[Résolu] Infection de type Vundo
Forum Sécurité - Virus : [Résolu] Infection de type Vundo
Bonjour !
Cela fait quelques temps que je cohabite avec un malware sur mon PC...
Les symptômes sont un ralentissement des performances du PC, des pop-ups intempestives pour des logiciels de sécurité (WinAntiVirus Pro 2006 et Error Safe notamment). Il y a eu un problème de pages IE qui s'ouvraient une cinquantaine de fois, reglé par la MAJ IE7.
J'ai déjà lu plusieurs forums, ce qui m'a amené à penser qu'il s'agit de Vundo, j'ai même essayé Vundofix mais sans résultat.
Mon log Hijackthis me parait clean et je viens de faire tourner F-Secure Blacklight qui ne m'a rien trouvé.
J'ai cru comprendre que cette infection est assez spécifique du PC infecté...
Un petit coup de main ne serait pas de refus pour faire le ménage ^__^
Merci d'avance 
Message édité par Arieseb le 22-11-2006 à 19:54:54
Bonjour,
On va voir s'il est clean.
Répondre à Angeldark
Logfile of HijackThis v1.99.1
Scan saved at 14:43:47, on 22/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\TheTurtle\TheTurtle.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [TheTurtle] C:\Program Files\TheTurtle\TheTurtle.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 3732221812
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Voilà le log, n'étant pas un spécialiste, il y a bien un truc qui a dû m'échapper 
Message édité par Arieseb le 22-11-2006 à 14:47:22
Re,
-- Clique Droit sur Hijackthis :
-> Choisis "Renommer"
-> Tape Scanner.exe puis valide.
- Lance l'application
- Choisis l'option "Do a system scan and save a logfile"
-- Le Bloc-Notes s'ouvre :
-> Edition / Sélectionner Tout
-> Edition / Copier
- Colle le rapport ici.
Aide sur Hijackthis
Répondre à Angeldark
Logfile of HijackThis v1.99.1
Scan saved at 14:53:41, on 22/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\TheTurtle\TheTurtle.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HiJackThis\Scanner.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {B4B3994D-E118-4A93-83CA-7115E96756DD} - C:\WINDOWS\system32\oobe\actsetup\ewbawve.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [TheTurtle] C:\Program Files\TheTurtle\TheTurtle.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 3732221812
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O20 - Winlogon Notify: ewbawve - C:\WINDOWS\system32\oobe\actsetup\ewbawve.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Vraiment bizarre ton Vundo.
Poste le rapport situé ici : C:\Vundofix.txt
- Télécharge combofix.exe (par sUBs) sur ton Bureau
- Double clique combofix.exe.
- Tape sur la touche Y (Yes) pour démarrer le scan.
- Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Répondre à Angeldark
Voici le rapport de Combofix :
"Compaq_Propri‚taire - 06-11-22 14:58:48,51 Service Pack 2
ComboFix 06.11.22 - Running from: "C:\Documents and Settings\Compaq_Propri‚taire\Bureau""
A l'écran il met qu'il a trouvé un "SurfSideKick" et qu'il ne trouve pas le chemin...
Pour le log de Vundofix, j'ai dû le mettre à la corbeille (je l'ai fait la semaine dernière).
Message édité par Arieseb le 22-11-2006 à 15:05:57
Ok.
Supprime ta version de Vundofix.
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
- Double-clique VundoFix.exe afin de le lancer
- Clique sur le bouton Scan for Vundo
- Lorsque le scan est complété, clique sur le bouton Remove Vundo
- Une invite te demandera si tu veux supprimer les fichiers, clique YES
- Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
- Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
- Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
Répondre à Angeldark
Voilà le rapport de Vundofix :
"
VundoFix V6.2.11
Checking Java version...
Java version is 1.4.2.3
Java version is 1.5.0.6
Scan started at 15:11:40 06-11-22
Listing files found while scanning....
C:\WINDOWS\system32\oobe\actsetup\evwabwe.ini
C:\WINDOWS\system32\oobe\actsetup\evwabwe.bak1
C:\WINDOWS\system32\oobe\actsetup\evwabwe.bak2
Beginning removal...
Attempting to delete C:\WINDOWS\system32\oobe\actsetup\ewbawve.dll
C:\WINDOWS\system32\oobe\actsetup\ewbawve.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\oobe\actsetup\evwabwe.ini
C:\WINDOWS\system32\oobe\actsetup\evwabwe.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\oobe\actsetup\evwabwe.bak1
C:\WINDOWS\system32\oobe\actsetup\evwabwe.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\oobe\actsetup\evwabwe.bak2
C:\WINDOWS\system32\oobe\actsetup\evwabwe.bak2 Has been deleted!
Performing Repairs to the registry.
Done!"
Et le rapport HijackThis! (rennomé en Scanner.exe) :
"Logfile of HijackThis v1.99.1
Scan saved at 15:19, on 06-11-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\TheTurtle\TheTurtle.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HiJackThis\Scanner.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A1080C01-1F5D-4C3C-9645-C73236DB4B35} - (no file)
O2 - BHO: (no name) - {B4B3994D-E118-4A93-83CA-7115E96756DD} - C:\WINDOWS\system32\oobe\actsetup\ewbawve.dll (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [TheTurtle] C:\Program Files\TheTurtle\TheTurtle.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 3732221812
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O20 - Winlogon Notify: pmnnl - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe"
Retente le scan Combofix maintenant.
Répondre à Angeldark
Voilà le rapport :
"Compaq_Propri‚taire - 06-11-22 15:00:57.29 Service Pack 2
ComboFix - Running from: "
Il me dit toujours "SurfSideKick found !!!" puis "Le chemin d'accès spécifié est introuvable" et il termine par "Combofix will now exit and return in no more than 10 seconds".
Sauf qu'il ne se réouvre pas.
Re,
Désinstalle Ewido.
- Télécharge puis installe CounterSpy.
