> d-------- I:\Program Files\Nokia
2008-08-28 20:58 . 2008-05-07 07:39 1,419,232 --a------ I:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-08-28 20:58 . 2008-05-07 07:38 659,968 --a------ I:\WINDOWS\system32\nmwcdcocls.dll
2008-08-28 20:58 . 2008-05-07 07:38 20,864 --a------ I:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-08-28 20:58 . 2008-05-07 07:38 17,536 --a------ I:\WINDOWS\system32\drivers\ccdcmb.sys
2008-08-28 20:58 . 2008-05-07 07:38 8,064 --a------ I:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-08-28 20:58 . 2008-06-06 09:24 8,064 --a------ I:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-08-28 20:57 . 2008-08-28 21:19 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Installations
2008-08-28 20:44 . 2006-08-29 16:56 32,377 --a------ I:\WINDOWS\system32\drivers\prodigy.sys
2008-08-28 20:43 . 2008-08-28 21:03 <REP> d-------- I:\Program Files\NSS
2008-08-28 20:42 . 2004-08-03 23:08 25,600 --a------ I:\WINDOWS\system32\drivers\usbser.sys
2008-08-28 20:42 . 2004-08-03 23:08 25,600 --a--c--- I:\WINDOWS\system32\dllcache\usbser.sys
2008-08-28 20:41 . 2008-08-28 20:41 0 --ah----- I:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-08-28 20:41 . 2008-08-28 20:41 0 --ah----- I:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-08-28 20:19 . 2008-08-28 20:19 <REP> d-------- I:\Program Files\Google
2008-08-28 20:19 . 2008-08-28 21:19 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-28 20:11 . 2008-08-28 20:11 <REP> d-------- I:\WINDOWS\system32\fr-fr
2008-08-28 20:09 . 2006-10-08 21:51 23,856 --a------ I:\WINDOWS\system32\spupdsvc.exe
2008-08-28 20:04 . 2008-08-28 20:04 13,752 --a------ I:\WINDOWS\system32\wpa.bak
2008-08-28 18:59 . 2008-08-29 13:49 <REP> d-------- I:\WINDOWS\system32\drivers\Avg
2008-08-28 18:59 . 2008-08-28 18:59 <REP> d-------- I:\Program Files\AVG
2008-08-28 18:59 . 2008-08-28 18:59 <REP> d-------- I:\Documents and Settings\All Users\Application Data\avg8
2008-08-28 18:59 . 2008-08-29 13:48 97,928 --a------ I:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-28 18:59 . 2008-08-28 18:59 76,040 --a------ I:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-28 18:59 . 2008-08-28 18:59 10,520 --a------ I:\WINDOWS\system32\avgrsstx.dll
2008-08-28 18:53 . 2008-08-28 18:53 <REP> d--hs---- I:\Documents and Settings\Adam\UserData
2008-08-28 18:47 . 2008-08-28 18:47 <REP> d-------- I:\WINDOWS\OPTIONS
2008-08-28 18:47 . 2008-08-29 14:00 <REP> d-------- I:\Program Files\Realtek
2008-08-28 18:47 . 2008-08-29 14:00 <REP> d--h----- I:\Program Files\InstallShield Installation Information
2008-08-28 18:47 . 2008-08-28 18:47 <REP> d-------- I:\Documents and Settings\Adam\Application Data\InstallShield
2008-08-28 18:47 . 2008-02-25 20:54 105,088 --a------ I:\WINDOWS\system32\drivers\Rtnicxp.sys
2008-08-28 18:47 . 2008-07-22 00:14 9,728 --a------ I:\WINDOWS\system32\RtNicProp32.dll
2008-08-28 18:03 . 2008-08-28 18:03 <REP> d---s---- I:\WINDOWS\system32\Microsoft
2008-08-28 18:03 . 2008-08-28 18:03 <REP> d--hs---- I:\Documents and Settings\LocalService
2008-08-28 18:03 . 2008-08-28 19:47 <REP> d--h----- I:\Documents and Settings\Adam\Voisinage r‚seau
2008-08-28 18:03 . 2008-08-28 19:47 <REP> d--h----- I:\Documents and Settings\Adam\Voisinage d'impression
2008-08-28 18:03 . 2008-08-28 17:56 <REP> d--h----- I:\Documents and Settings\Adam\ModŠles
2008-08-28 18:03 . 2008-08-29 22:15 <REP> dr------- I:\Documents and Settings\Adam\Mes documents
2008-08-28 18:03 . 2008-08-28 19:47 <REP> dr------- I:\Documents and Settings\Adam\Menu D‚marrer
2008-08-28 18:03 . 2008-08-29 22:16 <REP> dr------- I:\Documents and Settings\Adam\Favoris
2008-08-28 18:03 . 2008-08-29 22:18 <REP> d-------- I:\Documents and Settings\Adam\Bureau
2008-08-28 18:03 . 2008-08-29 17:09 <REP> d-------- I:\Documents and Settings\Adam
2008-08-28 18:02 . 2008-08-28 18:02 <REP> d--hs---- I:\Documents and Settings\NetworkService
2008-08-28 18:02 . 2008-08-28 18:02 8,192 --a------ I:\WINDOWS\REGLOCS.OLD
2008-08-28 18:01 . 2008-08-28 19:47 <REP> d--h----- I:\WINDOWS\system32\config\systemprofile\Voisinage r‚seau
2008-08-28 18:01 . 2008-08-28 19:47 <REP> d--h----- I:\WINDOWS\system32\config\systemprofile\Voisinage d'impression
2008-08-28 18:01 . 2008-08-28 17:56 <REP> d--h----- I:\WINDOWS\system32\config\systemprofile\ModŠles
2008-08-28 18:01 . 2008-08-28 19:47 <REP> d-------- I:\WINDOWS\system32\config\systemprofile\Mes documents
2008-08-28 18:01 . 2008-08-28 19:47 <REP> dr------- I:\WINDOWS\system32\config\systemprofile\Menu D‚marrer
2008-08-28 18:01 . 2008-08-28 19:47 <REP> d-------- I:\WINDOWS\system32\config\systemprofile\Favoris
2008-08-28 18:01 . 2008-08-28 19:47 <REP> d-------- I:\WINDOWS\system32\config\systemprofile\Bureau
2008-08-28 18:00 . 2008-08-28 18:00 <REP> d-------- I:\WINDOWS\system32\xircom
2008-08-28 18:00 . 2008-08-28 18:00 <REP> d-------- I:\Program Files\microsoft frontpage

