Analysez mon rapport Hijackthis svp [ resolu ]
Dernière réponse : dans Sécurité
Je recois pleins de pub en me connectant a internet.
Voici mon rapport:
Logfile of HijackThis v1.99.1
Scan saved at 15:14:54, on 27/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Flo\Bureau\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINDOWS\system32\hgpncqky.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11F0EE13-5947-2942-F631-09BEB2706006} - C:\WINDOWS\system32\wirvufc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {C0066A2E-3E3A-4FE7-9E11-9A144206E6D9} - C:\WINDOWS\system32\vtstu.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winohw32 - C:\WINDOWS\SYSTEM32\winohw32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
Voici mon rapport:
Logfile of HijackThis v1.99.1
Scan saved at 15:14:54, on 27/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Flo\Bureau\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINDOWS\system32\hgpncqky.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11F0EE13-5947-2942-F631-09BEB2706006} - C:\WINDOWS\system32\wirvufc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {C0066A2E-3E3A-4FE7-9E11-9A144206E6D9} - C:\WINDOWS\system32\vtstu.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winohw32 - C:\WINDOWS\SYSTEM32\winohw32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
Autres pages sur : analysez rapport hijackthis svp resolu
Lassé par la pub ? Créez un compte
Bonjour,
- Télécharge Hijackthis de Merjin.
- Dézippe le dans un dossier ou sur ton bureau.
-- Clique Droit sur Hijackthis.exe :
-> Choisis "Renommer"
-> Tape Scanner.exe puis valide.
- Lance l'application
- Choisis l'option "Do a system scan and save a logfile"
-- Le Bloc-Notes s'ouvre :
-> Edition / Sélectionner Tout
-> Edition / Copier
- Colle le rapport ici.
AIDE : Aide sur Hijackthis (Malekal)
- Télécharge Hijackthis de Merjin.
- Dézippe le dans un dossier ou sur ton bureau.
-- Clique Droit sur Hijackthis.exe :
-> Choisis "Renommer"
-> Tape Scanner.exe puis valide.
- Lance l'application
- Choisis l'option "Do a system scan and save a logfile"
-- Le Bloc-Notes s'ouvre :
-> Edition / Sélectionner Tout
-> Edition / Copier
- Colle le rapport ici.
AIDE : Aide sur Hijackthis (Malekal)
Assez fort ![:)]( ":)")
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
Double-clique VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo
Lorsque le scan est complété, clique sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
Installe un firewall comme Kerio :
http://www.malekal.com/kerio_firewall.php
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
Installe un firewall comme Kerio :
http://www.malekal.com/kerio_firewall.php
Rapport Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 15:47:49, on 27/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Flo\Bureau\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINDOWS\system32\hgpncqky.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11F0EE13-5947-2942-F631-09BEB2706006} - C:\WINDOWS\system32\wirvufc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {C0066A2E-3E3A-4FE7-9E11-9A144206E6D9} - C:\WINDOWS\system32\vtstu.dll (file missing)
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winohw32 - C:\WINDOWS\SYSTEM32\winohw32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
Logfile of HijackThis v1.99.1
Scan saved at 15:47:49, on 27/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Flo\Bureau\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINDOWS\system32\hgpncqky.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11F0EE13-5947-2942-F631-09BEB2706006} - C:\WINDOWS\system32\wirvufc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {C0066A2E-3E3A-4FE7-9E11-9A144206E6D9} - C:\WINDOWS\system32\vtstu.dll (file missing)
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winohw32 - C:\WINDOWS\SYSTEM32\winohw32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
rapport vundofix:
Checking Java version...
Java version is 1.5.0.6
Scan started at 15:09:30 27/11/2006
Listing files found while scanning....
C:\WINDOWS\system32\utstv.ini
C:\WINDOWS\system32\utstv.bak1
C:\WINDOWS\system32\utstv.bak2
C:\WINDOWS\system32\utstv.ini2
C:\WINDOWS\system32\utstv.tmp
Beginning removal...
Attempting to delete C:\WINDOWS\system32\vtstu.dll
C:\WINDOWS\system32\vtstu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\utstv.ini
C:\WINDOWS\system32\utstv.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\utstv.bak1
C:\WINDOWS\system32\utstv.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\utstv.bak2
C:\WINDOWS\system32\utstv.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\utstv.ini2
C:\WINDOWS\system32\utstv.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\utstv.tmp
C:\WINDOWS\system32\utstv.tmp Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.2.11
Checking Java version...
Java version is 1.5.0.6
Scan started at 15:12:45 27/11/2006
Listing files found while scanning....
No infected files were found.
VundoFix V6.2.11
Checking Java version...
Java version is 1.5.0.6
Scan started at 15:14:43 27/11/2006
Listing files found while scanning....
No infected files were found.
VundoFix V6.2.11
Checking Java version...
Java version is 1.5.0.6
Scan started at 15:32:11 27/11/2006
Listing files found while scanning....
No infected files were found.
Checking Java version...
Java version is 1.5.0.6
Scan started at 15:09:30 27/11/2006
Listing files found while scanning....
C:\WINDOWS\system32\utstv.ini
C:\WINDOWS\system32\utstv.bak1
C:\WINDOWS\system32\utstv.bak2
C:\WINDOWS\system32\utstv.ini2
C:\WINDOWS\system32\utstv.tmp
Beginning removal...
Attempting to delete C:\WINDOWS\system32\vtstu.dll
C:\WINDOWS\system32\vtstu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\utstv.ini
C:\WINDOWS\system32\utstv.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\utstv.bak1
C:\WINDOWS\system32\utstv.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\utstv.bak2
C:\WINDOWS\system32\utstv.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\utstv.ini2
C:\WINDOWS\system32\utstv.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\utstv.tmp
C:\WINDOWS\system32\utstv.tmp Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.2.11
Checking Java version...
Java version is 1.5.0.6
Scan started at 15:12:45 27/11/2006
Listing files found while scanning....
No infected files were found.
VundoFix V6.2.11
Checking Java version...
Java version is 1.5.0.6
Scan started at 15:14:43 27/11/2006
Listing files found while scanning....
No infected files were found.
VundoFix V6.2.11
Checking Java version...
Java version is 1.5.0.6
Scan started at 15:32:11 27/11/2006
Listing files found while scanning....
No infected files were found.
Re,
Double-clique VundoFix.exe afin de le lancer
NE clique PAS sur le bouton Scan for Vundo
Clique Droit dans la fenêtre blanche, choisis Add more files ?
Rajoute dans la première ligne :
C:\WINDOWS\system32\hgpncqky.dll
Dans la deuxième :
C:\WINDOWS\system32\wirvufc.dll
Dans la troisième :
C:\WINDOWS\SYSTEM32\winohw32.dll
Clique successivement sur :
- Add Files
- Close Windows
- Remove Vundo
Si l'outil te demande de redémarrer, accepte.
Copie/Colle ensuite le rapport C:\vundofix.txt
Avec un nouveau rapport Hijackthis aussi.
C:\WINDOWS\system32\hgpncqky.dll
Dans la deuxième :
C:\WINDOWS\system32\wirvufc.dll
Dans la troisième :
C:\WINDOWS\SYSTEM32\winohw32.dll
- Add Files
- Close Windows
- Remove Vundo
Avec un nouveau rapport Hijackthis aussi.
VundoFix V6.2.11
Checking Java version...
Java version is 1.5.0.6
Scan started at 15:09:30 27/11/2006
Listing files found while scanning....
C:\WINDOWS\system32\utstv.ini
C:\WINDOWS\system32\utstv.bak1
C:\WINDOWS\system32\utstv.bak2
C:\WINDOWS\system32\utstv.ini2
C:\WINDOWS\system32\utstv.tmp
Beginning removal...
Attempting to delete C:\WINDOWS\system32\vtstu.dll
C:\WINDOWS\system32\vtstu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\utstv.ini
C:\WINDOWS\system32\utstv.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\utstv.bak1
C:\WINDOWS\system32\utstv.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\utstv.bak2
C:\WINDOWS\system32\utstv.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\utstv.ini2
C:\WINDOWS\system32\utstv.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\utstv.tmp
C:\WINDOWS\system32\utstv.tmp Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.2.11
Checking Java version...