- Une fois installé et l'assistant de configuration executé, démarre CounterSpy afin d'effectuer une mise à jour.
Redémarre en mode sans échec
- Clique sur le bouton "Scan Now" à gauche et laisse le scan se faire.
- A l'issu du scan, tous les éléments trouvés seront positionnés sur Quarantine
- Clique sur le bouton en bas à gauche "Take Action" pour envoyer tous les éléments détectés en quarantaine.
- Clique sur "View Details, copie/colle le contenu de la fenêtre dans un fichier texte, sauvegarde le sous le nom de LogCS.
- Redémarre l'ordinateur normalement.
- Copie/colle un nouveau rapport HiJackThis et le rapport CounterSpy.
AIDE : Tuto de Malekal
Répondre à Angeldark
Rapport de CounterSpy :
"Spyware Scan Details
Start Date: 06-11-22 16:01:12
End Date: 06-11-22 16:42:59
Total Time: 41 mins 47 secs
Detected spyware
Messenger Plus! Adware Bundler more information...
Details: Messenger Plus! is a add-on for MSN Messenger. Messenger Plus! installs an OPTIONAL adware called C2Media which is also known as LOP.com.
Status: Ignored
Infected files detected
c:\program files\messenger plus! live\detoured.dll
c:\program files\messenger plus! live\events style sheet.xsl
c:\program files\messenger plus! live\lame_enc.dll
c:\program files\messenger plus! live\libsndfile.dll
c:\program files\messenger plus! live\log viewer.exe
c:\program files\messenger plus! live\mpscripts.dll
c:\program files\messenger plus! live\mptools.exe
c:\program files\messenger plus! live\msgpluslive.dll
c:\program files\messenger plus! live\msgplusliveres.dll
c:\program files\messenger plus! live\uninstall.exe
c:\program files\messenger plus! live\languages\lng_arabic.ini
c:\program files\messenger plus! live\languages\lng_catalan.ini
c:\program files\messenger plus! live\languages\lng_chinesesimplified.ini
c:\program files\messenger plus! live\languages\lng_chinesetraditional.ini
c:\program files\messenger plus! live\languages\lng_danish.ini
c:\program files\messenger plus! live\languages\lng_default.ini
c:\program files\messenger plus! live\languages\lng_dutch.ini
c:\program files\messenger plus! live\languages\lng_estonian.ini
c:\program files\messenger plus! live\languages\lng_finnish.ini
c:\program files\messenger plus! live\languages\lng_french.ini
c:\program files\messenger plus! live\languages\lng_german.ini
c:\program files\messenger plus! live\languages\lng_hungarian.ini
c:\program files\messenger plus! live\languages\lng_italian.ini
c:\program files\messenger plus! live\languages\lng_japanese.ini
c:\program files\messenger plus! live\languages\lng_korean.ini
c:\program files\messenger plus! live\languages\lng_norwegian.ini
c:\program files\messenger plus! live\languages\lng_portuguese.ini
c:\program files\messenger plus! live\languages\lng_spanish.ini
c:\program files\messenger plus! live\languages\lng_swedish.ini
c:\program files\messenger plus! live\languages\lng_thai.ini
Infected registry entries detected
HKEY_CLASSES_ROOT\MsgPlus.Encrypted
HKEY_CLASSES_ROOT\MsgPlus.Encrypted\DefaultIcon C:\Program Files\Messenger Plus! Live\Log Viewer.exe,1
HKEY_CLASSES_ROOT\MsgPlus.Encrypted\shell\open\command "C:\Program Files\Messenger Plus! Live\Log Viewer.exe" /ViewLog="%1"
HKEY_CLASSES_ROOT\MsgPlus.Encrypted Encrypted Log File
HKEY_LOCAL_MACHINE\Software\Patchou
HKEY_LOCAL_MACHINE\Software\Patchou\Messenger Plus! Live AppDir C:\Program Files\Messenger Plus! Live
HKEY_LOCAL_MACHINE\Software\Patchou\Messenger Plus! Live LangDir C:\Program Files\Messenger Plus! Live\Languages
HKEY_LOCAL_MACHINE\Software\Patchou\Messenger Plus! Live InterfacesDir C:\Program Files\Messenger Plus! Live\Interface
HKEY_LOCAL_MACHINE\Software\Patchou\Messenger Plus! Live ScriptsDir C:\Program Files\Messenger Plus! Live\Scripts
HKEY_LOCAL_MACHINE\Software\Patchou\Messenger Plus! Live ResourcesDll MsgPlusLiveRes.dll
HKEY_LOCAL_MACHINE\Software\Patchou\Messenger Plus! Live WorkerDll MsgPlusLive.dll
HKEY_LOCAL_MACHINE\Software\Patchou\Messenger Plus! Live FirstInstallTime
HKEY_LOCAL_MACHINE\Software\Patchou\Messenger Plus! Live SoftwareBuild 4250
HKEY_LOCAL_MACHINE\Software\Patchou\Messenger Plus! Live DefaultLangFile Lng_French.ini
HKEY_CURRENT_USER\SOFTWARE\Patchou
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\BEyotExIggzW Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\BEyotExIggzW LastSeenOnline
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\BEyotExIggzW LastChat
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\DZHWfTYwzXEx Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\DZHWfTYwzXEx LastSeenOnline
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\DZHWfTYwzXEx LastChat
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\EbFYxZRVGzRQ Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\EbFYxZRVGzRQ LastSeenOnline
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\EbFYxZRVGzRQ LastChat
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\EgpXVEvZWobA Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\EgpXVEvZWobA LastSeenOnline
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\EkfZLKynAvHH Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\EzWjLWrNBDQx Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\FIabXRMhEtKs LastSeenOnline
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\FIabXRMhEtKs Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\FJRVNJAdFXIx LastSeenOnline
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\FJRVNJAdFXIx Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\FJRVNJAdFXIx LastChat
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\FJYaklBGjOgr LastSeenOnline
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\FJYaklBGjOgr Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\FMwdIkfVDHEo LastSeenOnline
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\FMwdIkfVDHEo Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\FMwdIkfVDHEo LastChat
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\HXLUsvKowszA Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\HXLUsvKowszA LastSeenOnline
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\HXLUsvKowszA LastChat
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\IdHLCjTZEezG LastSeenOnline
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\IdHLCjTZEezG Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\IdHLCjTZEezG LastChat
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\IgnSgvPWzLHT Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\IgnSgvPWzLHT LastSeenOnline
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\IgnSgvPWzLHT LastChat
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\JBQejBVKxMoj Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\JBQejBVKxMoj LastSeenOnline
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\JBQejBVKxMoj LastChat
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\JIebCjRRFEuc Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\JRXFEtFTGorG LastSeenOnline
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\JRXFEtFTGorG Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\JRXFEtFTGorG LastChat
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\JYqdElXYxQom Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\JYqdElXYxQom LastSeenOnline
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\KrVJUrPFJYec Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\KrVJUrPFJYec LastSeenOnline
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\LUlGpLXVMzLV Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\LUlGpLXVMzLV LastSeenOnline
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\MkslVRPZQpNS Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\MskpMvHZYfLY Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\MueuezIxZDAb Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\OumkolDUsejS Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\OumkolDUsejS LastSeenOnline
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\PJSmbEnVTUmw LastSeenOnline
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\PJSmbEnVTUmw Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\PJSmbEnVTUmw LastChat
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\PJWhIwxWlJSn LastSeenOnline
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\PJWhIwxWlJSn Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\RFDQbCgtSsjU LastSeenOnline
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\RFDQbCgtSsjU Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\RFDQbCgtSsjU LastChat
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\SkjHFDWnYobA Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\SkjHFDWnYobA LastSeenOnline
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\UlJRVAhGgubV LastSeenOnline
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\UlJRVAhGgubV Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\UlJRVAhGgubV LastChat
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\UobDVHDBZEut Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\WgpMpTWsqrIj Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\WkzAvBWwjEme Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\XNDBQhSjNTSv Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\XNDBQhSjNTSv LastSeenOnline