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-29 12:48 --------- d-----w I:\Documents and Settings\Adam\Application Data\Azureus
2008-08-28 17:47 --------- d-----w I:\Documents and Settings\All Users\Application Data\Azureus
2008-08-28 17:45 --------- d-----w I:\Program Files\Vuze
2008-08-28 17:45 --------- d-----w I:\Program Files\Java
2008-08-28 17:44 --------- d-----w I:\Program Files\Fichiers communs\Java
2008-08-28 15:58 --------- d-----w I:\Program Files\Services en ligne
2008-08-06 15:12 4,755,968 ----a-w I:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-07-31 13:05 16,806,912 ----a-w I:\WINDOWS\RTHDCPL.exe
2008-07-29 13:42 528,384 ----a-w I:\WINDOWS\RtlExUpd.dll
2008-07-25 08:34 81,920 ----a-w I:\WINDOWS\system32\dpl100.dll
2008-07-25 08:34 683,520 ----a-w I:\WINDOWS\system32\divx.dll
2008-07-23 16:50 3,596,288 ----a-w I:\WINDOWS\system32\qt-dx331.dll
2008-07-16 18:51 2,041,363 ----a-w I:\WINDOWS\system32\x264vfw.dll
2008-07-15 13:20 69,632 ----a-w I:\WINDOWS\system32\ChCfg.exe
2008-07-15 11:47 1,196,032 ----a-w I:\WINDOWS\RtlUpd.exe
2008-06-23 16:28 826,368 ----a-w I:\WINDOWS\system32\wininet.dll
2008-06-19 14:42 2,808,832 ----a-w I:\WINDOWS\ALCWZRD.EXE
2008-06-19 14:27 9,715,200 ----a-w I:\WINDOWS\RTLCPL.EXE
2008-06-19 14:20 57,344 ----a-w I:\WINDOWS\ALCMTR.EXE
2008-06-18 16:01 77,824 ----a-w I:\WINDOWS\SOUNDMAN.EXE
2008-06-12 18:36 7,680 ----a-w I:\WINDOWS\system32\ff_vfw.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="I:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"swg"="I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-28 20:19 39408]
"Nokia.PCSync"="I:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 16:00 1249280]
"PC Suite Tray"="I:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 08:31 1124352]
"DownloadAccelerator"="I:\Program Files\DAP\DAP.EXE" [2008-08-29 16:21 3057152]
"MsnMsgr"="I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="I:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-29 13:48 1235736]
"SunJavaUpdateSched"="I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"NvCplDaemon"="I:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46 13529088]
"NvMediaCenter"="I:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 05:46 86016]
"!AVG Anti-Spyware"="I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"nwiz"="nwiz.exe" [2008-05-03 05:46 1630208 I:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 15:05 16806912 I:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="I:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll eyropc.dll szbbhf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"I:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"I:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"I:\\Program Files\\Vuze\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"I:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"I:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"I:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"I:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"I:\\Program Files\\DAP\\DAP.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;I:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-29 13:48]
R2 avg8emc;AVG Free8 E-mail Scanner;I:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 13:48]
R2 avg8wd;AVG Free8 WatchDog;I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 13:48]
R2 AvgTdiX;AVG Free8 Network Redirector;I:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-28 18:59]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;I:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 16:17]
S3 nmwcdnsuc;Nokia USB Flashing Generic;I:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 16:17]
S3 PRODIGY;PRODIGY;I:\WINDOWS\system32\Drivers\PRODIGY.SYS [2006-08-29 16:56]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{63271185-F8AC-4E37-85C8-5CCB942BC177} - (no file)
HKLM-Run-000000af - I:\WINDOWS\system32\onbcwlto.dll
SSODL-pdoskegl-{8E9514C1-6603-4A96-B328-05E3CFF3B46A} - I:\WINDOWS\pdoskegl.dll