Java version is 1.5.0.6
Scan started at 15:12:45 27/11/2006
Listing files found while scanning....
No infected files were found.
VundoFix V6.2.11
Checking Java version...
Java version is 1.5.0.6
Scan started at 15:14:43 27/11/2006
Listing files found while scanning....
No infected files were found.
VundoFix V6.2.11
Checking Java version...
Java version is 1.5.0.6
Scan started at 15:32:11 27/11/2006
Listing files found while scanning....
No infected files were found.
Beginning removal...
Attempting to delete C:\WINDOWS\system32\hgpncqky.dll
C:\WINDOWS\system32\hgpncqky.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wirvufc.dll
C:\WINDOWS\system32\wirvufc.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\winohw32.dll
C:\WINDOWS\SYSTEM32\winohw32.dll Has been deleted!
Performing Repairs to the registry.
Done!
Checking Java version...
Java version is 1.5.0.6
Scan started at 15:09:30 27/11/2006
Listing files found while scanning....
C:\WINDOWS\system32\utstv.ini
C:\WINDOWS\system32\utstv.bak1
C:\WINDOWS\system32\utstv.bak2
C:\WINDOWS\system32\utstv.ini2
C:\WINDOWS\system32\utstv.tmp
Beginning removal...
Attempting to delete C:\WINDOWS\system32\vtstu.dll
C:\WINDOWS\system32\vtstu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\utstv.ini
C:\WINDOWS\system32\utstv.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\utstv.bak1
C:\WINDOWS\system32\utstv.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\utstv.bak2
C:\WINDOWS\system32\utstv.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\utstv.ini2
C:\WINDOWS\system32\utstv.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\utstv.tmp
C:\WINDOWS\system32\utstv.tmp Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.2.11
Checking Java version...
Java version is 1.5.0.6
Scan started at 15:12:45 27/11/2006
Listing files found while scanning....
No infected files were found.
VundoFix V6.2.11
Checking Java version...
Java version is 1.5.0.6
Scan started at 15:14:43 27/11/2006
Listing files found while scanning....
No infected files were found.
VundoFix V6.2.11
Checking Java version...
Java version is 1.5.0.6
Scan started at 15:32:11 27/11/2006
Listing files found while scanning....
No infected files were found.
Beginning removal...
Attempting to delete C:\WINDOWS\system32\hgpncqky.dll
C:\WINDOWS\system32\hgpncqky.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wirvufc.dll
C:\WINDOWS\system32\wirvufc.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\winohw32.dll
C:\WINDOWS\SYSTEM32\winohw32.dll Has been deleted!
Performing Repairs to the registry.
Done!
Logfile of HijackThis v1.99.1
Scan saved at 16:02:42, on 27/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Flo\Bureau\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINDOWS\system32\hgpncqky.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11F0EE13-5947-2942-F631-09BEB2706006} - C:\WINDOWS\system32\wirvufc.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {C0066A2E-3E3A-4FE7-9E11-9A144206E6D9} - C:\WINDOWS\system32\vtstu.dll (file missing)
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
Scan saved at 16:02:42, on 27/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Flo\Bureau\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINDOWS\system32\hgpncqky.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11F0EE13-5947-2942-F631-09BEB2706006} - C:\WINDOWS\system32\wirvufc.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {C0066A2E-3E3A-4FE7-9E11-9A144206E6D9} - C:\WINDOWS\system32\vtstu.dll (file missing)
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
- Lance Hijackthis ->Do a system scan only
->Coche les lignes ci-dessous :
O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINDOWS\system32\hgpncqky.dll (file missing)
O2 - BHO: (no name) - {11F0EE13-5947-2942-F631-09BEB2706006} - C:\WINDOWS\system32\wirvufc.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {C0066A2E-3E3A-4FE7-9E11-9A144206E6D9} - C:\WINDOWS\system32\vtstu.dll (file missing)
Clique sur Fix checked (en bas à gauche)
Tu n'as pas d'antivirus !
Installe Antivir, fais un scan complet puis poste le rapport :
http://www.malekal.com/tutorial_antivir.php
->Coche les lignes ci-dessous :
O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINDOWS\system32\hgpncqky.dll (file missing)
O2 - BHO: (no name) - {11F0EE13-5947-2942-F631-09BEB2706006} - C:\WINDOWS\system32\wirvufc.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {C0066A2E-3E3A-4FE7-9E11-9A144206E6D9} - C:\WINDOWS\system32\vtstu.dll (file missing)
Clique sur Fix checked (en bas à gauche)
Tu n'as pas d'antivirus !
Installe Antivir, fais un scan complet puis poste le rapport :
http://www.malekal.com/tutorial_antivir.php
AntiVir PersonalEdition Classic
Report file date: lundi 27 novembre 2006 16:33
Scanning for 566196 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-WURGE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Flo
Computer name: FAB
Version information:
AVSCAN.EXE : 7.0.0.47 200744 21/08/2006 11:06:56
AVSCAN.DLL : 7.0.0.45 41000 07/09/2006 11:56:33
LUKE.DLL : 7.0.0.47 118824 07/09/2006 11:32:33
LUKERES.DLL : 7.0.0.47 9256 07/09/2006 11:56:33
ANTIVIR0.VDF : 6.35.0.1 7371264 31/05/2006 11:35:27
ANTIVIR1.VDF : 6.36.1.24 2212864 14/11/2006 15:29:48
ANTIVIR2.VDF : 6.36.1.80 161280 23/11/2006 15:29:48
ANTIVIR3.VDF : 6.36.1.87 19456 25/11/2006 15:29:48
AVEWIN32.DLL : 7.2.0.46 1925632 27/11/2006 15:29:48
AVPREF.DLL : 7.0.0.2 23592 24/07/2006 13:36:04
AVREP.DLL : 6.36.1.1 925736 27/11/2006 15:29:48
AVRPBASE.DLL : 7.0.0.0 2162728 30/03/2006 09:43:31
AVPACK32.DLL : 7.2.0.5 368680 27/11/2006 15:29:49
AVREG.DLL : 6.31.0.90 27688 28/07/2005 11:06:36
NETNT.DLL : 6.32.0.0 6696 27/09/2005 08:56:49
NETNW.DLL : 7.0.0.0 9768 24/07/2006 13:35:55
RCIMAGE.DLL : 7.0.0.74 1642536 01/08/2006 12:22:57
RCTEXT.DLL : 7.0.1.4 77864 27/11/2006 15:29:46
Configuration settings for the scan:
Jobname.......................: Manual Selection
Configuration file............: C:\Documents and Settings\All Users.WINDOWS\Application Data\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Boot sectors..................: C
Scan memory...................: 1
Process scan..................: 1
Scan all files................: 2
Scan archives.................: 1
Recursion depth...............: 20
Smart extensions..............: 1
Macro heuristic...............: 1
File heuristic................: 0
Primary action................: 1
Secondary action..............: 0
Start of the scan: lundi 27 novembre 2006 16:33
The scan of running processes will be started
10 Processes were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( 4 files ).
Starting the file scan:
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp
[WARNING] The file could not be opened!
C:\Documents and Settings\Flo\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\Flo\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\Flo\Application Data\Μicrosoft\wυcrtupd.exe
[DETECTION] Is the Trojan horse TR/Dldr.Purit.CO.14
[INFO] The file was deleted!
C:\Documents and Settings\Flo\Local Settings\Application Data\Microsoft\Messenger\dangerous_men13@msn.com\SharingMetadata\pending.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\Flo\Local Settings\Application Data\Microsoft\Messenger\dangerous_men13@msn.com\SharingMetadata\Working\database_840_33B4_4033_A77A\dfsr.db
[WARNING] The file could not be opened!
C:\Documents and Settings\Flo\Local Settings\Application Data\Microsoft\Messenger\dangerous_men13@msn.com\SharingMetadata\Working\database_840_33B4_4033_A77A\fsr.log
[WARNING] The file could not be opened!
