[RESOLU]Se débarrasser de winantivirus 2006.

Dernière réponse : 22 Octobre 2006 17:47 dans Sécurité

ayen

21 Octobre 2006 13:04:06

bonjour à tous!

Voilà mon problème : mon pc est infecté par diverses spywares qui me proposent des scans gratuit ainsi que des logiciels pour "sois disant" nettoyer mon PC. Par exemple winantivirus pro 2006. J'ai déjà essayer plusieur logiciel anti-spyware (spybot et Ad-aware) pour m'en défaire mais ils reviennent à chaque fois

.
J'aimerais donc savoir si l'un d'entre vous aurait une solution pour m'aider à m'en défaire définitivement.

Merci d'avance pour votre aide.

Autres pages sur : resolu debarrasser winantivirus 2006

| Etre averti des réponses
| Alerter

Répondre à ayen

Lassé par la pub ? Créez un compte

Angeldark

21 Octobre 2006 13:32:48

Bonjour,

Fais bien TOUT ce qui suit.

- Télécharge Hijackthis de Merjin
- Mets le dans un dossier ou sur ton bureau
-- Clique Droit sur Hijackthis :
-> Choisis " Renommer "
-> Tape Scanner.exe puis valide

- Lance l'application
- Choisis l'option Do a system scan and save a logfile
-- Le Bloc-Notes s'ouvre :
-> Edition / Sélectionner Tout
-> Edition / Copier
- Colle le rapport ici.

Aide sur Hijackthis

| Alerter

Répondre à Angeldark

ayen

21 Octobre 2006 15:20:56

Bonjour;

merci pour ton aide.

J'ai fait ce que tu m'as dit de faire. Voilà le rapport :

Logfile of HijackThis v1.99.1
Scan saved at 17:22:00, on 21/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\DJSNETCN.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Castel\Mes documents\Ayen\Logiciels\rk-launcher_rk_launcher_0.4_francais_14854\RKLauncher.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Azureus\Azureus.exe
C:\Documents and Settings\Castel\Mes documents\Scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homep...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {59D5DFBC-147D-49B5-8596-0403E302A327} - C:\WINDOWS\java\classes\cacca.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.0 RC 16\RivaTuner.exe" /S
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\STARDOCK\WINCUS~1\BOOTSKIN\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Automation
O4 - HKLM\..\Run: [BHR4.1] C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.1\BHR4.1.exe
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Fichiers communs\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Nphb] "C:\WINDOWS\ECURIT~1\wuauboot.exe" -vt yax
O4 - HKCU\..\Run: [Qmuh] C:\Program Files\W?nSxS\m?hta.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\pando.exe" /Automation
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: RK Launcher.lnk = ?
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.cg14.fr/sig/mg60ctrl_windows_activex_ie.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\userinit.dll,wbsys.dll
O20 - Winlogon Notify: cacca - C:\WINDOWS\java\classes\cacca.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wincqt32 - wincqt32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\Program Files\CachemanXP\CachemanXP.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\DJSNETCN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

Encore merci!

| Alerter

Répondre à ayen

Angeldark

21 Octobre 2006 15:24:57

Re,

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

Double-clique VundoFix.exe afin de le lancer

Clique sur le bouton Scan for Vundo

Lorsque le scan est complété, clique sur le bouton Remove Vundo

Une invite te demandera si tu veux supprimer les fichiers, clique YES

Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers

Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK

Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

| Alerter

Répondre à Angeldark

ayen

21 Octobre 2006 17:58:01

Merci encore.

Voilà le rapport Hijackthis! :

Logfile of HijackThis v1.99.1
Scan saved at 19:51:20, on 21/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CachemanXP\CachemanXP.exe
C:\Program Files\Fichiers communs\Symantec Shared\DJSNETCN.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Castel\Mes documents\Ayen\Logiciels\rk-launcher_rk_launcher_0.4_francais_14854\RKLauncher.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Castel\Mes documents\Scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homep...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {56C7E756-EA78-42B3-9216-4EC9226B5B9D} - C:\WINDOWS\java\classes\cacca.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.0 RC 16\RivaTuner.exe" /S
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\STARDOCK\WINCUS~1\BOOTSKIN\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Automation
O4 - HKLM\..\Run: [BHR4.1] C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.1\BHR4.1.exe
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Fichiers communs\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Nphb] "C:\WINDOWS\ECURIT~1\wuauboot.exe" -vt yax
O4 - HKCU\..\Run: [Qmuh] C:\Program Files\W?nSxS\m?hta.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\pando.exe" /Automation
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: RK Launcher.lnk = ?
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.cg14.fr/sig/mg60ctrl_windows_activex_ie.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\userinit.dll,wbsys.dll
O20 - Winlogon Notify: cacca - C:\WINDOWS\java\classes\cacca.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wincqt32 - wincqt32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\Program Files\CachemanXP\CachemanXP.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\DJSNETCN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

Et voici celui de Vundofix:

Java version is 1.5.0.6

Scan started at 19:31:21 21/10/2006

Listing files found while scanning....

C:\WINDOWS\system32\ntyhptsi.dll
C:\WINDOWS\system32\lqwtvjpu.exe
C:\WINDOWS\system32\dianwsbc.exe
C:\WINDOWS\system32\wxqlwfyw.exe
C:\WINDOWS\system32\btgoqtcw.exe
C:\WINDOWS\system32\bwsnkvxu.exe
C:\WINDOWS\system32\tywjefug.exe
C:\WINDOWS\system32\uhdkyxpg.exe
C:\WINDOWS\system32\qvsjhafb.exe
C:\WINDOWS\system32\cywrefdp.exe
C:\WINDOWS\system32\qgmocetf.exe
C:\WINDOWS\java\classes\cacca.dll
C:\WINDOWS\java\classes\accac.ini
C:\WINDOWS\java\classes\accac.bak1
C:\WINDOWS\java\classes\accac.bak2
C:\WINDOWS\java\classes\accac.ini2
C:\WINDOWS\java\classes\accac.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ntyhptsi.dll
C:\WINDOWS\system32\ntyhptsi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lqwtvjpu.exe
C:\WINDOWS\system32\lqwtvjpu.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\dianwsbc.exe
C:\WINDOWS\system32\dianwsbc.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\wxqlwfyw.exe
C:\WINDOWS\system32\wxqlwfyw.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\btgoqtcw.exe
C:\WINDOWS\system32\btgoqtcw.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\bwsnkvxu.exe
C:\WINDOWS\system32\bwsnkvxu.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\tywjefug.exe
C:\WINDOWS\system32\tywjefug.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\uhdkyxpg.exe
C:\WINDOWS\system32\uhdkyxpg.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\qvsjhafb.exe
C:\WINDOWS\system32\qvsjhafb.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\cywrefdp.exe
C:\WINDOWS\system32\cywrefdp.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\qgmocetf.exe
C:\WINDOWS\system32\qgmocetf.exe Has been deleted!