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-29 22:18:54
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...


I:\WINDOWS\TEMP\ed12a690-d044-4f7d-a149-86e571fe34ae.tmp

Scan termin‚ avec succŠs
Les fichiers cach‚s: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\WINDOWS\system32\rundll32.exe
I:\WINDOWS\system32\rundll32.exe
I:\Program Files\PC Connectivity Solution\ServiceLayer.exe
I:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
I:\Program Files\AVG\AVG8\avgrsx.exe
I:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-29 22:19:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-29 20:19:47
ComboFix2.txt 2008-08-29 18:34:48

Pre-Run: 741,738,172,416 octets libres
Post-Run: 741,818,191,872 octets libres

260 --- E O F --- 2008-08-28 21:04:31
0
Réponse 8 / 26
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
29 août 2008 à 22:37
pour la suite

Télécharge malwarebytes
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Une aide pour l'installation
http://www.swl1f.net/viewtopic.php?f=14&t=68


=> Installe le
=> Ensuite va en mode sans echec


Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel


=> Lance malwarebytes
=> Coche "Executer un examen complet"
=> Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
=> Clique sur Supprimer la sélection
=> Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
=> Fait copier coller et poste le rapport

--------------------------

ensuite

* Télécharge CCleaner
https://filehippo.com/download_ccleaner/
=> Aide toi de ce tuto pour l'utiliser
http://www.swl1f.net/viewtopic.php?f=14&t=69

--------------------------

Ensuite refais un nouveau HijackThis

@+
0
Réponse 9 / 26
adamtheboss
29 août 2008 à 23:23
salut, merci, voici le rapport :

Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1096
Windows 5.1.2600 Service Pack 2

23:00:22 29/08/2008
mbam-log-08-29-2008 (23-00-22).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Eléments examinés: 48511
Temps écoulé: 8 minute(s), 25 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 26