C:\Documents and Settings\Flo\Local Settings\Application Data\Microsoft\Messenger\dangerous_men13@msn.com\SharingMetadata\Working\database_840_33B4_4033_A77A\fsrtmp.log
[WARNING] The file could not be opened!
C:\Documents and Settings\Flo\Local Settings\Application Data\Microsoft\Messenger\dangerous_men13@msn.com\SharingMetadata\Working\database_840_33B4_4033_A77A\tmp.edb
[WARNING] The file could not be opened!
C:\Documents and Settings\Flo\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\Flo\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\Flo\Local Settings\Temp\~DF31B0.tmp
[WARNING] The file could not be opened!
C:\Documents and Settings\Flo\Local Settings\Temp\~DF31C1.tmp
[WARNING] The file could not be opened!
C:\Documents and Settings\Flo\Local Settings\Temp\~DF68A.tmp
[WARNING] The file could not be opened!
C:\Documents and Settings\Flo\Local Settings\Temp\~DF69F.tmp
[WARNING] The file could not be opened!
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\31KZC8V2\srvvhg[1].exe
[DETECTION] Is the Trojan horse TR/PCK.Klone.G.86
[INFO] The file was deleted!
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\4TQ7OHE1\srvlox[1].exe
[DETECTION] Is the Trojan horse TR/PCK.Klone.G.86
[INFO] The file was deleted!
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\69MH49O1\srvltn[1].exe
[DETECTION] Is the Trojan horse TR/PCK.Klone.G.86
[INFO] The file was deleted!
C:\Documents and Settings\Flo\Local Settings\Temporary Internet Files\Content.IE5\8ZE7ODI1\srvluv[1].exe
[DETECTION] Is the Trojan horse TR/PCK.Klone.G.86
[INFO] The file was deleted!
C:\Documents and Settings\LocalService.AUTORITE NT.000\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService.AUTORITE NT.000\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService.AUTORITE NT.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService.AUTORITE NT.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService.AUTORITE NT.000\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService.AUTORITE NT.000\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService.AUTORITE NT.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService.AUTORITE NT.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\VundoFix Backups\vtstu.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\VundoFix Backups\winohw32.dll .bad
[DETECTION] Is the Trojan horse TR/PCK.Klone.T.2
[INFO] The file was deleted!
C:\VundoFix Backups\wirvufc.dll .bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\WINDOWS\system32\dkdolsqc.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\WINDOWS\system32\iifcyvs.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\WINDOWS\system32\jezmesh.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\WINDOWS\system32\lpmvajjm.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\WINDOWS\system32\qexrdypi.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\WINDOWS\system32\ukteiubm.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\WINDOWS\system32\config\default
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\default.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SAM
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SAM.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SECURITY
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SECURITY.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\software
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\software.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\system
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\system.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\dtscsi.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\win19.tmp
[DETECTION] Is the Trojan horse TR/PCK.Klone.G.86
[INFO] The file was deleted!
C:\WINDOWS\Temp\win19.tmp.exe
[DETECTION] Is the Trojan horse TR/PCK.Klone.G.86
[INFO] The file was deleted!
C:\WINDOWS\Temp\win1A.tmp.exe
[DETECTION] Is the Trojan horse TR/PCK.Klone.G.86
[INFO] The file was deleted!
C:\WINDOWS\Temp\win1E.tmp.exe
[DETECTION] Is the Trojan horse TR/PCK.Klone.G.86
[INFO] The file was deleted!
End of the scan: lundi 27 novembre 2006 16:59
Used time: 25:42 min
The scan has been done completely.
4616 Scanning directories
108170 Files were scanned
18 viruses and/or unwanted programs were found
18 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
558 Archives were scanned
35 Warnings
1 Notes
Reposte un rapport Hijackthis.
Télécharge combofix.exe (par sUBs) sur ton Bureau
Double clique combofix.exe.
Tape sur la touche Y (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Logfile of HijackThis v1.99.1
Scan saved at 17:45:56, on 27/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Documents and Settings\Flo\Bureau\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11F0EE13-5947-2942-F631-09BEB2706006} - C:\WINDOWS\system32\wirvufc.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
Scan saved at 17:45:56, on 27/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Documents and Settings\Flo\Bureau\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11F0EE13-5947-2942-F631-09BEB2706006} - C:\WINDOWS\system32\wirvufc.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
Flo - 06-11-27 17:46:37,93 Service Pack 2
ComboFix 06.11.26 - Running from: "C:\Documents and Settings\Flo\Bureau"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\Documents and Settings\Flo\Application Data\ICROSO~1
C:\QooBox\Purity\Documents and Settings\Flo\Mes documents\SMBOLS~1
C:\QooBox\Purity\Documents and Settings\Flo\Mes documents\SMBOLS~1\s?mbols
((((((((((((((((((((((((((((((( Files Created from 2006-10-27 to 2006-11-27 ))))))))))))))))))))))))))))))))))
2006-11-27 16:28 57,384 --a------ C:\WINDOWS\system32\avsda.dll
2006-11-27 16:28 32,768 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys
2006-11-27 16:28 14,848 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys
2006-11-27 16:28 <REP> d-------- C:\Program Files\AntiVir PersonalEdition Classic
2006-11-27 16:28 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\AntiVir PersonalEdition Classic
2006-11-27 15:41 <REP> d-------- C:\Program Files\Sunbelt Software
2006-11-27 15:09 <REP> d-------- C:\VundoFix Backups
2006-11-27 14:59 <REP> d-------- C:\!KillBox
2006-11-27 14:43 110,612 --a------ C:\WINDOWS\system32\ekqgeffd.exe
2006-11-27 14:43 <REP> d-------- C:\Program Files\VSAdd-in
2006-11-27 14:39 110,612 --a------ C:\WINDOWS\system32\ukmmayqt.exe
2006-11-27 14:25 86,094 --a------ C:\WINDOWS\BPMNT.dll
2006-11-27 14:25 1,101,904 --a------ C:\WINDOWS\vsapi32.dll
2006-11-27 14:25 <REP> d-------- C:\WINDOWS\AU_Backup
2006-11-27 14:24 <REP> d-------- C:\WINDOWS\AU_Temp
2006-11-27 14:16 110,612 --a------ C:\WINDOWS\system32\gftwgdjv.exe
2006-11-27 14:03 <REP> d-------- C:\Program Files\outlook express
2006-11-27 14:03 <REP> d-------- C:\Program Files\netmeeting
2006-11-27 14:03 <REP> d-------- C:\Program Files\msn gaming zone
2006-11-27 13:57 110,612 --a------ C:\WINDOWS\system32\wutfytiy.exe
2006-11-27 12:59 110,612 --a------ C:\WINDOWS\system32\urdlqtww.exe
2006-11-27 12:58 <REP> d--hs---- C:\WINDOWS\CSC
2006-11-27 12:26 <REP> dr-h----- C:\Documents and Settings\Flo\Recent
2006-11-27 12:22 110,612 --a------ C:\WINDOWS\system32\akacqwwb.exe
2006-11-27 12:18 110,612 --a------ C:\WINDOWS\system32\gvchvrre.exe
2006-11-27 12:11 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2006-11-26 13:56 6,144 --a------ C:\WINDOWS\system32\stera.exe
2006-11-26 13:55 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2006-11-26 13:54 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2006-11-26 13:54 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2006-11-26 13:54 286,720 --a------ C:\WINDOWS\PATCH.EXE
2006-11-26 13:54 <REP> d-------- C:\WINDOWS\AU_Log
2006-11-26 13:28 110,612 --a------ C:\WINDOWS\system32\yyqxkftm.exe
2006-11-26 12:40 110,612 --a------ C:\WINDOWS\system32\cqqdorew.exe
2006-11-24 20:03 1,082 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-24 20:00 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-11-24 20:00 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-11-24 20:00 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-11-24 20:00 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-11-24 19:29 110,612 --a------ C:\WINDOWS\system32\xqlchyyw.exe