Attempting to delete C:\WINDOWS\java\classes\cacca.dll
C:\WINDOWS\java\classes\cacca.dll Could not be deleted.

Attempting to delete C:\WINDOWS\java\classes\accac.ini
C:\WINDOWS\java\classes\accac.ini Has been deleted!

Attempting to delete C:\WINDOWS\java\classes\accac.bak1
C:\WINDOWS\java\classes\accac.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\java\classes\accac.bak2
C:\WINDOWS\java\classes\accac.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\java\classes\accac.ini2
C:\WINDOWS\java\classes\accac.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\java\classes\accac.tmp
C:\WINDOWS\java\classes\accac.tmp Has been deleted!

Performing Repairs to the registry.
Done!

voilà merci encore de ton aide.

| Alerter

Répondre à ayen

Angeldark

21 Octobre 2006 20:17:48

Re,

Télécharge combofix.exe (par sUBs) sur ton Bureau

Double clique combofix.exe.

Tape sur la touche Y (Yes) pour démarrer le scan.

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt
+ rapport Hijackthis

| Alerter

Répondre à Angeldark

ayen

22 Octobre 2006 09:52:41

Voilà le rapport combofix:

Castel - 06-10-22 11:47:49,29 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Castel\Bureau"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\components
C:\Program Files\Fichiers communs\{320D180E-0B6E-1036-0921-050317200021}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\WINDOWS\MANTEC~1
C:\QooBox\Purity\WINDOWS\ECURIT~1
C:\QooBox\Purity\WINDOWS\APPATC~1
C:\QooBox\Purity\WINDOWS\system32\RACLE~1
C:\QooBox\Purity\WINDOWS\ECURIT~1\ECURIT~1
C:\QooBox\Purity\Program Files\ASKS~1
C:\QooBox\Purity\Program Files\SMBOLS~1
C:\QooBox\Purity\Program Files\SCURIT~1

((((((((((((((((((((((((((((((( Files Created from 2006-09-22 to 2006-10-22 ))))))))))))))))))))))))))))))))))