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\qalkfxor.brsw (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qalkfxor.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
I:\QooBox\Quarantine\I\WINDOWS\eevk.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\QooBox\Quarantine\I\WINDOWS\system32\cbXoPfFY.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\QooBox\Quarantine\I\WINDOWS\system32\eyropc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\QooBox\Quarantine\I\WINDOWS\system32\ljJASjgG.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\QooBox\Quarantine\I\WINDOWS\system32\onbcwlto.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\QooBox\Quarantine\I\WINDOWS\system32\pfktpcmf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\QooBox\Quarantine\I\WINDOWS\system32\szbbhf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\QooBox\Quarantine\I\WINDOWS\system32\urqPfGWq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\QooBox\Quarantine\I\WINDOWS\system32\xaehlhhy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\QooBox\Quarantine\I\WINDOWS\system32\xnuagtkq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{8C3D1E43-E843-4835-AD58-A9CAC98302AD}\RP22\A0002910.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{8C3D1E43-E843-4835-AD58-A9CAC98302AD}\RP22\A0002911.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{8C3D1E43-E843-4835-AD58-A9CAC98302AD}\RP22\A0002912.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{8C3D1E43-E843-4835-AD58-A9CAC98302AD}\RP22\A0002913.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{8C3D1E43-E843-4835-AD58-A9CAC98302AD}\RP22\A0002914.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{8C3D1E43-E843-4835-AD58-A9CAC98302AD}\RP22\A0002915.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{8C3D1E43-E843-4835-AD58-A9CAC98302AD}\RP24\A0002992.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{8C3D1E43-E843-4835-AD58-A9CAC98302AD}\RP24\A0002994.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{8C3D1E43-E843-4835-AD58-A9CAC98302AD}\RP24\A0002995.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{8C3D1E43-E843-4835-AD58-A9CAC98302AD}\RP24\A0002996.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\Documents and Settings\NetworkService\Cookies\bumo.reg (Fake.Dropped.Malware) -> Delete on reboot.
I:\Documents and Settings\NetworkService\Cookies\jababug.inf (Fake.Dropped.Malware) -> Delete on reboot.
I:\Documents and Settings\NetworkService\Cookies\uwux.exe (Fake.Dropped.Malware) -> Delete on reboot.
I:\Documents and Settings\NetworkService\Cookies\jiceji._sy (Fake.Dropped.Malware) -> Delete on reboot.
I:\Documents and Settings\NetworkService\Cookies\esycire._dl (Fake.Dropped.Malware) -> Delete on reboot.
I:\Documents and Settings\NetworkService\Cookies\syssp.exe (Fake.Dropped.Malware) -> Delete on reboot.

Le rapport HiJackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:22, on 29/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\Explorer.EXE
I:\PROGRA~1\AVG\AVG8\avgtray.exe
I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
I:\WINDOWS\system32\RUNDLL32.EXE
I:\WINDOWS\RTHDCPL.EXE
I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
I:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
I:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
I:\Program Files\DAP\DAP.EXE
I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
I:\WINDOWS\system32\nvsvc32.exe
I:\PROGRA~1\AVG\AVG8\avgrsx.exe
I:\PROGRA~1\AVG\AVG8\avgemc.exe
I:\Program Files\PC Connectivity Solution\ServiceLayer.exe
I:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
I:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\WINDOWS\system32\wuauclt.exe
I:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
I:\WINDOWS\system32\NOTEPAD.EXE
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG8_TRAY] I:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "I:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "I:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [DownloadAccelerator] "I:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - I:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - I:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - I:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u7-windows-i586-jc.cab&AuthParam=1580978829_3fac487ff39b191ded7866fc4973d48d&ext=.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - I:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll eyropc.dll szbbhf.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - I:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - I:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - (no file)
0
Réponse 10 / 26
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
30 août 2008 à 09:34
Bonjour

Relance HijackThis et clique sur "Do a system scan only"
Ensuite recherche ces lignes et coches les cases

O20 - AppInit_DLLs: avgrsstx.dll eyropc.dll szbbhf.dll
O24 - Desktop Component 0: (no name) - (no file)

Une fois coché, ferme toutes les fenêtres et applications et clique sur "Fix checked"

Fait: Windows+e > Outils > Options des dossiers > Affichage > bouton radio "Afficher les fichiers et dossiers cachés"> décoche "Masquer les extensions de fichiers connus" > décoche "Masquer les fichiers protégés du Système" > Clique sur Appliquer à tous les dossiers > Appliquer et ok.

Ensuite fait: Démarrer > Rechercher > Des fichiers ou des dossiers...
recherche un par un ces fichiers et supprime-les.
szbbhf.dll
eyropc.dll

ensuite

fait un scan en ligne

avec bitdefender et colle le rapport

https://www.bitdefender.com/toolbox/

Scan à faire sous Internet Explorer

un tuto
http://pageperso.aol.fr/rginformatique/mapage/defender.htm

ensuite un nouveau rapport hijack stp
@+
0
Réponse 11 / 26
adamtheboss
30 août 2008 à 23:16
Salut, merci mais je suis allé dans mes documents, j'ai fait Outils > Options des dossiers > Affichage > Afficher les fichiers et dossiers cachés > décoche "Masquer les extensions de fichiers connus" > décoche "Masquer les fichiers protégés du Système" > Clique sur Appliquer à tous les dossiers > Appliquer et ok. Mais je ne trouve pas les 2 fichiers. Que dois-je faire ?
0
Réponse 12 / 26
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
30 août 2008 à 23:56
Télécharge OAD http://sosvirus.changelog.fr/OAD.exe
- Enregistre le sur ton bureau


Double clique sur le OAD pour le lancer

- nom de fichier à rechercher tape ou fais un copier coller de : szbbhf.dll
- Type de recherche : sélectionne l'option 6 puis valide [entree]

OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ai terminé.
Le rapport de recherche s'affichera automatiquement à dès qu'il en aura terminé.