2006-11-24 19:23 2 --a------ C:\WINDOWS\system32\wnstsit.exe
2006-11-23 21:24 <REP> d-------- C:\Program Files\ahead
2006-11-23 18:36 <REP> d-------- C:\Program Files\SEGA
2006-11-19 10:59 <REP> d-------- C:\WINDOWS\solcache
2006-11-18 22:16 <REP> d-------- C:\Program Files\TYPSoft FTP Server
2006-11-13 21:33 <REP> d-------- C:\Program Files\SMP Seesaw
2006-11-13 16:40 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-11-12 12:03 307,712 --a------ C:\WINDOWS\IsUn0410.exe
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-31 15:39 14 --a------ C:\WINDOWS\system32\systeminfo.dll
2006-10-31 15:38 <REP> d-------- C:\WINDOWS\system32\embedded
2006-10-31 15:38 <REP> d-------- C:\Program Files\DVD X Player 4.0 Professionnel
2006-10-31 15:32 <REP> d-------- C:\Documents and Settings\Flo\Application Data\dvdcss
2006-10-27 11:40 <REP> d-------- C:\Documents and Settings\Flo\Application Data\Sports Interactive
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-27 15:39 -------- d-------- C:\Program Files\Avast4
2006-11-27 14:01 -------- d-a------ C:\Program Files\Fichiers communs
2006-11-27 13:59 -------- d-------- C:\Program Files\BitComet
2006-11-27 13:41 -------- d-------- C:\Program Files\DAEMON Tools
2006-11-27 11:54 -------- d-------- C:\Program Files\eMule
2006-11-24 19:50 -------- d-------- C:\Program Files\Windows Media Player
2006-11-24 19:50 -------- d-------- C:\Program Files\SLD Codec Pack
2006-11-24 19:50 -------- d-------- C:\Program Files\Movie Maker
2006-11-24 19:49 -------- d-------- C:\Program Files\messenger
2006-11-24 19:49 -------- d-------- C:\Program Files\lg_fwupdate
2006-11-24 19:49 -------- d-------- C:\Program Files\DivX
2006-11-24 19:24 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-15 03:00 -------- d-------- C:\Program Files\Internet Explorer
2006-11-12 12:41 -------- d-------- C:\Program Files\Fichiers communs\Ahead
2006-11-11 18:21 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-10-27 09:40 -------- d-------- C:\Program Files\Fichiers communs\InstallShield
2006-10-24 10:17 48424 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-10-22 22:01 -------- d-------- C:\Program Files\MUSICMATCH
2006-10-22 14:35 -------- d-------- C:\Program Files\Fichiers communs\Microsoft Shared
2006-10-20 13:26 -------- d-------- C:\Documents and Settings\Flo\Application Data\vlc
2006-10-19 19:49 -------- d-------- C:\Documents and Settings\Flo\Application Data\DeepBurner Pro
2006-10-19 09:58 -------- d-------- C:\Program Files\Fichiers communs\Adobe
2006-10-19 09:58 -------- d-------- C:\Program Files\Adobe
2006-10-19 09:58 -------- d-------- C:\Documents and Settings\Flo\Application Data\AdobeUM
2006-10-19 09:58 -------- d-------- C:\Documents and Settings\Flo\Application Data\Adobe
2006-10-18 19:28 -------- d---s---- C:\Documents and Settings\Flo\Application Data\Microsoft
2006-10-16 21:03 -------- d-------- C:\Documents and Settings\Flo\Application Data\Barb Window Bat
2006-10-16 21:03 -------- d-------- C:\Documents and Settings\Flo\Application Data\amen owns active
2006-10-16 20:58 81920 --a------ C:\Documents and Settings\Flo\Application Data\ezpinst.exe
2006-10-16 20:58 7176 --a------ C:\Documents and Settings\Flo\Application Data\pcouffin.cat
2006-10-16 20:58 47360 --a------ C:\Documents and Settings\Flo\Application Data\pcouffin.sys
2006-10-16 20:58 33 --a------ C:\Documents and Settings\Flo\Application Data\pcouffin.log
2006-10-16 20:58 1144 --a------ C:\Documents and Settings\Flo\Application Data\pcouffin.inf
2006-10-16 20:58 -------- d-------- C:\Documents and Settings\Flo\Application Data\Vso
2006-10-16 20:44 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2006-10-16 20:43 -------- d-------- C:\Documents and Settings\Flo\Application Data\Skype
2006-10-14 23:58 -------- d-------- C:\Documents and Settings\Flo\Application Data\CopyToDvd
2006-10-13 13:36 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 13:36 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 13:36 145920 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 11:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2006-10-08 10:52 -------- d-------- C:\Program Files\Lavasoft
2006-10-08 10:52 -------- d-------- C:\Documents and Settings\Flo\Application Data\Lavasoft
2006-10-07 16:58 -------- d-------- C:\Program Files\XviD
2006-10-06 20:20 -------- d-------- C:\Documents and Settings\Flo\Application Data\DivX
2006-10-06 18:54 -------- d-------- C:\Documents and Settings\Flo\Application Data\Mozilla
2006-10-05 02:10 -------- d-------- C:\Documents and Settings\Flo\Application Data\BitTorrent
2006-10-03 20:49 -------- d-------- C:\Program Files\BitTorrent
2006-10-03 18:12 -------- d-------- C:\Program Files\Winamp
2006-10-02 20:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 20:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 20:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 20:04 635486 --a------ C:\WINDOWS\system32\DivX.dll
2006-09-25 16:45 666240 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-09-25 16:37 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2006-09-24 17:33 10 --a------ C:\WINDOWS\smdat32m.sys
2006-09-24 17:19 0 --a------ C:\WINDOWS\smdat32a.sys
2006-09-24 14:28 5248 --a------ C:\WINDOWS\system32\speedfan.sys
2006-09-13 06:03 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-31 12:13 108544 --------- C:\WINDOWS\system32\pxcpyi64.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Flo^Menu Démarrer^Programmes^Démarrage^Anti-Pub.lnk]
"path"="C:\\Documents and Settings\\Flo\\Menu Démarrer\\Programmes\\Démarrage\\Anti-Pub.lnk"
"backup"="C:\\WINDOWS\\pss\\Anti-Pub.lnkStartup"
"location"="Startup"
"command"="C:\\Program Files\\Antipub\\antipub.exe "
"item"="Anti-Pub"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NMBgMonitor.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bittorrent"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FreeRAM XP Pro"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\YourWare Solutions\\FreeRAM XP Pro\\FreeRAM XP Pro.exe\" -win"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FTP Server]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ftpserv"
"hkey"="HKLM"
"command"="C:\\TYPSOF~1\\ftpserv.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mmtask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mm_tray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nzwogv]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="w?crtupd"
"hkey"="HKCU"
"command"="C:\\Documents and Settings\\Flo\\Application Data\\?icrosoft\\w?crtupd.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="steam"
"hkey"="HKCU"
"command"="\"c:\\progra~1\\steam\\steam.exe\" -silent"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"
ComboFix 06.11.26 - Running from: "C:\Documents and Settings\Flo\Bureau"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\Documents and Settings\Flo\Application Data\ICROSO~1
C:\QooBox\Purity\Documents and Settings\Flo\Mes documents\SMBOLS~1
C:\QooBox\Purity\Documents and Settings\Flo\Mes documents\SMBOLS~1\s?mbols
((((((((((((((((((((((((((((((( Files Created from 2006-10-27 to 2006-11-27 ))))))))))))))))))))))))))))))))))
2006-11-27 16:28 57,384 --a------ C:\WINDOWS\system32\avsda.dll
2006-11-27 16:28 32,768 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys
2006-11-27 16:28 14,848 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys
2006-11-27 16:28 <REP> d-------- C:\Program Files\AntiVir PersonalEdition Classic
2006-11-27 16:28 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\AntiVir PersonalEdition Classic
2006-11-27 15:41 <REP> d-------- C:\Program Files\Sunbelt Software
2006-11-27 15:09 <REP> d-------- C:\VundoFix Backups
2006-11-27 14:59 <REP> d-------- C:\!KillBox
2006-11-27 14:43 110,612 --a------ C:\WINDOWS\system32\ekqgeffd.exe
2006-11-27 14:43 <REP> d-------- C:\Program Files\VSAdd-in
2006-11-27 14:39 110,612 --a------ C:\WINDOWS\system32\ukmmayqt.exe
2006-11-27 14:25 86,094 --a------ C:\WINDOWS\BPMNT.dll
2006-11-27 14:25 1,101,904 --a------ C:\WINDOWS\vsapi32.dll
2006-11-27 14:25 <REP> d-------- C:\WINDOWS\AU_Backup
2006-11-27 14:24 <REP> d-------- C:\WINDOWS\AU_Temp
2006-11-27 14:16 110,612 --a------ C:\WINDOWS\system32\gftwgdjv.exe
2006-11-27 14:03 <REP> d-------- C:\Program Files\outlook express