2006-10-17 12:58 12,288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-14 13:26 77,824 --a------ C:\WINDOWS\system32\mplaw7.dll
2006-10-14 13:26 77,824 --a------ C:\WINDOWS\system32\mplaa6.dll
2006-10-14 13:26 761,856 --a------ C:\WINDOWS\system32\xvidcore.dll
2006-10-14 13:26 65,536 --a------ C:\WINDOWS\system32\mplapx.dll
2006-10-14 13:26 65,536 --a------ C:\WINDOWS\system32\mplam6.dll
2006-10-14 13:26 1,650,688 --a------ C:\WINDOWS\system32\mplva6.dll
2006-10-14 13:26 1,581,056 --a------ C:\WINDOWS\system32\mplvw7.dll
2006-10-14 13:26 1,552,384 --a------ C:\WINDOWS\system32\mplvm6.dll
2006-10-14 13:26 1,122,304 --a------ C:\WINDOWS\system32\mplvpx.dll
2006-10-04 20:15 36,864 --a------ C:\WINDOWS\system32\wbsys.dll
2006-10-04 20:15 20,480 --a------ C:\WINDOWS\system32\wbload.dll
2006-10-04 20:09 245,408 --a------ C:\WINDOWS\system32\unicows.dll
2006-09-30 17:17 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2006-09-30 17:17 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-10-17 13:01 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-14 13:26 -------- d-------- C:\Program Files\ACE Mega CoDecS Pack
2006-10-14 13:18 -------- d-------- C:\Program Files\Movie Player
2006-10-07 17:15 -------- d-------- C:\Program Files\PhotoFiltre
2006-10-02 21:06 -------- d-------- C:\Program Files\Aardvark Digital
2006-10-02 16:23 -------- d-------- C:\Program Files\Eidos
2006-10-01 18:01 -------- d-------- C:\Documents and Settings\Castel\Application Data\Skype
2006-09-29 21:06 -------- d-------- C:\Documents and Settings\Castel\Application Data\DivX
2006-09-29 18:06 -------- d-------- C:\Program Files\DivX Player Pro
2006-09-23 12:21 -------- d-------- C:\Program Files\Microsoft R‚f‚rence
2006-09-20 17:27 163712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
2006-09-19 20:57 -------- d-------- C:\Program Files\LitexMedia
2006-09-16 19:16 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-16 19:16 -------- d-------- C:\Documents and Settings\Castel\Application Data\Mozilla
2006-09-13 07:03 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-06 17:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-09-04 16:01 -------- d-------- C:\Program Files\Stardock
2006-09-03 13:44 13312 --a------ C:\WINDOWS\system32\svrapi.dll
2006-08-31 11:36 -------- d-------- C:\Program Files\Cenega
2006-08-28 13:06 -------- d-------- C:\Program Files\Ripp-it_AM
2006-08-28 12:28 -------- d-------- C:\Program Files\Avi2Dvd
2006-08-26 14:53 -------- d-------- C:\Program Files\GBA Media
2006-08-25 17:51 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 15:53 131072 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltMc.exe
2006-08-16 13:59 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-11 21:45 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
2006-08-11 21:45 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-08-11 21:45 5611520 --a------ C:\WINDOWS\system32\nvdisps.dll
2006-08-11 21:45 5251072 --a------ C:\WINDOWS\system32\nvdispsr.dll
2006-08-11 21:45 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2006-08-11 21:45 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-08-11 21:45 3039232 --a------ C:\WINDOWS\system32\nvgames.dll
2006-08-11 21:45 2953216 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2006-08-11 21:45 2928640 --a------ C:\WINDOWS\system32\nvgamesr.dll
2006-08-11 21:45 2904064 --a------ C:\WINDOWS\system32\nvvitvs.dll
2006-08-11 21:45 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2006-08-11 21:45 266240 --a------ C:\WINDOWS\system32\nvrsesm.dll
2006-08-11 21:45 258048 --a------ C:\WINDOWS\system32\nvrsko.dll
2006-08-11 21:45 249856 --a------ C:\WINDOWS\system32\nvrssl.dll
2006-08-11 21:45 249856 --a------ C:\WINDOWS\system32\nvrssk.dll
2006-08-11 21:45 249856 --a------ C:\WINDOWS\system32\nvrshu.dll
2006-08-11 21:45 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-08-11 21:45 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2006-08-11 21:45 1732608 --a------ C:\WINDOWS\system32\nvwssr.dll
2006-08-11 21:45 1236992 --a------ C:\WINDOWS\system32\nvwss.dll
2006-08-11 21:44 323584 --a------ C:\WINDOWS\system32\nvrshe.dll
2006-08-11 21:44 323584 --a------ C:\WINDOWS\system32\nvrsar.dll
2006-08-11 21:44 274432 --a------ C:\WINDOWS\system32\nvrses.dll
2006-08-11 21:44 274432 --a------ C:\WINDOWS\system32\nvrsel.dll
2006-08-11 21:44 266240 --a------ C:\WINDOWS\system32\nvrspt.dll
2006-08-11 21:44 262144 --a------ C:\WINDOWS\system32\nvrsja.dll
2006-08-11 21:44 249856 --a------ C:\WINDOWS\system32\nvrstr.dll
2006-08-11 21:44 249856 --a------ C:\WINDOWS\system32\nvrspl.dll
2006-08-11 21:44 249856 --a------ C:\WINDOWS\system32\nvrsno.dll
2006-08-11 21:44 241664 --a------ C:\WINDOWS\system32\nvrscs.dll
2006-08-11 21:44 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-08-11 21:43 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-08-11 21:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-08-11 21:43 794624 --a------ C:\WINDOWS\system32\nvcplui.exe
2006-08-11 21:43 7630848 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-08-11 21:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-08-11 21:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-08-11 21:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-08-11 21:43 335872 --a------ C:\WINDOWS\system32\nvwrses.dll
2006-08-11 21:43 335872 --a------ C:\WINDOWS\system32\nvwrsel.dll
2006-08-11 21:43 327680 --a------ C:\WINDOWS\system32\nvwrsfr.dll
2006-08-11 21:43 327680 --a------ C:\WINDOWS\system32\nvwrsesm.dll
2006-08-11 21:43 323584 --a------ C:\WINDOWS\system32\nvwrspt.dll
2006-08-11 21:43 323584 --a------ C:\WINDOWS\system32\nvwrsit.dll
2006-08-11 21:43 319488 --a------ C:\WINDOWS\system32\nvwrsptb.dll
2006-08-11 21:43 319488 --a------ C:\WINDOWS\system32\nvwrsnl.dll
2006-08-11 21:43 315392 --a------ C:\WINDOWS\system32\nvwrsru.dll
2006-08-11 21:43 315392 --a------ C:\WINDOWS\system32\nvwrshu.dll
2006-08-11 21:43 311296 --a------ C:\WINDOWS\system32\nvwrsde.dll
2006-08-11 21:43 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
2006-08-11 21:43 303104 --a------ C:\WINDOWS\system32\nvwrstr.dll
2006-08-11 21:43 303104 --a------ C:\WINDOWS\system32\nvwrssl.dll
2006-08-11 21:43 303104 --a------ C:\WINDOWS\system32\nvwrsfi.dll
2006-08-11 21:43 299008 --a------ C:\WINDOWS\system32\nvwrssk.dll
2006-08-11 21:43 299008 --a------ C:\WINDOWS\system32\nvwrsno.dll
2006-08-11 21:43 294912 --a------ C:\WINDOWS\system32\nvwrssv.dll
2006-08-11 21:43 294912 --a------ C:\WINDOWS\system32\nvwrspl.dll
2006-08-11 21:43 294912 --a------ C:\WINDOWS\system32\nvwrsda.dll
2006-08-11 21:43 286720 --a------ C:\WINDOWS\system32\nvwrseng.dll
2006-08-11 21:43 286720 --a------ C:\WINDOWS\system32\nvwrscs.dll
2006-08-11 21:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-08-11 21:43 282624 --a------ C:\WINDOWS\system32\nvwrsar.dll
2006-08-11 21:43 278528 --a------ C:\WINDOWS\system32\nvwrshe.dll
2006-08-11 21:43 278528 --a------ C:\WINDOWS\system32\nvrsfr.dll
2006-08-11 21:43 274432 --a------ C:\WINDOWS\system32\nvrsit.dll
2006-08-11 21:43 270336 --a------ C:\WINDOWS\system32\nvrsde.dll
2006-08-11 21:43 266240 --a------ C:\WINDOWS\system32\nvrsnl.dll
2006-08-11 21:43 262144 --a------ C:\WINDOWS\system32\nvrsru.dll
2006-08-11 21:43 262144 --a------ C:\WINDOWS\system32\nvrsptb.dll
2006-08-11 21:43 245760 --a------ C:\WINDOWS\system32\nvrssv.dll
2006-08-11 21:43 245760 --a------ C:\WINDOWS\system32\nvrsda.dll
2006-08-11 21:43 241664 --a------ C:\WINDOWS\system32\nvrsfi.dll
2006-08-11 21:43 241664 --a------ C:\WINDOWS\system32\nvrseng.dll
2006-08-11 21:43 221184 --a------ C:\WINDOWS\system32\nvrszhc.dll
2006-08-11 21:43 212992 --a------ C:\WINDOWS\system32\nvwrsja.dll
2006-08-11 21:43 196608 --a------ C:\WINDOWS\system32\nvwrsko.dll
2006-08-11 21:43 196608 --a------ C:\WINDOWS\system32\nvapi.dll
2006-08-11 21:43 167936 --a------ C:\WINDOWS\system32\nvwrszht.dll
2006-08-11 21:43 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-08-11 21:43 163840 --a------ C:\WINDOWS\system32\nvwrszhc.dll
2006-08-11 21:43 1519616 --a------ C:\WINDOWS\system32\nwiz.exe
2006-08-11 21:43 1470464 --a------ C:\WINDOWS\system32\nview.dll
2006-08-11 21:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-08-11 21:43 122880 --a------ C:\WINDOWS\system32\nvrszht.dll
2006-08-11 21:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-08-11 21:43 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll
2006-08-11 21:42 5636096 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-08-11 21:42 4496128 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-08-11 21:42 155715 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-08-04 20:01 2 --a------ C:\WINDOWS\system32\wnsapisv.exe
2006-08-02 18:44 81920 --a------ C:\WINDOWS\system32\userinit.dll
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-27 15:26 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-26 16:31 39424 --a------ C:\WINDOWS\YAXUninst.exe