- Fais un copier / coller de ce rapport dans ton prochain post.

fait de même pour eyropc.dll

@+
0
Réponse 13 / 26
adamtheboss
31 août 2008 à 12:12
Salut,

- Voici le rapport de OAD pour le fichier szbbhf.dll :

31/08/2008 ---- 12:03:21,35

----------------------------------
§§§§§§ [szbbhf.dll] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete


********************
[Registre]
********************


[HKEY_USERS\S-1-5-21-1482476501-1343024091-839522115-1003\Software\Microsoft\Search Assistant\ACMru\5603]
"001"="szbbhf.dll"

*******************
[Fichier]
*******************

Aucun fichier detecté


Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------


- Voici le rapport de OAD pour le fichier eyropc.dll :

31/08/2008 ---- 12:05:19,70

----------------------------------
§§§§§§ [eyropc.dll] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete


********************
[Registre]
********************


[HKEY_USERS\S-1-5-21-1482476501-1343024091-839522115-1003\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="eyropc.dll"

*******************
[Fichier]
*******************

Aucun fichier detecté


Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------


Pour le rapport Bitdefender je l'ai sauvegardé mais le fichier ne fait que 0 kb il n'y a rien dedans. Je me rappelle qu'il avait trouvé 2 trojans dans le registre et qu'il les avait supprimés (deleted).

- Rapport HiJackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:11, on 31/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
I:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\WINDOWS\system32\IoctlSvc.exe
I:\WINDOWS\system32\svchost.exe
I:\PROGRA~1\AVG\AVG8\avgrsx.exe
I:\PROGRA~1\AVG\AVG8\avgemc.exe
I:\PROGRA~1\AVG\AVG8\avgtray.exe
I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
I:\WINDOWS\system32\RUNDLL32.EXE
I:\WINDOWS\RTHDCPL.EXE
I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
I:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
I:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
I:\Program Files\DAP\DAP.EXE
I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
I:\Program Files\PC Connectivity Solution\ServiceLayer.exe
I:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
I:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
I:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
I:\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exe
I:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\WINDOWS\system32\notepad.exe
I:\WINDOWS\system32\notepad.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - I:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - I:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - I:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - I:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] I:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NeroFilterCheck] I:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "I:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "I:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "I:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [DownloadAccelerator] "I:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "I:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - I:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - I:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - I:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - I:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - I:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u7-windows-i586-jc.cab&AuthParam=1580978829_3fac487ff39b191ded7866fc4973d48d&ext=.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - I:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - I:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - I:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - I:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - I:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - I:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - (no file)
0
Réponse 14 / 26
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
31 août 2008 à 13:30
Bonjour

Ouvre le bloc-notes et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait) :

REGEDIT4

[HKEY_USERS\S-1-5-21-1482476501-1343024091-839522115-1003\So­ftware\Microsoft\Search Assistant\ACMru\5603]
"001"=-
[HKEY_USERS\S-1-5-21-1482476501-1343024091-839522115-1003\Software\Microsoft\Search Assistant\ACMru\5603]
"000"=-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}]



Puis "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"


quitte internet et double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"



ensuite

Télécharge ToolBar-S&D ( Merci à Eric_71, Angeldark, Sham_Rock et XmichouX )
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

* Double-clique sur ToolBar-SD afin de lancer l'installation, un raccourci sera ajouté sur le Bureau.
* Double-clique dessus pour démarrer l'outil; choisis la langue.
* Sous Vista, faire un clic droit et "Exécuter en tant qu'administrateur" (Elévation des privilèges), puis -> Continuer.
* Tape 2 puis sur la touche [Entrée] afin de lancer la suppression.
* Patiente jusqu'à la fin de la recherche.
* À la fin du scan, le rapport s'ouvrira dans le Bloc-notes.
* Poste ce rapport, par copier/coller, dans ta prochaine réponse.
* Le rapport se trouve également sous : C:\TB.txt

** Aide en images
https://sites.google.com/site/toolbarsd/aideenimages
0
Réponse 15 / 26
adamtheboss
31 août 2008 à 13:57
Merci voici le rapport :