2006-11-27 14:03 <REP> d-------- C:\Program Files\netmeeting
2006-11-27 14:03 <REP> d-------- C:\Program Files\msn gaming zone
2006-11-27 13:57 110,612 --a------ C:\WINDOWS\system32\wutfytiy.exe
2006-11-27 12:59 110,612 --a------ C:\WINDOWS\system32\urdlqtww.exe
2006-11-27 12:58 <REP> d--hs---- C:\WINDOWS\CSC
2006-11-27 12:26 <REP> dr-h----- C:\Documents and Settings\Flo\Recent
2006-11-27 12:22 110,612 --a------ C:\WINDOWS\system32\akacqwwb.exe
2006-11-27 12:18 110,612 --a------ C:\WINDOWS\system32\gvchvrre.exe
2006-11-27 12:11 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2006-11-26 13:56 6,144 --a------ C:\WINDOWS\system32\stera.exe
2006-11-26 13:55 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2006-11-26 13:54 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2006-11-26 13:54 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2006-11-26 13:54 286,720 --a------ C:\WINDOWS\PATCH.EXE
2006-11-26 13:54 <REP> d-------- C:\WINDOWS\AU_Log
2006-11-26 13:28 110,612 --a------ C:\WINDOWS\system32\yyqxkftm.exe
2006-11-26 12:40 110,612 --a------ C:\WINDOWS\system32\cqqdorew.exe
2006-11-24 20:03 1,082 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-24 20:00 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-11-24 20:00 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-11-24 20:00 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-11-24 20:00 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-11-24 19:29 110,612 --a------ C:\WINDOWS\system32\xqlchyyw.exe
2006-11-24 19:23 2 --a------ C:\WINDOWS\system32\wnstsit.exe
2006-11-23 21:24 <REP> d-------- C:\Program Files\ahead
2006-11-23 18:36 <REP> d-------- C:\Program Files\SEGA
2006-11-19 10:59 <REP> d-------- C:\WINDOWS\solcache
2006-11-18 22:16 <REP> d-------- C:\Program Files\TYPSoft FTP Server
2006-11-13 21:33 <REP> d-------- C:\Program Files\SMP Seesaw
2006-11-13 16:40 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-11-12 12:03 307,712 --a------ C:\WINDOWS\IsUn0410.exe
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-31 15:39 14 --a------ C:\WINDOWS\system32\systeminfo.dll
2006-10-31 15:38 <REP> d-------- C:\WINDOWS\system32\embedded
2006-10-31 15:38 <REP> d-------- C:\Program Files\DVD X Player 4.0 Professionnel
2006-10-31 15:32 <REP> d-------- C:\Documents and Settings\Flo\Application Data\dvdcss
2006-10-27 11:40 <REP> d-------- C:\Documents and Settings\Flo\Application Data\Sports Interactive
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-27 15:39 -------- d-------- C:\Program Files\Avast4
2006-11-27 14:01 -------- d-a------ C:\Program Files\Fichiers communs
2006-11-27 13:59 -------- d-------- C:\Program Files\BitComet
2006-11-27 13:41 -------- d-------- C:\Program Files\DAEMON Tools
2006-11-27 11:54 -------- d-------- C:\Program Files\eMule
2006-11-24 19:50 -------- d-------- C:\Program Files\Windows Media Player
2006-11-24 19:50 -------- d-------- C:\Program Files\SLD Codec Pack
2006-11-24 19:50 -------- d-------- C:\Program Files\Movie Maker
2006-11-24 19:49 -------- d-------- C:\Program Files\messenger
2006-11-24 19:49 -------- d-------- C:\Program Files\lg_fwupdate
2006-11-24 19:49 -------- d-------- C:\Program Files\DivX
2006-11-24 19:24 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-15 03:00 -------- d-------- C:\Program Files\Internet Explorer
2006-11-12 12:41 -------- d-------- C:\Program Files\Fichiers communs\Ahead
2006-11-11 18:21 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-10-27 09:40 -------- d-------- C:\Program Files\Fichiers communs\InstallShield
2006-10-24 10:17 48424 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-10-22 22:01 -------- d-------- C:\Program Files\MUSICMATCH
2006-10-22 14:35 -------- d-------- C:\Program Files\Fichiers communs\Microsoft Shared
2006-10-20 13:26 -------- d-------- C:\Documents and Settings\Flo\Application Data\vlc
2006-10-19 19:49 -------- d-------- C:\Documents and Settings\Flo\Application Data\DeepBurner Pro
2006-10-19 09:58 -------- d-------- C:\Program Files\Fichiers communs\Adobe
2006-10-19 09:58 -------- d-------- C:\Program Files\Adobe
2006-10-19 09:58 -------- d-------- C:\Documents and Settings\Flo\Application Data\AdobeUM
2006-10-19 09:58 -------- d-------- C:\Documents and Settings\Flo\Application Data\Adobe
2006-10-18 19:28 -------- d---s---- C:\Documents and Settings\Flo\Application Data\Microsoft
2006-10-16 21:03 -------- d-------- C:\Documents and Settings\Flo\Application Data\Barb Window Bat
2006-10-16 21:03 -------- d-------- C:\Documents and Settings\Flo\Application Data\amen owns active
2006-10-16 20:58 81920 --a------ C:\Documents and Settings\Flo\Application Data\ezpinst.exe
2006-10-16 20:58 7176 --a------ C:\Documents and Settings\Flo\Application Data\pcouffin.cat
2006-10-16 20:58 47360 --a------ C:\Documents and Settings\Flo\Application Data\pcouffin.sys
2006-10-16 20:58 33 --a------ C:\Documents and Settings\Flo\Application Data\pcouffin.log
2006-10-16 20:58 1144 --a------ C:\Documents and Settings\Flo\Application Data\pcouffin.inf
2006-10-16 20:58 -------- d-------- C:\Documents and Settings\Flo\Application Data\Vso
2006-10-16 20:44 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2006-10-16 20:43 -------- d-------- C:\Documents and Settings\Flo\Application Data\Skype
2006-10-14 23:58 -------- d-------- C:\Documents and Settings\Flo\Application Data\CopyToDvd
2006-10-13 13:36 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 13:36 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 13:36 145920 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 11:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2006-10-08 10:52 -------- d-------- C:\Program Files\Lavasoft
2006-10-08 10:52 -------- d-------- C:\Documents and Settings\Flo\Application Data\Lavasoft
2006-10-07 16:58 -------- d-------- C:\Program Files\XviD
2006-10-06 20:20 -------- d-------- C:\Documents and Settings\Flo\Application Data\DivX
2006-10-06 18:54 -------- d-------- C:\Documents and Settings\Flo\Application Data\Mozilla
2006-10-05 02:10 -------- d-------- C:\Documents and Settings\Flo\Application Data\BitTorrent
2006-10-03 20:49 -------- d-------- C:\Program Files\BitTorrent
2006-10-03 18:12 -------- d-------- C:\Program Files\Winamp
2006-10-02 20:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 20:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 20:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 20:04 635486 --a------ C:\WINDOWS\system32\DivX.dll
2006-09-25 16:45 666240 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-09-25 16:37 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2006-09-24 17:33 10 --a------ C:\WINDOWS\smdat32m.sys
2006-09-24 17:19 0 --a------ C:\WINDOWS\smdat32a.sys
2006-09-24 14:28 5248 --a------ C:\WINDOWS\system32\speedfan.sys
2006-09-13 06:03 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-31 12:13 108544 --------- C:\WINDOWS\system32\pxcpyi64.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Flo^Menu Démarrer^Programmes^Démarrage^Anti-Pub.lnk]
"path"="C:\\Documents and Settings\\Flo\\Menu Démarrer\\Programmes\\Démarrage\\Anti-Pub.lnk"
"backup"="C:\\WINDOWS\\pss\\Anti-Pub.lnkStartup"
"location"="Startup"
"command"="C:\\Program Files\\Antipub\\antipub.exe "
"item"="Anti-Pub"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NMBgMonitor.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bittorrent"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FreeRAM XP Pro"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\YourWare Solutions\\FreeRAM XP Pro\\FreeRAM XP Pro.exe\" -win"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FTP Server]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ftpserv"
"hkey"="HKLM"
"command"="C:\\TYPSOF~1\\ftpserv.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mmtask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mm_tray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nzwogv]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="w?crtupd"
"hkey"="HKCU"
"command"="C:\\Documents and Settings\\Flo\\Application Data\\?icrosoft\\w?crtupd.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="steam"
"hkey"="HKCU"
"command"="\"c:\\progra~1\\steam\\steam.exe\" -silent"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"
Re,
Encore des traces.