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\""
"Nphb"="\"C:\\WINDOWS\\ECURIT~1\\wuauboot.exe\" -vt yax"
"Qmuh"="C:\\Program Files\\W?nSxS\\m?hta.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Pando"="\"C:\\Program Files\\Pando Networks\\Pando\\pando.exe\" /Automation"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RivaTunerStartupDaemon"="\"C:\\Program Files\\RivaTuner v2.0 RC 16\\RivaTuner.exe\" /S"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
@=""
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"BootSkin Startup Jobs"="\"C:\\PROGRA~1\\STARDOCK\\WINCUS~1\\BOOTSKIN\\BootSkin.exe\" /StartupJobs"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"Pando"="\"C:\\Program Files\\Pando Networks\\Pando\\Pando.exe\" /Automation"
"BHR4.1"="C:\\Program Files\\Zamaan's Software\\Browser Hijack Retaliator 4.1\\BHR4.1.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"DJSNetCN"="C:\\Program Files\\Fichiers communs\\Symantec Shared\\DJSNETCN.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,ea,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,ea,03,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoSMBalloonTip"=dword:00000001
"NoActiveDesktop"=hex:01,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkbMonitor.exe.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\NkbMonitor.exe.lnk"
"backup"="C:\\WINDOWS\\pss\\NkbMonitor.exe.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Nikon\\PICTUR~1\\NKBMON~1.EXE "
"item"="NkbMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Castel^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
"path"="C:\\Documents and Settings\\Castel\\Menu Démarrer\\Programmes\\Démarrage\\OpenOffice.org 2.0.lnk"
"backup"="C:\\WINDOWS\\pss\\OpenOffice.org 2.0.lnkStartup"
"location"="Startup"
"command"="C:\\Program Files\\OpenOffice.org 2.0\\program\\quickstart.exe "
"item"="OpenOffice.org 2.0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Castel^Menu Démarrer^Programmes^Démarrage^Yahoo! Widget Engine.lnk]
"path"="C:\\Documents and Settings\\Castel\\Menu Démarrer\\Programmes\\Démarrage\\Yahoo! Widget Engine.lnk"
"backup"="C:\\WINDOWS\\pss\\Yahoo! Widget Engine.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Pixoria\\KONFAB~1\\YAHOOW~1.EXE "
"item"="Yahoo! Widget Engine"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TrayIcon"
"hkey"="HKLM"
"command"="C:\\Program Files\\AGEIA Technologies\\TrayIcon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AGRSMMSG"
"hkey"="HKLM"
"command"="AGRSMMSG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ALCMTR"
"hkey"="HKLM"
"command"="ALCMTR.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Fichiers communs\\Ahead\\lib\\NMBgMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DAP"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\DAP\\DAP.EXE\" /STARTUP"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Monitor"
"hkey"="HKLM"
"command"="C:\\Program Files\\Acer\\eRecovery\\Monitor.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FreeRAM XP Pro"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\YourWare Solutions\\FreeRAM XP Pro\\FreeRAM XP Pro.exe\" -win"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WCESCOMM"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HDAShCut"
"hkey"="HKLM"
"command"="HDAShCut.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IMJPMIG"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Alaunch"
"hkey"="HKLM"
"command"="Alaunch"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISStart"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogiTray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ImScInst"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ntiMUI"
"hkey"="HKLM"
"command"="c:\\Program Files\\NewTech Infosystems\\NTI CD & DVD-Maker 7\\ntiMUI.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RunDLL32"
"hkey"="HKLM"
"command"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Pando"
"hkey"="HKLM"
"command"="C:\\Program Files\\Pando Networks\\Pando\\Pando.exe /Automation"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TINTSETP"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TINTSETP"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RivaTuner"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\RivaTuner v2.0 RC 16\\RivaTuner.exe\" /S"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RTHDCPL"
"hkey"="HKLM"
"command"="RTHDCPL.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SIDEBAR]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dsidebar"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Desktop Sidebar\\dsidebar.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="C:\\Program Files\\Valve\\Steam\\Steam.exe -silent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cacca
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wincqt32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Effectuer une analyse complŠte du systŠme - Castel.job