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\ZUjJOabPJKwi Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Contacts\ZUjJOabPJKwi LastSeenOnline
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\CustSounds\11B05876C173 Name groovy
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\CustSounds\11B05876C173 Category 4
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\CustSounds\11B05876C173 Flags 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\CustSounds\11B05876C173 Language 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\CustSounds\11B05876C173 LastUse
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\CustSounds\11B05876C173 NeedsLoading 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\CustSounds\1A887C8804F4 Name ta gueule
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\CustSounds\1A887C8804F4 Category 4
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\CustSounds\1A887C8804F4 Flags 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\CustSounds\1A887C8804F4 Language 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\CustSounds\1A887C8804F4 LastUse
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\CustSounds\1A887C8804F4 NeedsLoading 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\CustSounds\35BCE5745C57 Name mordre
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\CustSounds\35BCE5745C57 Category 4
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\CustSounds\35BCE5745C57 Flags 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\CustSounds\35BCE5745C57 Language 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\CustSounds\35BCE5745C57 LastUse
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\CustSounds\35BCE5745C57 NeedsLoading 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\CustSounds\3622D8999410 Name glace
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\CustSounds\3622D8999410 Category 4
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\CustSounds\3622D8999410 Flags 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\CustSounds\3622D8999410 Language 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\CustSounds\3622D8999410 LastUse
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\CustSounds\3622D8999410 NeedsLoading 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\CustSounds\7BB5E749F405 Name hitman the cobra
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\CustSounds\7BB5E749F405 Category 4
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\CustSounds\7BB5E749F405 Flags 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\CustSounds\7BB5E749F405 Language 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\CustSounds\7BB5E749F405 LastUse
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\CustSounds\7BB5E749F405 NeedsLoading 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\CustSounds\95874441019F Name chaussette
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\CustSounds\95874441019F Category 4
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\CustSounds\95874441019F Flags 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\CustSounds\95874441019F Language 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\CustSounds\95874441019F LastUse
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\CustSounds\95874441019F NeedsLoading 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\CustSounds\A3A0F93E671B Name hamlet
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\CustSounds\A3A0F93E671B Category 4
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\CustSounds\A3A0F93E671B Flags 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\CustSounds\A3A0F93E671B Language 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\CustSounds\A3A0F93E671B LastUse
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\CustSounds\A3A0F93E671B NeedsLoading 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences OldPlusChecked 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences PrefMigration 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences ContactWatchTime
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences FirstStart 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences NotifyAutoUpdate 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences TabChatAuto 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences SoundsAutoPlay 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences AutoAcceptDefault 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences LockEnableShortcut 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences EventViewerMaximised 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences EventViewerPos
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences EventViewerLastShow
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences ShowEventViewer 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences ContactListCleanupFirstTime 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences EnablePreferencesLock 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences ContactListTranspLevel 100
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences PopMailUpdateSystem 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences PopMailShowNotif 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences PopMailCheckDelay 5
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences SoundsAutoDownload 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences SoundsAutoShowNew 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences SoundsPlayBuiltIn 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences SoundsAutoPlayWhenBusy 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences SoundsAutoPlayWhenMedia 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences SoundsPrivateDB 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences SoundsSoundByColumn 5
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences LockHideTooltip 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences LockEnableSendLockMessage 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences LockEnableStatusChange 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences LockChangeIcon 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences LockClickNeedsCtrl 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences LockAskPwd 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences LockEnableSendUnlockMessage 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences LockUnlockIsDblClk 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences LockShortcut 544
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences LockUnlockShortcut 800
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences LockStatusChange 10
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences LockSendLockMessage
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences LockSendUnlockMessage
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences MessengerLockIcon C:\WINDOWS\system32\Shell32.dll,10
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences AutoAcceptReq 65535
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences ChatTranspLevel 100
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences FontOverrideDefault 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences EnablePreviousRecall 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences IncreaseEditSize 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences FontOverrideStyle
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences FontOverrideColor 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences ParseCommands 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences EventLogsToFile 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences SaveEventsToXml 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences EventLogsInDateDir 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences EventViewerTranspLevel 100
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences EventViewerMaxCount 500
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences FloatTextColor 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences FloatBorderColor 8951703
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences FloatBackgroundColor 16316664
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences FloatAlterSettingsEnabled 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences FloatFlash 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences FloatTextColorUseSystem 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences FloatShowEmots 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences FloatTranspLevel 90
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences FloatShowEmail 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences FloatShowPsm 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences FloatAlterMode 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences TabChatKeyShortcuts 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences TabChatPosition 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences EnableChatLog 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences LogsDirectory C:\Documents and Settings\Compaq_Propriétaire\Mes documents\Mes Historiques de Conversation