Télécharge puis installe AVG Anti-Spyware (AVG AS)
Une fois AVG AS lancé, clique sur "Mise à jour"
Ferme le programme.
AIDE : Tuto de Malekal
Redémarre en mode sans échec
Relance AVG AS puis choisis l'onglet "Analyse"
Puis l'onglet "Paramètres"
Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
/!\ Si un fichier est infecté en fin d'analyse /!\
Clique sur "Appliquer toutes les actions "
Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau.
Redémarre normalement
Copie/Colle le rapport AVG AS ainsi qu'un rapport Hijackthis.
Encore des traces.
Télécharge puis installe AVG Anti-Spyware (AVG AS)
Une fois AVG AS lancé, clique sur "Mise à jour"
Ferme le programme.
AIDE : Tuto de Malekal
Redémarre en mode sans échec
Relance AVG AS puis choisis l'onglet "Analyse"
Puis l'onglet "Paramètres"
Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
/!\ Si un fichier est infecté en fin d'analyse /!\
Clique sur "Appliquer toutes les actions "
Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau.
Redémarre normalement
Copie/Colle le rapport AVG AS ainsi qu'un rapport Hijackthis.
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 19:00:24 27/11/2006
+ Résultat de l'analyse:
C:\Program Files\VSAdd-in\VSAdd-in.dll -> Adware.Agent : Nettoyé.
C:\System Volume Information\_restore{1B27B034-F89B-470C-8C9C-F407D1ABF1F7}\RP137\A0037832.dll -> Adware.Agent : Nettoyé.
C:\System Volume Information\_restore{1B27B034-F89B-470C-8C9C-F407D1ABF1F7}\RP137\A0041655.dll -> Adware.Agent : Nettoyé.
C:\System Volume Information\_restore{1B27B034-F89B-470C-8C9C-F407D1ABF1F7}\RP137\A0041664.dll -> Adware.Agent : Nettoyé.
C:\System Volume Information\_restore{1B27B034-F89B-470C-8C9C-F407D1ABF1F7}\RP137\A0043735.dll -> Adware.Agent : Nettoyé.
C:\System Volume Information\_restore{1B27B034-F89B-470C-8C9C-F407D1ABF1F7}\RP137\A0043814.dll -> Adware.Agent : Nettoyé.
C:\System Volume Information\_restore{1B27B034-F89B-470C-8C9C-F407D1ABF1F7}\RP137\A0043825.dll -> Adware.Agent : Nettoyé.
C:\System Volume Information\_restore{1B27B034-F89B-470C-8C9C-F407D1ABF1F7}\RP137\A0041665.exe -> Adware.SaveNow : Nettoyé.
C:\System Volume Information\_restore{1B27B034-F89B-470C-8C9C-F407D1ABF1F7}\RP137\A0041666.dll -> Adware.Softomate : Nettoyé.
C:\System Volume Information\_restore{1B27B034-F89B-470C-8C9C-F407D1ABF1F7}\RP137\A0041667.exe -> Adware.Softomate : Nettoyé.
C:\System Volume Information\_restore{1B27B034-F89B-470C-8C9C-F407D1ABF1F7}\RP137\A0041669.exe -> Adware.Softomate : Nettoyé.
C:\System Volume Information\_restore{1B27B034-F89B-470C-8C9C-F407D1ABF1F7}\RP137\A0037821.exe -> Adware.WinAntiVirus : Nettoyé.
C:\System Volume Information\_restore{1B27B034-F89B-470C-8C9C-F407D1ABF1F7}\RP137\A0037834.exe -> Adware.WinAntiVirus : Nettoyé.
C:\System Volume Information\_restore{1B27B034-F89B-470C-8C9C-F407D1ABF1F7}\RP137\A0037861.exe -> Adware.WinAntiVirus : Nettoyé.
C:\System Volume Information\_restore{1B27B034-F89B-470C-8C9C-F407D1ABF1F7}\RP137\A0041670.dll -> Adware.WinAntiVirus : Nettoyé.
C:\WINDOWS\Temp\idd1A.tmp.exe -> Dialer.Small : Nettoyé.
C:\WINDOWS\Temp\idd1B.tmp.exe -> Dialer.Small : Nettoyé.
C:\WINDOWS\Temp\idd1F.tmp.exe -> Dialer.Small : Nettoyé.
C:\System Volume Information\_restore{1B27B034-F89B-470C-8C9C-F407D1ABF1F7}\RP137\A0041671.dll -> Not-A-Virus.Hoax.Win32.Renos.fw : Nettoyé.
C:\Documents and Settings\Flo\Cookies\flo@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\Flo\Cookies\flo@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Flo\Cookies\flo@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Flo\Cookies\flo@adviva[1].txt -> TrackingCookie.Adviva : Nettoyé.
C:\Documents and Settings\Flo\Cookies\flo@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\Flo\Cookies\flo@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Flo\Cookies\flo@clickbank[1].txt -> TrackingCookie.Clickbank : Nettoyé.
C:\Documents and Settings\Flo\Cookies\flo@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Nettoyé.
C:\Documents and Settings\Flo\Cookies\flo@enhance[2].txt -> TrackingCookie.Enhance : Nettoyé.
C:\Documents and Settings\Flo\Cookies\flo@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\Flo\Cookies\flo@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\Flo\Cookies\flo@overture[2].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\Flo\Cookies\flo@questionmarket[2].txt -> TrackingCookie.Questionmarket : Nettoyé.
C:\Documents and Settings\Flo\Cookies\flo@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Nettoyé.
C:\Documents and Settings\Flo\Cookies\flo@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Flo\Cookies\flo@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Flo\Cookies\flo@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Documents and Settings\Flo\Cookies\flo@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
Fin du rapport
---------------------------------------------------------
+ Créé à: 19:00:24 27/11/2006
+ Résultat de l'analyse:
C:\Program Files\VSAdd-in\VSAdd-in.dll -> Adware.Agent : Nettoyé.
C:\System Volume Information\_restore{1B27B034-F89B-470C-8C9C-F407D1ABF1F7}\RP137\A0037832.dll -> Adware.Agent : Nettoyé.
C:\System Volume Information\_restore{1B27B034-F89B-470C-8C9C-F407D1ABF1F7}\RP137\A0041655.dll -> Adware.Agent : Nettoyé.
C:\System Volume Information\_restore{1B27B034-F89B-470C-8C9C-F407D1ABF1F7}\RP137\A0041664.dll -> Adware.Agent : Nettoyé.