Completion time: 06-10-22 11:52:22.25
C:\ComboFix.txt ... 06-10-22 11:52

Et voilà le nouveau rapport hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 11:54:42, on 22/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CachemanXP\CachemanXP.exe
C:\Program Files\Fichiers communs\Symantec Shared\DJSNETCN.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Castel\Mes documents\Ayen\Logiciels\rk-launcher_rk_launcher_0.4_francais_14854\RKLauncher.exe
C:\Documents and Settings\Castel\Mes documents\Scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homep...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {BE2F41DB-6350-465D-BDDA-B6CEE761311A} - C:\WINDOWS\java\classes\cacca.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.0 RC 16\RivaTuner.exe" /S
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\STARDOCK\WINCUS~1\BOOTSKIN\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Automation
O4 - HKLM\..\Run: [BHR4.1] C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.1\BHR4.1.exe
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Fichiers communs\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Nphb] "C:\WINDOWS\ECURIT~1\wuauboot.exe" -vt yax
O4 - HKCU\..\Run: [Qmuh] C:\Program Files\W?nSxS\m?hta.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\pando.exe" /Automation
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: RK Launcher.lnk = ?
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.cg14.fr/sig/mg60ctrl_windows_activex_ie.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\userinit.dll,wbsys.dll
O20 - Winlogon Notify: cacca - C:\WINDOWS\java\classes\cacca.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wincqt32 - wincqt32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\Program Files\CachemanXP\CachemanXP.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\DJSNETCN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

Merci.

| Alerter

Répondre à ayen

Angeldark

22 Octobre 2006 10:23:38

Re,

Les manipulations sont à faire sans interruption et dans l'ordre
Si tu ne comprends pas quelque chose, demande des explications avant de commencer.

Enregistre cette page pour avoir accès à la procédure en mode sans échec :
- Fichier
- Enregistrer Sous...
- Nom du fichier : Procédure
- Type : Page Web, complète
- Pour l'emplacement, chosis ton Bureau
- Clique maintenant sur Enregistrer

Télécharge:

Ccleaner
Installe le dans un répertoire dédié.
Lors de l'installation décoche: "Ajouter la Barre d'Outils Yahoo! Ccleaner"
Aide sur Ccleaner de Rub_Mic

AVG Anti-Spyware (AVG AS)
Une fois AVG AS lancé, clique sur "Mise à jour"
Ferme le programme.

Clean.zip (de Malekal),
décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.

Redémarre en mode sans échec

Ferme TOUS les fenêtres ouvertes (sauf Hijackthis)
et les logiciels de protection en temps réel (antivirus...)

- Lance Hijackthis ->Do a system scan only
->Coche les lignes ci-dessous :

O4 - HKCU\..\Run: [Nphb] "C:\WINDOWS\ECURIT~1\wuauboot.exe" -vt yax
O4 - HKCU\..\Run: [Qmuh] C:\Program Files\W?nSxS\m?hta.exe
O4 - Startup: RK Launcher.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yaz [...] refid=1123
O20 - Winlogon Notify: wincqt32 - wincqt32.dll (file missing)

Clique sur Fix checked (en bas à gauche)

- Assure toi d'avoir accès aux dossiers/fichiers cachés
-> Démarrer
-> Panneau de configuration
-> Options des Dossiers, onglet Affichage :
. Clique sur Afficher les dossiers cachés
. Décoche Masquer les extensions des fichiers dont le type est connu
. Décoche Masquer les fichiers protégés du système d'exploitation

- Suppime ces fichiers et/ou dossiers s'ils existent encore :

C:\WINDOWS\ECURIT~1\ LE NOM DU DOSSIER COMMENCE PAR "ECURIT"
C:\Program Files\W?nSxS\ ?-> CARACTERE ALEATOIRE

- Lance un nettoyage Ccleaner :
Clique sur le bouton "Analyse" puis "Lancer le Néttoyage"

- Relance AVG AS puis choisis l'onglet "Analyse"
Puis l'onglet "Paramètres
Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

/!\ Si un fichier est infecté détécté en fin d'analyse /!\
Clique sur "Appliquer toutes les actions "
Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau.

- Ouvre le dossier clean qui se trouve sur ton bureau, et double-clic sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laisse la ouverte.

Redémarre normalement.

- Ouvre le rapport d'AVG AS puis copie/colle son contenu ici.

- Poste un nouveau rapport Hijackthis.

- Le rapport clean : Poste de travail / double clic sur disque C / double-clic sur rapport_clean.txt et copier/coller le contenu ici C:\rapport_clean.txt

Va sur le site de VirusTotal
Clique sur Parcourir... puis ouvre:

C:\WINDOWS\system32\userinit.dll

Clique ensuite sur Send
Poste le rapport en fin d'analyse.

Si tu vois ce message:
" Your file " ***.*** " is queued in position: ***. Estimated start time is between *** and *** minutes. "
Il te faudra patienter.

| Alerter

Répondre à Angeldark

ayen

22 Octobre 2006 16:03:31

Re,

voilà le rapport de d'AVG AS:

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 17:38:01 22/10/2006

+ Résultat de l'analyse:

C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP314\A0088065.exe -> Adware.DriveCleaner : Nettoyé et sauvegardé (mise en quarantaine).
HKU\S-1-5-21-2458734681-3247627942-2695051177-1006\Software\Prodiff\rmxnavigator\shopping\\sh163 -> Adware.Locators : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\YAXUninst.exe -> Adware.MediaTickets : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP199\A0070014.DLL -> Adware.PurityScan : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP199\snapshot\MFEX-1.DAT -> Adware.PurityScan : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP203\A0073559.exe -> Adware.PurityScan : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP215\A0075032.dll -> Adware.PurityScan : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\userinit.dll -> Adware.PurityScan : Nettoyé et sauvegardé (mise en quarantaine).
[1856] C:\WINDOWS\system32\userinit.dll -> Adware.PurityScan : Nettoyé et sauvegardé (mise en quarantaine).
[300] C:\WINDOWS\system32\userinit.dll -> Adware.PurityScan : Nettoyé et sauvegardé (mise en quarantaine).
[352] C:\WINDOWS\system32\userinit.dll -> Adware.PurityScan : Nettoyé et sauvegardé (mise en quarantaine).
[364] C:\WINDOWS\system32\userinit.dll -> Adware.PurityScan : Nettoyé et sauvegardé (mise en quarantaine).
[516] C:\WINDOWS\system32\userinit.dll -> Adware.PurityScan : Nettoyé et sauvegardé (mise en quarantaine).
[564] C:\WINDOWS\system32\userinit.dll -> Adware.PurityScan : Nettoyé et sauvegardé (mise en quarantaine).
[608] C:\WINDOWS\system32\userinit.dll -> Adware.PurityScan : Nettoyé et sauvegardé (mise en quarantaine).
[932] C:\WINDOWS\system32\userinit.dll -> Adware.PurityScan : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP299\A0086082.dll -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP198\A0069955.exe -> Downloader.Zlob.aau : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP198\A0069974.exe -> Downloader.Zlob.aau : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP198\A0070000.exe -> Downloader.Zlob.aau : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP199\A0070182.exe -> Downloader.Zlob.aau : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP199\A0070192.exe -> Downloader.Zlob.aau : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP199\A0071190.exe -> Downloader.Zlob.aau : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP199\A0072191.exe -> Downloader.Zlob.aau : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP199\A0073191.exe -> Downloader.Zlob.aau : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP199\A0073206.exe -> Downloader.Zlob.aau : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP200\A0073220.exe -> Downloader.Zlob.aau : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP200\A0073272.exe -> Downloader.Zlob.aau : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP201\A0073287.exe -> Downloader.Zlob.aau : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP202\A0073346.exe -> Downloader.Zlob.aau : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP202\A0073394.exe -> Downloader.Zlob.aau : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP203\A0073557.exe -> Downloader.Zlob.aau : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP203\A0073814.exe -> Downloader.Zlob.aau : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP204\A0073863.exe -> Downloader.Zlob.aau : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP204\A0073900.EXE -> Downloader.Zlob.aau : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP218\A0075262.exe -> Downloader.Zlob.aau : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP207\A0074346.exe -> Dropper.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP298\A0083880.dll -> Logger.VBStat.e : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP303\A0086501.dll -> Logger.VBStat.e : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP303\A0086502.dll -> Logger.VBStat.e : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\UWAS6V_0001_N68M1103NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP320\A0089729.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP326\A0092159.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\cywrefdp.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.i : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.10\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.11\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.12\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.13\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.14\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.15\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.16\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.8\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.9\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\UWAS6V_0001_N91M2208NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP326\A0092151.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP326\A0092152.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP326\A0092153.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP326\A0092154.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP326\A0092155.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP326\A0092156.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP326\A0092157.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP326\A0092160.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\btgoqtcw.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\bwsnkvxu.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\dianwsbc.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\lqwtvjpu.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\qgmocetf.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\tywjefug.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\uhdkyxpg.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\wxqlwfyw.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.r : Nettoyé et sauvegardé (mise en quarantaine).
:mozilla.364:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.365:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.160:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.161:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.778:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.804:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.166:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.167:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.170:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.171:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.172:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.590:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.137:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.138:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.139:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.140:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.141:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.126:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.129:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.52:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.53:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.54:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.55:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.296:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.813:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Bestoffersnetworks : Nettoyé.
:mozilla.814:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Bestoffersnetworks : Nettoyé.
:mozilla.815:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Bestoffersnetworks : Nettoyé.
:mozilla.816:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Bestoffersnetworks : Nettoyé.
:mozilla.117:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.388:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.389:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.392:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.393:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.394:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.430:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Clickhype : Nettoyé.
:mozilla.435:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Clickhype : Nettoyé.
:mozilla.556:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Com : Nettoyé.
:mozilla.557:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Com : Nettoyé.
:mozilla.105:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.109:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.110:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.111:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.473:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Coremetrics : Nettoyé.
:mozilla.151:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.207:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.178:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.179:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.180:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.181:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.182:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.183:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.184:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.185:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.186:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.194:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.366:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.367:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.368:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.369:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.385:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.386:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.387:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.390:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.391:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.568:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.572:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.573:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.665:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.199:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.200:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.201:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.543:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.727:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.728:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.729:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.730:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.456:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Masterstats : Nettoyé.
:mozilla.124:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.867:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Myaffiliateprogram : Nettoyé.
:mozilla.395:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Planetactive : Nettoyé.
:mozilla.361:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Questionmarket : Nettoyé.
:mozilla.362:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Questionmarket : Nettoyé.
:mozilla.363:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Questionmarket : Nettoyé.
:mozilla.322:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.323:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.324:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.325:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.326:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.327:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.328:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.329:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.330:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.331:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.332:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.333:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.334:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.335:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.336:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.337:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.338:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.431:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Revenue : Nettoyé.
:mozilla.434:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Revenue : Nettoyé.
:mozilla.277:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.278:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.279:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.280:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.281:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.282:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.118:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.119:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.120:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.121:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.122:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.610:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Spylog : Nettoyé.
:mozilla.341:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.342:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.343:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.344:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.346:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.231:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.232:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.233:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.234:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.756:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Tribalfusion : Nettoyé.
:mozilla.162:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Valueclick : Nettoyé.
:mozilla.163:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Valueclick : Nettoyé.
:mozilla.16:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.17:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.18:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.19:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.20:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.529:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Webtrendslive : Nettoyé.
:mozilla.609:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Yadro : Nettoyé.
:mozilla.613:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Yadro : Nettoyé.
:mozilla.255:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.256:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.257:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.259:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.260:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.261:C:\Documents and Settings\Castel\Application Data\Mozilla\Firefox\Profiles\zbg6bmne.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP235\A0077251.exe -> Trojan.Agent.ny : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP237\A0077313.exe -> Trojan.Agent.ny : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP242\A0077665.exe -> Trojan.Agent.ny : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP242\A0077698.exe -> Trojan.Agent.ny : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP261\A0079296.exe -> Trojan.Agent.ny : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP262\A0079358.exe -> Trojan.Agent.ny : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP266\A0080651.exe -> Trojan.Agent.ny : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP268\A0081019.exe -> Trojan.Agent.ny : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP270\A0081161.exe -> Trojan.Agent.ny : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP301\A0086442.DLL -> Trojan.BHO.g : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP213\A0074821.DLL -> Trojan.Mezzia : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E27BA98E-2CFC-424E-BDA2-9BF88577901F}\RP326\A0092158.exe -> Trojan.Small.ju : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\qvsjhafb.exe.bad -> Trojan.Small.ju : Nettoyé et sauvegardé (mise en quarantaine).