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences LogsInDateDir 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences ChatLogTxtTimeStamp 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences ChatLogTxtCutNames 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences ChatLogAddEventsTxt 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences ChatLogAutoWrap 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences ChatLogXHtmlTimeStamp 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences ChatLogXHtmlCutNames 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences ChatLogAddEventsXHtml 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences ChatLogAddImages 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences ChatLogUserFont 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences ChatLogCutNamesTxtMax 12
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences ChatLogCutNamesXHtmlMax 16
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences ChatLogEncrypt 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences QuickTextAddToToolbar 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences QuickIconsParenthesis 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences QuickIconsReplaceMessenger 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences QuickIconsShowStandard 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences QuickIconsShowAllCustom 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences ImproveColorChooser 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences FormatPanelInOptions 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences EnableFormatShortcuts 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences FormatShortcutsIrc 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences PersoStatusDispOnAway 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences PersoStatusRepeatDelay 180
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences CustomNotifBlockedIsOk 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences ToastShowWhenBusy 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences SoundsPanelUsePreview 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\aries_no_seb@hotmail.com\Preferences SoundsFirstUse 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\GlobalSettings\CustSounds\11B05876C173 Name Groovy
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\GlobalSettings\CustSounds\11B05876C173 Category 2
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\GlobalSettings\CustSounds\11B05876C173 Flags 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\GlobalSettings\CustSounds\11B05876C173 Language 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\GlobalSettings\CustSounds\1A887C8804F4 Name Ta gueule
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\GlobalSettings\CustSounds\1A887C8804F4 Category 2
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\GlobalSettings\CustSounds\1A887C8804F4 Flags 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\GlobalSettings\CustSounds\1A887C8804F4 Language 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\GlobalSettings\CustSounds\35BCE5745C57 Name Mordre
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\GlobalSettings\CustSounds\35BCE5745C57 Category 2
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\GlobalSettings\CustSounds\35BCE5745C57 Flags 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\GlobalSettings\CustSounds\35BCE5745C57 Language 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\GlobalSettings\CustSounds\7BB5E749F405 Name hitman the cobra
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\GlobalSettings\CustSounds\7BB5E749F405 Category 2
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\GlobalSettings\CustSounds\7BB5E749F405 Flags 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\GlobalSettings\CustSounds\7BB5E749F405 Language 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\GlobalSettings\Scripts ScriptEnableDebug 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\LogViewer PosMaximised 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\LogViewer PosRect
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Contacts\BUajXDOxYajF Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Contacts\BYpRYmpFBEsg Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Contacts\CwhOvXHDGueb Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Contacts\FDNEpFMmrRAv Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Contacts\FEklFMobVRGz Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Contacts\FEklFMobVRGz LastSeenOnline
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Contacts\FEklFMobVRGz LastChat
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Contacts\FOgwjJJExSab Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Contacts\GfLGhLFLYtNO Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Contacts\GfLGhLFLYtNO LastSeenOnline
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Contacts\GxWzYefBPZCs Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Contacts\KfTXBUbAarYm Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Contacts\KhNTMvHPWyvE Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Contacts\KwnYotKqagfR Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Contacts\KwnYotKqagfR LastSeenOnline
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Contacts\LFWmtNJApGkh Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Contacts\LKekvGzKwzSs Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Contacts\LKidIwbJXSye Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Contacts\LVDNOfTJYinE Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Contacts\LVDNOfTJYinE LastSeenOnline
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Contacts\NRMmfTXExDEs Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Contacts\NRMmfTXExDEs LastSeenOnline
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Contacts\NWpEyzHVCfHH Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Contacts\QbCszMifAlVM Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Contacts\SjHDOzFChNGd LastSeenOnline
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Contacts\SjHDOzFChNGd Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Contacts\TJJYlOujKmfS Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Contacts\TJJYlOujKmfS LastSeenOnline
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Contacts\TJJYlOujKmfS LastChat
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Contacts\VSxIfMmxHQvD Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Contacts\WshLFTRRRYqr Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Contacts\YdUaktKqayhK Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Contacts\YdUaktKqayhK LastSeenOnline
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Contacts\ZLYsmhDFArHV LastSeenOnline
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Contacts\ZLYsmhDFArHV Email
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Contacts\ZLYsmhDFArHV LastChat
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Preferences OldPlusChecked 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Preferences PrefMigration 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Preferences ContactWatchTime
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Preferences FirstStart 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Preferences NotifyAutoUpdate 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Preferences EnableChatLog 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Preferences TabChatAuto 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Preferences SoundsAutoPlay 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Preferences LockEnableShortcut 1
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Preferences EventViewerMaximised 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live\meute4@hotmail.com\Preferences EventViewerPos
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live LanguageFile Lng_French.ini
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live StartingFlagCheck 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live MessengerStartTime
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live MessengerIsRTL 0
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live DefaultUser aries_no_seb@hotmail.com
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live AutoUpdateTime
HKEY_CURRENT_USER\SOFTWARE\Patchou\Messenger Plus! Live AllowMultiClients 0
HKEY_CLASSES_ROOT\MsgPlus.SoundPack
HKEY_CLASSES_ROOT\MsgPlus.SoundPack\DefaultIcon C:\Program Files\Messenger Plus! Live\MPTools.exe,2
HKEY_CLASSES_ROOT\MsgPlus.SoundPack\shell\open\command "C:\Program Files\Messenger Plus! Live\MPTools.exe" /ImportSoundPack="%1"
HKEY_CLASSES_ROOT\MsgPlus.SoundPack Messenger Plus! Sound Pack
HKEY_CLASSES_ROOT\.ple
HKEY_CLASSES_ROOT\.ple MsgPlus.Encrypted
HKEY_CLASSES_ROOT\.plp
HKEY_CLASSES_ROOT\.plp MsgPlus.SoundPack
DeluxeCommunications Adware (General) more information...