-----------\\ ToolBar S&D 1.1.6 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.80GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Adam ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.0 (Activated)

"I:\ToolBar SD" ( MAJ : 30-08-2008|00:19 )
Option : [2] ( 31/08/2008|13:55 )

-----------\\ SUPPRESSION

Supprime! - I:\DOCUME~1\Adam\LOCALS~1\Temp\NERO14961\Toolbar.exe
Echec ! - I:\Program Files\AskTBar\bar
Echec ! - I:\Program Files\AskTBar\SrchAstt
Supprime! - I:\DOCUME~1\Adam\Cookies\adam@mysearch[1].txt
Echec ! - I:\Program Files\AskTBar

-----------\\ DEUXIEME PASSAGE

Echec ! - I:\Program Files\AskTBar\bar
Echec ! - I:\Program Files\AskTBar\SrchAstt
Echec ! - I:\Program Files\AskTBar

-----------\\ Recherche de Fichiers / Dossiers ...

I:\Program Files\AskTBar
I:\Program Files\AskTBar\bar
I:\Program Files\AskTBar\SrchAstt

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="I:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Url"="http://www.microsoft.com/athome/community/rss.xml"
"Url"="http://www.microsoft.com/atwork/community/rss.xml"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

I:\DOCUME~1\Adam\Mes documents\Azureus Downloads\Nero 8.3.2.1\Nero Crack [EtHiopiAn kiD].exe


-----------\\ Fin du rapport a 13:56:18,15
0
Réponse 16 / 26
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
31 août 2008 à 17:41
tu va travailler en mode sans échec et supprimer
I:\Program Files\AskTBar
regarde aussi dans ajout et suppression de programme
0
Réponse 17 / 26
adamtheboss
3 sept. 2008 à 19:58
Salut,
aujourd'hui j'ai voulu changé la lettre de mon disque dur (elle est en I: et j'ai voulu la rendre en C: ) j'ai suivi les indications suivantes :

" Regedit
Dans la colonne de gauche, localisez la clé HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices. Cliquez dessus avec le bouton droit et sélectionnez Autorisations dans le menu contextuel. Sélectionnez la ligne Administrateurs, vérifiez que les Administrateurs disposent bien d’un contrôle total, autorisez-le au besoin.
Dans la zone de droite, cliquez avec le bouton droit sur la clé “\DosDevices\C:” et sélectionnez Renommer, dans le menu contextuel.
Attribuez-lui une lettre d’unité disponible (“X”, par exemple), le nouveau nom de la clé étant donc “\DosDevices\X:”.
Modifiez ensuite le nom de la clé portant le nom d’unité du disque de démarrage (“\DosDevices\F:”, dans votre cas) et renommez-la en “\DosDevices\C:”.
Refermez la base de registre et redémarrez : votre disque dur de démarrage aura retrouvé sa place habituelle en “C”.

Mais malheureusement, lorsque j'ai redemmaré, l'ecran se bloque juste avant que s'affiche BIENVENUE. En faite au lieu de BIENVENUE, il est marqué Windows XP Professionnel.

J'ai essayé le mode sans echec , derniers parametres fonctionnels connus... rien à faire ça reste toujours bloqué au même endroit.

Y a-t-il une autre solution que de reinstaller Windows XP ?

Merci
0
Réponse 18 / 26
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
3 sept. 2008 à 20:01
Pourquoi ne pas suivre les instructions que je t'ai donné ?
0
Réponse 19 / 26
adamtheboss
3 sept. 2008 à 20:04
Non en faite le probleme du virus a été reglé mais juste que lorsque je travaille en invite de commande cela me gênais que le disque local soit noté en I: j'ai donc voulu le mettre en C: et j'ai suivi la procédure et puis voilà le blocage complet.
0
Réponse 20 / 26
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
3 sept. 2008 à 20:08
et bien non ton PC n'était pas complètement désinfecté !!!!!!!
http://www.commentcamarche.net/forum/affich 8155677 xp virus imbattable spywarealert a l#16
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
comment envoyer un virus ?
willva -
BeFaX -

1 réponse
Comment savoir si j'ai attrapé un virus sur mon téléphone ?
Infolock -
bell -

66 réponses
Virus Altruistic
Mael03250 -
MisteryBean -

11 réponses
je viens de recevoir une alerte aux virus sur mon iphone
Hugoboss23 -
zoulou33 -

6 réponses