Fin du rapport

Celui de Hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 17:47:37, on 22/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CachemanXP\CachemanXP.exe
C:\Program Files\Fichiers communs\Symantec Shared\DJSNETCN.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Castel\Mes documents\Ayen\Logiciels\rk-launcher_rk_launcher_0.4_francais_14854\RKLauncher.exe
C:\Documents and Settings\Castel\Mes documents\Scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homep...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E1FA9D77-F9B7-496E-B849-314B4316959B} - C:\WINDOWS\java\classes\cacca.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.0 RC 16\RivaTuner.exe" /S
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\STARDOCK\WINCUS~1\BOOTSKIN\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Automation
O4 - HKLM\..\Run: [BHR4.1] C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.1\BHR4.1.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Fichiers communs\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Nphb] "C:\WINDOWS\ECURIT~1\wuauboot.exe" -vt yax
O4 - HKCU\..\Run: [Qmuh] C:\Program Files\W?nSxS\m?hta.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\pando.exe" /Automation
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.cg14.fr/sig/mg60ctrl_windows_activex_ie.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\userinit.dll,wbsys.dll
O20 - Winlogon Notify: cacca - C:\WINDOWS\java\classes\cacca.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\Program Files\CachemanXP\CachemanXP.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\DJSNETCN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

Le rapport de clean :

Script clean par Malekal_morte - http://www.malekal.com

Microsoft Windows XP [version 5.1.2600]
Script execute en mode sans echec

*** Suppression de fichiers sur C:
C:\UNWISE.EXE FOUND

*** Suppression des fichiers dans C:\WINDOWS\

*** Suppression des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\mcrh.tmp FOUND
C:\WINDOWS\system32\SpoonUninstall.exe FOUND
C:\WINDOWS\system32\wnsapisv.exe FOUND
"C:\WINDOWS\Downloaded Program Files\CONFLICT.1" FOUND
"C:\WINDOWS\Downloaded Program Files\CONFLICT.2" FOUND
"C:\WINDOWS\Downloaded Program Files\CONFLICT.3" FOUND
"C:\WINDOWS\Downloaded Program Files\CONFLICT.4" FOUND
"C:\WINDOWS\Downloaded Program Files\CONFLICT.5" FOUND
"C:\WINDOWS\Downloaded Program Files\CONFLICT.6" FOUND
"C:\WINDOWS\Downloaded Program Files\CONFLICT.7" FOUND
"C:\WINDOWS\Downloaded Program Files\CONFLICT.8" FOUND
"C:\WINDOWS\Downloaded Program Files\CONFLICT.9" FOUND
"C:\WINDOWS\Downloaded Program Files\CONFLICT.10" FOUND
"C:\WINDOWS\Downloaded Program Files\CONFLICT.11" FOUND
"C:\WINDOWS\Downloaded Program Files\CONFLICT.12" FOUND
"C:\WINDOWS\Downloaded Program Files\CONFLICT.13" FOUND
"C:\WINDOWS\Downloaded Program Files\CONFLICT.14" FOUND
"C:\WINDOWS\Downloaded Program Files\CONFLICT.15" FOUND

Par contre pour virustotal je n'arrive pas à obtenir un rapport. Je choisis mon fichier je clique sur Send et rien de plus ne se passe.
Alors je ne sais pas d'où peut venir ce problème. J'attends ta réponse.

Merci.

| Alerter

Répondre à ayen

Angeldark

22 Octobre 2006 16:11:58

Re,

On va s'occuper de Vundo et de PurityScan.

1/ Télécharge The Avenger par Swandog46 sur votre Bureau.
Clique sur Avenger.zip pour ouvrir le fichier
Extrais avenger.exe sur ton bureau

2/ Copier tout le texte en rouge ci-dessous : mettre en surbrillance et appuyer sur les touches (Ctrl+C) :

Citation :

Files to delete:
C:\WINDOWS\system32\userinit.dll
C:\WINDOWS\java\classes\cacca.dll
C:\WINDOWS\java\classes\accac.ini
C:\WINDOWS\java\classes\accac.bak
C:\WINDOWS\java\classes\accac.bak1
C:\WINDOWS\java\classes\accac.bak2
C:\WINDOWS\java\classes\accac.ini2
C:\WINDOWS\java\classes\accac.tmp

Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.
si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.

3/ Maintenant, lance The Avenger en cliquant sur son icône du bureau.
Sous "Script file to execute" choisis "Input Script Manually".
Puis clique sur l'icône en forme de loupe qui va ouvrir une nouvelle fenêtre "View/edit script"
Dans cette fenêtre, colle le texte précedemment copié sur le bureau par les touches (Ctrl+V).
Clique sur Done
Ensuite clique sur l'icône en forme de Feu Vert pour démarrer l'exécution du script
Répondre "Yes" deux fois quand demandé.

4/ The Avenger va automatiquement faire ce qui suit :
Il va redémarrer le système. ( Dans les cas où le script contient un/des "Drivers to Unload", The Avenger redémarrera votre système 2 fois)
Pendant le redémarrage, il apparaitra brièvement une fenêtre de commande de Windows noire sur votre bureau, ceci est NORMAL.
Après le redémarrage, il crée un fichier log qui s'ouvrira, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt
The Avenger aura également sauvegardé tous les fichiers, etc., que vous lui avez demandé de supprimer, les aura compactés (zipped) et tranféré l'archive zip ici : C:\avenger\backup.zip.