C:\System Volume Information\_restore{1B27B034-F89B-470C-8C9C-F407D1ABF1F7}\RP137\A0043735.dll -> Adware.Agent : Nettoyé.
C:\System Volume Information\_restore{1B27B034-F89B-470C-8C9C-F407D1ABF1F7}\RP137\A0043814.dll -> Adware.Agent : Nettoyé.
C:\System Volume Information\_restore{1B27B034-F89B-470C-8C9C-F407D1ABF1F7}\RP137\A0043825.dll -> Adware.Agent : Nettoyé.
C:\System Volume Information\_restore{1B27B034-F89B-470C-8C9C-F407D1ABF1F7}\RP137\A0041665.exe -> Adware.SaveNow : Nettoyé.
C:\System Volume Information\_restore{1B27B034-F89B-470C-8C9C-F407D1ABF1F7}\RP137\A0041666.dll -> Adware.Softomate : Nettoyé.
C:\System Volume Information\_restore{1B27B034-F89B-470C-8C9C-F407D1ABF1F7}\RP137\A0041667.exe -> Adware.Softomate : Nettoyé.
C:\System Volume Information\_restore{1B27B034-F89B-470C-8C9C-F407D1ABF1F7}\RP137\A0041669.exe -> Adware.Softomate : Nettoyé.
C:\System Volume Information\_restore{1B27B034-F89B-470C-8C9C-F407D1ABF1F7}\RP137\A0037821.exe -> Adware.WinAntiVirus : Nettoyé.
C:\System Volume Information\_restore{1B27B034-F89B-470C-8C9C-F407D1ABF1F7}\RP137\A0037834.exe -> Adware.WinAntiVirus : Nettoyé.
C:\System Volume Information\_restore{1B27B034-F89B-470C-8C9C-F407D1ABF1F7}\RP137\A0037861.exe -> Adware.WinAntiVirus : Nettoyé.
C:\System Volume Information\_restore{1B27B034-F89B-470C-8C9C-F407D1ABF1F7}\RP137\A0041670.dll -> Adware.WinAntiVirus : Nettoyé.
C:\WINDOWS\Temp\idd1A.tmp.exe -> Dialer.Small : Nettoyé.
C:\WINDOWS\Temp\idd1B.tmp.exe -> Dialer.Small : Nettoyé.
C:\WINDOWS\Temp\idd1F.tmp.exe -> Dialer.Small : Nettoyé.
C:\System Volume Information\_restore{1B27B034-F89B-470C-8C9C-F407D1ABF1F7}\RP137\A0041671.dll -> Not-A-Virus.Hoax.Win32.Renos.fw : Nettoyé.
C:\Documents and Settings\Flo\Cookies\flo@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\Flo\Cookies\flo@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Flo\Cookies\flo@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Flo\Cookies\flo@adviva[1].txt -> TrackingCookie.Adviva : Nettoyé.
C:\Documents and Settings\Flo\Cookies\flo@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\Flo\Cookies\flo@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Flo\Cookies\flo@clickbank[1].txt -> TrackingCookie.Clickbank : Nettoyé.
C:\Documents and Settings\Flo\Cookies\flo@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Nettoyé.
C:\Documents and Settings\Flo\Cookies\flo@enhance[2].txt -> TrackingCookie.Enhance : Nettoyé.
C:\Documents and Settings\Flo\Cookies\flo@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\Flo\Cookies\flo@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\Flo\Cookies\flo@overture[2].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\Flo\Cookies\flo@questionmarket[2].txt -> TrackingCookie.Questionmarket : Nettoyé.
C:\Documents and Settings\Flo\Cookies\flo@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Nettoyé.
C:\Documents and Settings\Flo\Cookies\flo@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Flo\Cookies\flo@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Flo\Cookies\flo@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Documents and Settings\Flo\Cookies\flo@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
Fin du rapport
Logfile of HijackThis v1.99.1
Scan saved at 19:10, on 06-11-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Flo\Bureau\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11F0EE13-5947-2942-F631-09BEB2706006} - C:\WINDOWS\system32\wirvufc.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
Scan saved at 19:10, on 06-11-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Flo\Bureau\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11F0EE13-5947-2942-F631-09BEB2706006} - C:\WINDOWS\system32\wirvufc.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
Administrateur - 06-11-27 19:19:33,70 Service Pack 2
ComboFix 06.11.26 - Running from: "C:\Documents and Settings\Flo\Bureau"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\Documents and Settings\Flo\Application Data\ICROSO~1
C:\QooBox\Purity\Documents and Settings\Flo\Mes documents\SMBOLS~1
C:\QooBox\Purity\Documents and Settings\Flo\Mes documents\SMBOLS~1\s?mbols
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\Documents and Settings\Flo\Application Data\ICROSO~1
C:\QooBox\Purity\Documents and Settings\Flo\Mes documents\SMBOLS~1
C:\QooBox\Purity\Documents and Settings\Flo\Mes documents\SMBOLS~1\s?mbols
((((((((((((((((((((((((((((((( Files Created from 2006-10-27 to 2006-11-27 ))))))))))))))))))))))))))))))))))
2006-11-27 18:14 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-27 18:14 <REP> d-------- C:\Program Files\Grisoft
2006-11-27 14:59 <REP> d-------- C:\!KillBox
2006-11-27 14:59 <REP> d-------- C:\!KillBox
2006-11-27 13:48 <REP> dr-h----- C:\Documents and Settings\Administrateur\Recent
2006-11-27 13:47 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Lavasoft
2006-11-27 12:58 <REP> dr-h----- C:\Documents and Settings\Administrateur\SendTo
2006-11-27 12:58 <REP> dr-h----- C:\Documents and Settings\Administrateur\Application Data\.
2006-11-27 12:58 <REP> dr-h----- C:\Documents and Settings\Administrateur\Application Data
2006-11-27 12:58 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2006-11-27 12:58 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2006-11-27 12:58 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2006-11-27 12:58 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2006-11-27 12:58 <REP> d--h----- C:\Documents and Settings\Administrateur\Local Settings
2006-11-27 12:58 <REP> d---s---- C:\Documents and Settings\Administrateur\Cookies
2006-11-27 12:58 <REP> d---s---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
2006-11-27 12:58 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2006-11-27 12:58 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2006-11-27 12:58 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2006-11-27 12:58 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\..
2006-11-27 12:58 <REP> d-------- C:\Documents and Settings\Administrateur\..
2006-11-27 12:58 <REP> d-------- C:\Documents and Settings\Administrateur\.