Status: Quarantined
Infected files detected
c:\documents and settings\compaq_propriétaire\application data\dxcknwrd.dll
c:\documents and settings\compaq_propriétaire\application data\dxcuknwrd.dll
Trojan-Downloader.Win32.VB.ahc Trojan Downloader more information...
Status: Quarantined
Infected registry entries detected
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\XPROTECTOR
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\XPROTECTOR\Security Security
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\XPROTECTOR\Enum 0 Root\LEGACY_XPROTECTOR\0000
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\XPROTECTOR\Enum Count 1
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\XPROTECTOR\Enum NextInstance 1
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\XPROTECTOR Type 1
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\XPROTECTOR Start 2
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\XPROTECTOR ErrorControl 1
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\XPROTECTOR ImagePath \??\C:\WINDOWS\system32\drivers\Oreans.sys
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\XPROTECTOR DisplayName XPROTECTOR
Trojan.Win32.BHO.g Trojan more information...
Status: Deleted
Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{F18F04B0-9CF1-4b93-B004-77A288BEE28B}
HKEY_CLASSES_ROOT\CLSID\{F18F04B0-9CF1-4b93-B004-77A288BEE28B}\InprocServer32 C:\WINDOWS\system32\njolgijp.dll
HKEY_CLASSES_ROOT\CLSID\{F18F04B0-9CF1-4b93-B004-77A288BEE28B}\InprocServer32 ThreadingModel Both
Cookie: DriveCleaner Cookie (General) more information...
Status: Deleted
Infected cookies detected
c:\documents and settings\compaq_propriétaire\cookies\compaq_propriétaire@drivecleaner[2].txt
Cookie: Ajan 1.0 Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted
Infected cookies detected
c:\documents and settings\compaq_propriétaire\cookies\compaq_propriétaire@xiti[1].txt"
Rapport HijackThis! (renommé Scanner.exe) :
"Logfile of HijackThis v1.99.1
Scan saved at 16:57, on 06-11-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\TheTurtle\TheTurtle.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HiJackThis\Scanner.exe.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A1080C01-1F5D-4C3C-9645-C73236DB4B35} - (no file)
O2 - BHO: (no name) - {B4B3994D-E118-4A93-83CA-7115E96756DD} - C:\WINDOWS\system32\oobe\actsetup\ewbawve.dll (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [TheTurtle] C:\Program Files\TheTurtle\TheTurtle.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 3732221812
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O20 - Winlogon Notify: pmnnl - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe"
- Lance Hijackthis ->Do a system scan only
->Coche les lignes ci-dessous :
O2 - BHO: (no name) - {A1080C01-1F5D-4C3C-9645-C73236DB4B35} - (no file)
O2 - BHO: (no name) - {B4B3994D-E118-4A93-83CA-7115E96756DD} - C:\WINDOWS\system32\oobe\actsetup\ewbawve.dll (file missing)
O20 - Winlogon Notify: pmnnl - C:\WINDOWS\
Clique sur Fix checked (en bas à gauche)
Supprime combofix.
Retélécharge le, puis lance le.
Répondre à Angeldark
Les lignes que tu as cité sont normalement fixées par HijackThis!...
Voilà le log de ComboFix, un poil plus conséquent que les précédents :
"Compaq_Propri‚taire - 06-11-22 17:12:19.06 Service Pack 2
ComboFix 06.11.22 - Running from: "C:\Documents and Settings\Compaq_Propri‚taire\Bureau"
((((((((((((((((((((((((((((((( Files Created from 2006-10-22 to 2006-11-22 ))))))))))))))))))))))))))))))))))
2006-11-22 15:11 <REP> d-------- C:\VundoFix Backups
2006-11-22 01:09 <REP> d-------- C:\WINDOWS\WBEM
2006-11-22 01:09 <REP> d-------- C:\WINDOWS\system32\fr-fr
2006-11-22 01:07 <REP> d--h-c--- C:\WINDOWS\ie7
2006-11-22 01:06 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-11-22 01:06 <REP> d-------- C:\WINDOWS\network diagnostic
2006-11-20 23:04 <REP> d-------- C:\Program Files\Games Workshop
2006-11-17 03:54 <REP> d-------- C:\Program Files\MSXML 4.0
2006-11-17 03:54 <REP> d-------- C:\90f084daada0790f3d
2006-11-16 17:52 126,996 --a------ C:\WINDOWS\system32\nolomirp.dll
2006-11-16 15:16 <REP> dr-h----- C:\Documents and Settings\Compaq_Propri‚taire\Application Data\SecuROM
2006-11-14 17:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2006-11-13 23:45 <REP> dr-h----- C:\Documents and Settings\Compaq_Propri‚taire\Recent
2006-11-13 23:43 <REP> d-------- C:\Program Files\CCleaner
2006-11-13 22:14 <REP> d-------- C:\Program Files\Messenger Plus! Live
2006-11-08 13:45 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2006-11-08 02:41 <REP> d-------- C:\Program Files\JazzWare
2006-11-08 02:40 <REP> d-------- C:\Jazz++
2006-11-08 02:10 <REP> d-------- C:\Program Files\MIDI Locator
2006-11-08 02:10 <REP> d-------- C:\MIDI locator
2006-11-08 01:14 <REP> d-------- C:\Program Files\iTunes
2006-11-08 01:14 <REP> d-------- C:\Program Files\iPod
2006-11-08 01:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2006-11-08 00:41 <REP> d-------- C:\Program Files\Samsung
2006-11-08 00:41 <REP> d-------- C:\Hermes
2006-11-08 00:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Samsung
2006-11-08 00:40 80,272 -ra------ C:\WINDOWS\system32\drivers\sscdbus.sys
2006-11-08 00:40 137,884 -ra------ C:\WINDOWS\system32\drivers\sscdmdm.sys
2006-11-08 00:40 11,877 -ra------ C:\WINDOWS\system32\drivers\sscdcmnt.sys