5/ Pour finir copie/colle le contenu du ficher c:\avenger.txt dans votre réponse avec un nouveau rapport HijackThis

| Alerter

Répondre à Angeldark

ayen

22 Octobre 2006 16:38:08

re,

voilà le roppert d' avenger:

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Error: could not create zip file.
Error code: 0

//////////////////////////////////////////

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\aejejtfg

*******************

Script file located at: \??\C:\WINDOWS\qvsxrwsr.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\userinit.dll not found!
Deletion of file C:\WINDOWS\system32\userinit.dll failed!

Could not process line:
C:\WINDOWS\system32\userinit.dll
Status: 0xc0000034

File C:\WINDOWS\java\classes\cacca.dll deleted successfully.
File C:\WINDOWS\java\classes\accac.ini deleted successfully.

File C:\WINDOWS\java\classes\accac.bak not found!
Deletion of file C:\WINDOWS\java\classes\accac.bak failed!

Could not process line:
C:\WINDOWS\java\classes\accac.bak
Status: 0xc0000034

File C:\WINDOWS\java\classes\accac.bak1 not found!
Deletion of file C:\WINDOWS\java\classes\accac.bak1 failed!

Could not process line:
C:\WINDOWS\java\classes\accac.bak1
Status: 0xc0000034

File C:\WINDOWS\java\classes\accac.bak2 not found!
Deletion of file C:\WINDOWS\java\classes\accac.bak2 failed!

Could not process line:
C:\WINDOWS\java\classes\accac.bak2
Status: 0xc0000034

File C:\WINDOWS\java\classes\accac.ini2 not found!
Deletion of file C:\WINDOWS\java\classes\accac.ini2 failed!

Could not process line:
C:\WINDOWS\java\classes\accac.ini2
Status: 0xc0000034

File C:\WINDOWS\java\classes\accac.tmp not found!
Deletion of file C:\WINDOWS\java\classes\accac.tmp failed!

Could not process line:
C:\WINDOWS\java\classes\accac.tmp
Status: 0xc0000034

Completed script processing.

*******************

Finished! Terminate.

Et pour finir le rapport Hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 18:39:59, on 22/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CachemanXP\CachemanXP.exe
C:\Program Files\Fichiers communs\Symantec Shared\DJSNETCN.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.1\BHR4.1.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Castel\Mes documents\Scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homep...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A1AD52BE-560F-438F-A472-3912B402411B} - C:\WINDOWS\java\classes\cacca.dll (file missing)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.0 RC 16\RivaTuner.exe" /S
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\STARDOCK\WINCUS~1\BOOTSKIN\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Automation
O4 - HKLM\..\Run: [BHR4.1] C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.1\BHR4.1.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Fichiers communs\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Nphb] "C:\WINDOWS\ECURIT~1\wuauboot.exe" -vt yax
O4 - HKCU\..\Run: [Qmuh] C:\Program Files\W?nSxS\m?hta.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\pando.exe" /Automation
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.cg14.fr/sig/mg60ctrl_windows_activex_ie.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\userinit.dll,wbsys.dll
O20 - Winlogon Notify: cacca - C:\WINDOWS\java\classes\cacca.dll (file missing)
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\Program Files\CachemanXP\CachemanXP.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\DJSNETCN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

J'attends ta réponse.
Merci.

| Alerter

Répondre à ayen

Angeldark

22 Octobre 2006 16:46:03

Ca a marché !

- Lance Hijackthis ->Do a system scan only
->Coche les lignes ci-dessous :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.c [...] _homepage/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Li [...] SUB_CLCID}
O2 - BHO: (no name) - {A1AD52BE-560F-438F-A472-3912B402411B} - C:\WINDOWS\java\classes\cacca.dll (file missing)
O4 - HKCU\..\Run: [Nphb] "C:\WINDOWS\ECURIT~1\wuauboot.exe" -vt yax
O4 - HKCU\..\Run: [Qmuh] C:\Program Files\W?nSxS\m?hta.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\userinit.dll,wbsys.dll
O20 - Winlogon Notify: cacca - C:\WINDOWS\java\classes\cacca.dll (file missing)

Clique sur Fix checked (en bas à gauche)

Supprime si tu as :
C:\WINDOWS\ECURIT~1\ NOM DE DOSSIER COMMENCANT PAR "ECURIT"
C:\Program Files\W?nSxS\ ?=CARACTERE ALEATOIRE

Reposte un rapport Hijackthis.

| Alerter

Répondre à Angeldark

ayen

22 Octobre 2006 17:04:54

voilà le rapport hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 19:08:53, on 22/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CachemanXP\CachemanXP.exe
C:\Program Files\Fichiers communs\Symantec Shared\DJSNETCN.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Castel\Mes documents\Ayen\Logiciels\rk-launcher_rk_launcher_0.4_francais_14854\RKLauncher.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Castel\Mes documents\Scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homep...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.0 RC 16\RivaTuner.exe" /S
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\STARDOCK\WINCUS~1\BOOTSKIN\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Automation
O4 - HKLM\..\Run: [BHR4.1] C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.1\BHR4.1.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Fichiers communs\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\pando.exe" /Automation
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: RK Launcher.lnk = ?
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.cg14.fr/sig/mg60ctrl_windows_activex_ie.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\Program Files\CachemanXP\CachemanXP.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\DJSNETCN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

J'attends ta réponse....

| Alerter

Répondre à ayen

Angeldark

22 Octobre 2006 17:42:47

C'est bon

| Alerter

Répondre à Angeldark

ayen

22 Octobre 2006 17:45:44

super!!

Je te remercie pour l'aide que tu m'as apporté!

| Alerter

Répondre à ayen

Angeldark

22 Octobre 2006 17:47:01

Dénonce ton infection (Vundo/PurityScan) pour faire condamner les auteurs, ça serait sympa.
Crée un message pour faire avancer les choses sur Malware-Complaints, nous devons être le plus nombreux possibles, alors rends compte de ton infection.
AIDE : Comment rapporter son infection sur Malware-Complaints ?

Consulte cette page pour éviter que ces problèmes ne réapparaissent pas.

:hello:

| Alerter

Répondre à Angeldark

Lassé par la pub ? Créez un compte

Créer un nouveau sujet

Contenus similaires :

Tom's guide dans le monde