2006-11-08 00:40 11,877 -ra------ C:\WINDOWS\system32\drivers\sscdcm.sys
2006-11-08 00:40 11,188 -ra------ C:\WINDOWS\system32\drivers\sscdwhnt.sys
2006-11-08 00:40 11,188 -ra------ C:\WINDOWS\system32\drivers\sscdwh.sys
2006-11-08 00:40 10,864 -ra------ C:\WINDOWS\system32\drivers\sscdmdfl.sys
2006-11-08 00:22 <REP> d-------- C:\Program Files\Audacity
2006-11-07 21:03 6,049,280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50,688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458,752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 180,736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 03:26 13,312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-06 22:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2006-11-04 21:29 <REP> d--h----- C:\WINDOWS\PIF
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-03 21:06 <REP> d-------- C:\Documents and Settings\Compaq_Propri‚taire\Application Data\InstallShield
2006-11-01 07:54 <REP> d-------- C:\Documents and Settings\All Users\SonicStage
2006-10-30 18:52 110,612 --a------ C:\WINDOWS\system32\nyuoxoeg.exe
2006-10-27 02:52 <REP> d-------- C:\WINDOWS\AU_Temp
2006-10-25 23:30 <REP> d-------- C:\Program Files\IrfanView
2006-10-25 22:32 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-10-25 22:32 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-10-25 22:32 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-10-25 22:32 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-10-25 22:06 <REP> d-------- C:\WINDOWS\system32\ActiveScan
2006-10-25 21:56 <REP> d-------- C:\HiJackThis
2006-10-25 21:46 <REP> d-------- C:\Program Files\SpywareBlaster
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-22 17:12 24 --a------ C:\WINDOWS\system32\msttxl16.dll
2006-11-22 16:53 -------- d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-22 15:52 -------- d-------- C:\Program Files\Sunbelt Software
2006-11-22 15:46 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-11-22 15:34 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-22 14:59 -------- d-------- C:\Program Files\Fichiers communs
2006-11-22 13:48 -------- d---s---- C:\Documents and Settings\Compaq_Propri‚taire\Application Data\Microsoft
2006-11-22 13:07 -------- d-------- C:\Program Files\Internet Explorer
2006-11-21 23:27 -------- d-------- C:\Program Files\eMule
2006-11-13 23:51 -------- d-------- C:\Program Files\Fichiers communs\Logitech
2006-11-13 23:49 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-13 22:14 -------- d-------- C:\Program Files\MSN Messenger
2006-11-08 14:03 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-11-08 01:13 -------- d-------- C:\Program Files\QuickTime
2006-11-07 23:20 -------- d-------- C:\Documents and Settings\Compaq_Propri‚taire\Application Data\Azureus
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-06 22:11 -------- d-------- C:\Documents and Settings\Compaq_Propri‚taire\Application Data\AdobeUM
2006-11-06 21:10 -------- d-------- C:\Documents and Settings\Compaq_Propri‚taire\Application Data\Adobe
2006-11-06 21:02 -------- d-------- C:\Program Files\Adobe
2006-11-01 23:34 -------- d-------- C:\Program Files\Fichiers communs\Microsoft Shared
2006-11-01 07:55 -------- d-------- C:\Documents and Settings\Compaq_Propri‚taire\Application Data\Sony Corporation
2006-10-27 02:53 86094 --a------ C:\WINDOWS\BPMNT.dll
2006-10-27 02:53 71749 --a------ C:\WINDOWS\hcextoutput.dll
2006-10-27 02:53 176709 --a------ C:\WINDOWS\tsc.exe
2006-10-27 02:53 1101904 --a------ C:\WINDOWS\vsapi32.dll
2006-10-21 15:04 -------- d-------- C:\Program Files\Sony
2006-10-21 14:56 -------- d-------- C:\Program Files\Fichiers communs\Sony Shared
2006-10-21 11:38 -------- d-------- C:\Program Files\Zone Labs
2006-10-21 11:15 69689 --a------ C:\WINDOWS\UNZIP.DLL
2006-10-21 11:15 507904 --a------ C:\WINDOWS\TMUPDATE.DLL
2006-10-21 11:15 286720 --a------ C:\WINDOWS\PATCH.EXE
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-15 11:20 -------- d-------- C:\Program Files\Lavalys
2006-10-13 16:05 -------- d-------- C:\Program Files\AGEIA Technologies
2006-10-13 16:01 -------- d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2006-10-13 13:36 145920 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-11 20:07 -------- d-------- C:\Program Files\Lavasoft
2006-10-11 20:07 -------- d-------- C:\Documents and Settings\Compaq_Propri‚taire\Application Data\Lavasoft
2006-10-08 15:39 -------- d-------- C:\Program Files\DaemonTools_WhenUSave_Installer
2006-10-08 15:33 611064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-10-08 15:03 143380 --a------ C:\WINDOWS\system32\sjlsoiqf.exe
2006-10-08 14:57 94208 --a------ C:\WINDOWS\system32\zzfqdy.dll
2006-10-08 14:57 73216 --a------ C:\WINDOWS\system32\znrezsm.dll
2006-10-08 12:43 -------- d-------- C:\Program Files\Azureus
2006-10-07 07:20 -------- d-------- C:\Program Files\Labra Tetris
2006-10-05 19:27 -------- d-------- C:\Program Files\FLVPlayer
2006-10-05 16:14 -------- d-------- C:\Program Files\Pulse
2006-10-05 16:08 -------- d-------- C:\Program Files\TheTurtle
2006-10-02 10:29 -------- d-------- C:\Program Files\Fichiers communs\Adobe
2006-09-28 22:54 -------- d-------- C:\Program Files\Gimp
2006-09-28 22:45 -------- d-------- C:\Program Files\GIMP-2.0
2006-09-28 22:35 -------- d-------- C:\Program Files\Fichiers communs\GTK
2006-09-28 17:50 -------- d-------- C:\Program Files\SmartFTP Client 2.0 Setup Files
2006-09-28 17:50 -------- d-------- C:\Program Files\SmartFTP Client 2.0
2006-09-28 17:50 -------- d-------- C:\Documents and Settings\Compaq_Propri‚taire\Application Data\SmartFTP
2006-09-28 14:11 -------- d-------- C:\Documents and Settings\Compaq_Propri‚taire\Application Data\Macromedia
2006-09-28 13:55 53248 --a------ C:\WINDOWS\system32\PhysXLoader.dll
2006-09-26 13:01 45056 -ra------ C:\WINDOWS\system32\AgCPanelJapanese.dll
2006-09-25 21:23 -------- d-------- C:\Documents and Settings\Compaq_Propri‚taire\Application Data\Intervideo
2006-09-25 16:45 666240 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-09-25 16:40 87424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2006-09-25 16:40 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2006-09-25 16:39 36176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2006-09-25 16:39 16352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2006-09-25 16:37 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2006-09-25 16:37 24560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2006-09-24 13:26 -------- d-------- C:\Program Files\Fichiers communs\SystemRequirementsLab
2006-09-24 13:26 -------- d-------- C:\Documents and Settings\Compaq_Propri‚taire\Application Data\System Requirements Lab
2006-09-22 19:02 -------- d-------- C:\Documents and Settings\Compaq_Propri‚taire\Application Data\Real
2006-09-22 19:02 -------- d-------- C:\Documents and Settings\Compaq_Propri‚taire\Application Data\Media Player Classic
2006-09-22 19:01 -------- d-------- C:\Program Files\Real Alternative
2006-09-22 19:01 -------- d-------- C:\Program Files\Media Player Classic
2006-09-22 14:37 -------- d-------- C:\Program Files\Codemasters
2006-09-22 05:11 -------- d-------- C:\Program Files\Windows NT
2006-09-22 05:11 -------- d-------- C:\Program Files\NetMeeting
2006-09-22 05:10 -------- d-------- C:\Program Files\Fichiers communs\Services
2006-09-22 00:12 -------- d-------- C:\Program Files\Windows Media Player
2006-09-22 00:08 -------- d-------- C:\Program Files\Microsoft.NET
2006-09-22 00:08 -------- d-------- C:\Program Files\Microsoft Office
2006-09-22 00:08 -------- d-------- C:\Program Files\Fichiers communs\System
2006-09-22 00:08 -------- d-------- C:\Program Files\Fichiers communs\DESIGNER
2006-09-21 23:29 34308 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll
2006-09-13 06:03 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-08 08:01 45056 -ra------ C:\WINDOWS\system32\AgCPanelTraditionalChinese.dll
2006-09-08 08:01 45056 -ra------ C:\WINDOWS\system32\AgCPanelSwedish.dll
2006-09-08 08:01 45056 -ra------ C:\WINDOWS\system32\AgCPanelSpanish.dll
2006-09-08 08:01 45056 -ra------ C:\WINDOWS\system32\AgCPanelSimplifiedChinese.dll
2006-09-08 08:01 45056 -ra------ C:\WINDOWS\system32\AgCPanelPortugese.dll
2006-09-08 08:01 45056 -ra------ C:\WINDOWS\system32\AgCPanelKorean.dll
2006-09-08 08:01 45056 -ra------ C:\WINDOWS\system32\AgCPanelGerman.dll
2006-09-08 08:01 45056 -ra------ C:\WINDOWS\system32\AgCPanelFrench.dll
2006-09-06 16:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-08-25 16:51 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-23 22:39 42920 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"TheTurtle"="C:\\Program Files\\TheTurtle\\TheTurtle.exe"
"SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"SiS Windows KeyHook"="C:\\WINDOWS\\system32\\keyhook.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"AGEIA PhysX SysTray"="C:\\Program Files\\AGEIA Technologies\\TrayIcon.exe"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"SunServer"="C:\\Program Files\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{076394AD-7FDD-44EF-A075-32C68DBAB99B}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AlcxMonitor"="ALCXMNTR.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"nwiz"="nwiz.exe /install"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
backup-20061122-170925-155
O20 - Winlogon Notify: pmnnl - C:\WINDOWS\
backup-20061122-170925-697
O2 - BHO: (no name) - {B4B3994D-E118-4A93-83CA-7115E96756DD} - C:\WINDOWS\system32\oobe\actsetup\ewbawve.dll (file missing)
backup-20061122-170925-918
O2 - BHO: (no name) - {A1080C01-1F5D-4C3C-9645-C73236DB4B35} - (no file)
backup-20061122-135543-323
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
backup-20061122-135543-161
O20 - Winlogon Notify: pmnnl - C:\WINDOWS\
backup-20061122-135543-583
O20 - Winlogon Notify: ewbawve - C:\WINDOWS\system32\oobe\actsetup\ewbawve.dll
backup-20061122-135542-613
O11 - Options group: [INTERNATIONAL] International*
backup-20061122-135542-606
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20061122-135541-525
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20061122-135541-172
O2 - BHO: (no name) - {B4B3994D-E118-4A93-83CA-7115E96756DD} - C:\WINDOWS\system32\oobe\actsetup\ewbawve.dll
backup-20061122-135541-130
O2 - BHO: (no name) - {A1080C01-1F5D-4C3C-9645-C73236DB4B35} - (no file)
Completion time: 06-11-22 17:13:21.73
C:\ComboFix.txt ... 06-11-22 17:13"
Re,
- Télécharge Clean.zip (de Malekal),
décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
Redémarre en mode sans échec
- Ouvre le dossier clean qui se trouve sur ton bureau, et double-clic sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laisse la ouverte.
Redémarre normalement
- Le rapport clean : Poste de travail / double clic sur disque C / double-clic sur rapport_clean.txt et copier/coller le contenu ici C:\rapport_clean.txt
Répondre à Angeldark
Et voilà le rapport :
"Script clean par Malekal_morte - http://www.malekal.com
Microsoft Windows XP [version 5.1.2600]
Script execute en mode sans echec
*** Suppression de fichiers sur C:
*** Suppression des fichiers dans C:\WINDOWS\
C:\WINDOWS\ALCXMNTR.EXE FOUND
*** Suppression des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\mcrh.tmp FOUND
*** Suppression des clefs du registre effectuee.. "
Re,
Avec Internet Explorer
Fais un scan en ligne Panda
- Clique sur " Scan your PC "
- Ensuite sur " Check Now "
- /!\ Clique en bas sur " I don't Accept "
Entre ton adresse e-mail puis commence le scan
- Poste le rapport en fin d'analyse
Si tu as Avast! désactive-le lors du scan
Répondre à Angeldark
Voilà le rapport de Panda :
"
Incident Status Location
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\eaqn4dmn.default\cookies.txt[.weborama.fr/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\eaqn4dmn.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\eaqn4dmn.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\eaqn4dmn.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\eaqn4dmn.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\eaqn4dmn.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\eaqn4dmn.default\cookies.txt[.com.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\eaqn4dmn.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\eaqn4dmn.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\eaqn4dmn.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\eaqn4dmn.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\eaqn4dmn.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\eaqn4dmn.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\eaqn4dmn.default\cookies.txt[fe.lea.lycos.fr/]
Potentially unwanted tool:Application/Pskill.K Not disinfected C:\Documents and Settings\Compaq_Propriétaire\Bureau\clean\pskill.exe
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@stats.drivecleaner[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@stats1.reliablestats[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@www.drivecleaner[2].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@www.systemdoctor[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@xiti[1].txt
Adware:Adware/AdwareShooter Not disinfected C:\HiJackThis\backups\backup-20061122-135541-172.dll
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Potentially unwanted tool:Application/Pskill.K Not disinfected C:\RECYCLER\S-1-5-21-1151136275-2375342885-3564596911-1007\Dc133.zip[clean/pskill.exe]
Adware:Adware/AdwareShooter Not disinfected C:\VundoFix Backups\ewbawve.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\nolomirp.dll
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\nyuoxoeg.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\sjlsoiqf.exe
"
| Citation : Spyware:Cookie |
Ca c'est rien de méchant.
| Citation : - Assure toi d'avoir accès aux dossiers/fichiers cachés
|
S'il te plaît, va ici pour uploader un fichier douteux pour analyse.
- "Your Username:" - Entre ton pseudo sur ce forum
- "Topic Where File Was Requested:" - Copie-colle le lien vers cette discussion
- "File(s) To Submit:" - Bouton "Parcourir..." pour naviguer vers ce nom de fichier : C:\WINDOWS\system32\nolomirp.dll
- Cliquez sur Send File
- Double-clique VundoFix.exe afin de le lancer
- NE clique PAS sur le bouton Scan for Vundo
- Clique Droit dans la fenêtre blanche, choisis Add more files ?
- Rajoute dans la première ligne :
C:\WINDOWS\system32\nolomirp.dll
Dans la deuxième :
C:\WINDOWS\system32\nyuoxoeg.exe
Dans la troisième :
C:\WINDOWS\system32\sjlsoiqf.exe
- Clique successivement sur :
- Add Files
- Close Windows
- Remove Vundo
- Si l'outil te demande de redémarrer, accepte.
- Copie/Colle ensuite le rapport C:\vundofix.txt
Supprime ce dossier :
C:\VundoFix Backups\
Répondre à Angeldark
Nouveau rapport de VundoFix :
"Beginning removal...
Attempting to delete C:\WINDOWS\system32\nolomirp.dll
C:\WINDOWS\system32\nolomirp.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nyuoxoeg.exe
C:\WINDOWS\system32\nyuoxoeg.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\sjlsoiqf.exe
C:\WINDOWS\system32\sjlsoiqf.exe Has been deleted!
Performing Repairs to the registry.
Done!"
J'ai également uploadé nolomirp.dll comme tu l'as demandé
Vide ta corbeille.
D'autres problèmes ?
Répondre à Angeldark
Ma corbeille est déjà vidée ^__^
Je vois pas d'autres problème, non...
J'oserais même mettre [Résolu] dans le titre du topic !
Alors sinon j'étais infecté par quoi finalement?
Et bien sûr, je te remercie beaucoup pour les conseils que tu m'as donné, du très bon boulot.
Bien joué
Bah ton infection est dans le titre.
Dénonce ton infection (VUNDO) pour faire condamner les auteurs, ça serait sympa.
Crée un message pour faire avancer les choses sur Malware-Complaints, nous devons être le plus nombreux possibles, alors rends compte de ton infection.
AIDE : Comment rapporter son infection sur Malware-Complaints ?
Consulte cette page pour éviter que ces problèmes ne réapparaissent pas.
Répondre à Angeldark
J'ai donc dénoncé mon infection, si ça peut faire bouger les choses, ce sera bien.
Je vais également regarder ce lien pour éviter que ça ne se reproduise ^__^
Et encore merci
De rien 
Répondre à Angeldark
Il y a 2637 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