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-27 15:39 -------- d-------- C:\Program Files\Avast4
2006-11-27 14:01 -------- d-a------ C:\Program Files\Fichiers communs
2006-11-27 13:59 -------- d-------- C:\Program Files\BitComet
2006-11-27 13:41 -------- d-------- C:\Program Files\DAEMON Tools
2006-11-27 11:54 -------- d-------- C:\Program Files\eMule
2006-11-24 19:50 -------- d-------- C:\Program Files\Windows Media Player
2006-11-24 19:50 -------- d-------- C:\Program Files\SLD Codec Pack
2006-11-24 19:50 -------- d-------- C:\Program Files\Movie Maker
2006-11-24 19:49 -------- d-------- C:\Program Files\messenger
2006-11-24 19:49 -------- d-------- C:\Program Files\lg_fwupdate
2006-11-24 19:49 -------- d-------- C:\Program Files\DivX
2006-11-24 19:24 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-15 03:00 -------- d-------- C:\Program Files\Internet Explorer
2006-11-12 12:41 -------- d-------- C:\Program Files\Fichiers communs\Ahead
2006-11-11 18:21 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-10-27 09:40 -------- d-------- C:\Program Files\Fichiers communs\InstallShield
2006-10-24 10:17 48424 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-10-22 22:01 -------- d-------- C:\Program Files\MUSICMATCH
2006-10-22 14:35 -------- d-------- C:\Program Files\Fichiers communs\Microsoft Shared
2006-10-19 09:58 -------- d-------- C:\Program Files\Fichiers communs\Adobe
2006-10-19 09:58 -------- d-------- C:\Program Files\Adobe
2006-10-16 20:44 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2006-10-13 13:36 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 13:36 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 13:36 145920 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 11:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2006-10-08 10:52 -------- d-------- C:\Program Files\Lavasoft
2006-10-07 16:58 -------- d-------- C:\Program Files\XviD
2006-10-03 20:49 -------- d-------- C:\Program Files\BitTorrent
2006-10-03 18:12 -------- d-------- C:\Program Files\Winamp
2006-10-02 20:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 20:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 20:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 20:04 635486 --a------ C:\WINDOWS\system32\DivX.dll
2006-09-25 16:45 666240 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-09-25 16:37 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2006-09-24 17:33 10 --a------ C:\WINDOWS\smdat32m.sys
2006-09-24 17:19 0 --a------ C:\WINDOWS\smdat32a.sys
2006-09-24 14:28 5248 --a------ C:\WINDOWS\system32\speedfan.sys
2006-09-13 06:03 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-31 12:13 108544 --------- C:\WINDOWS\system32\pxcpyi64.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"NeroHomeFirstStart"="C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NeroScoutOptions.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,44,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,70,03,00,00,35,01,00,00,00,01,00,00,f6,00,\
00,00,01,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Flo^Menu Démarrer^Programmes^Démarrage^Anti-Pub.lnk]
"path"="C:\\Documents and Settings\\Flo\\Menu Démarrer\\Programmes\\Démarrage\\Anti-Pub.lnk"
"backup"="C:\\WINDOWS\\pss\\Anti-Pub.lnkStartup"
"location"="Startup"
"command"="C:\\Program Files\\Antipub\\antipub.exe "
"item"="Anti-Pub"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NMBgMonitor.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bittorrent"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FreeRAM XP Pro"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\YourWare Solutions\\FreeRAM XP Pro\\FreeRAM XP Pro.exe\" -win"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FTP Server]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ftpserv"
"hkey"="HKLM"
"command"="C:\\TYPSOF~1\\ftpserv.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mmtask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mm_tray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nzwogv]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="w?crtupd"
"hkey"="HKCU"
"command"="C:\\Documents and Settings\\Flo\\Application Data\\?icrosoft\\w?crtupd.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="steam"
"hkey"="HKCU"
"command"="\"c:\\progra~1\\steam\\steam.exe\" -silent"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Completion time: 06-11-27 19:20:01.04
C:\ComboFix.txt ... 06-11-27 19:20
C:\ComboFix2.txt ... 06-11-27 17:48
ComboFix 06.11.26 - Running from: "C:\Documents and Settings\Flo\Bureau"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\Documents and Settings\Flo\Application Data\ICROSO~1
C:\QooBox\Purity\Documents and Settings\Flo\Mes documents\SMBOLS~1
C:\QooBox\Purity\Documents and Settings\Flo\Mes documents\SMBOLS~1\s?mbols
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\Documents and Settings\Flo\Application Data\ICROSO~1
C:\QooBox\Purity\Documents and Settings\Flo\Mes documents\SMBOLS~1
C:\QooBox\Purity\Documents and Settings\Flo\Mes documents\SMBOLS~1\s?mbols
((((((((((((((((((((((((((((((( Files Created from 2006-10-27 to 2006-11-27 ))))))))))))))))))))))))))))))))))
2006-11-27 18:14 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-27 18:14 <REP> d-------- C:\Program Files\Grisoft
2006-11-27 14:59 <REP> d-------- C:\!KillBox
2006-11-27 14:59 <REP> d-------- C:\!KillBox
2006-11-27 13:48 <REP> dr-h----- C:\Documents and Settings\Administrateur\Recent
2006-11-27 13:47 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Lavasoft
2006-11-27 12:58 <REP> dr-h----- C:\Documents and Settings\Administrateur\SendTo
2006-11-27 12:58 <REP> dr-h----- C:\Documents and Settings\Administrateur\Application Data\.
2006-11-27 12:58 <REP> dr-h----- C:\Documents and Settings\Administrateur\Application Data
2006-11-27 12:58 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2006-11-27 12:58 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2006-11-27 12:58 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2006-11-27 12:58 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2006-11-27 12:58 <REP> d--h----- C:\Documents and Settings\Administrateur\Local Settings
2006-11-27 12:58 <REP> d---s---- C:\Documents and Settings\Administrateur\Cookies
2006-11-27 12:58 <REP> d---s---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
2006-11-27 12:58 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2006-11-27 12:58 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2006-11-27 12:58 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2006-11-27 12:58 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\..
2006-11-27 12:58 <REP> d-------- C:\Documents and Settings\Administrateur\..
2006-11-27 12:58 <REP> d-------- C:\Documents and Settings\Administrateur\.
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-27 15:39 -------- d-------- C:\Program Files\Avast4
2006-11-27 14:01 -------- d-a------ C:\Program Files\Fichiers communs
2006-11-27 13:59 -------- d-------- C:\Program Files\BitComet
2006-11-27 13:41 -------- d-------- C:\Program Files\DAEMON Tools
2006-11-27 11:54 -------- d-------- C:\Program Files\eMule
2006-11-24 19:50 -------- d-------- C:\Program Files\Windows Media Player
2006-11-24 19:50 -------- d-------- C:\Program Files\SLD Codec Pack
2006-11-24 19:50 -------- d-------- C:\Program Files\Movie Maker
2006-11-24 19:49 -------- d-------- C:\Program Files\messenger
2006-11-24 19:49 -------- d-------- C:\Program Files\lg_fwupdate
2006-11-24 19:49 -------- d-------- C:\Program Files\DivX
2006-11-24 19:24 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-15 03:00 -------- d-------- C:\Program Files\Internet Explorer
2006-11-12 12:41 -------- d-------- C:\Program Files\Fichiers communs\Ahead
2006-11-11 18:21 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-10-27 09:40 -------- d-------- C:\Program Files\Fichiers communs\InstallShield
2006-10-24 10:17 48424 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-10-22 22:01 -------- d-------- C:\Program Files\MUSICMATCH
2006-10-22 14:35 -------- d-------- C:\Program Files\Fichiers communs\Microsoft Shared
2006-10-19 09:58 -------- d-------- C:\Program Files\Fichiers communs\Adobe
2006-10-19 09:58 -------- d-------- C:\Program Files\Adobe
2006-10-16 20:44 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2006-10-13 13:36 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 13:36 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 13:36 145920 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 11:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2006-10-08 10:52 -------- d-------- C:\Program Files\Lavasoft
2006-10-07 16:58 -------- d-------- C:\Program Files\XviD
2006-10-03 20:49 -------- d-------- C:\Program Files\BitTorrent
2006-10-03 18:12 -------- d-------- C:\Program Files\Winamp
2006-10-02 20:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 20:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 20:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 20:04 635486 --a------ C:\WINDOWS\system32\DivX.dll
2006-09-25 16:45 666240 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-09-25 16:37 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2006-09-24 17:33 10 --a------ C:\WINDOWS\smdat32m.sys
2006-09-24 17:19 0 --a------ C:\WINDOWS\smdat32a.sys
2006-09-24 14:28 5248 --a------ C:\WINDOWS\system32\speedfan.sys
2006-09-13 06:03 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-31 12:13 108544 --------- C:\WINDOWS\system32\pxcpyi64.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"NeroHomeFirstStart"="C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NeroScoutOptions.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,44,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,70,03,00,00,35,01,00,00,00,01,00,00,f6,00,\
00,00,01,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Flo^Menu Démarrer^Programmes^Démarrage^Anti-Pub.lnk]
"path"="C:\\Documents and Settings\\Flo\\Menu Démarrer\\Programmes\\Démarrage\\Anti-Pub.lnk"
"backup"="C:\\WINDOWS\\pss\\Anti-Pub.lnkStartup"
"location"="Startup"
"command"="C:\\Program Files\\Antipub\\antipub.exe "
"item"="Anti-Pub"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NMBgMonitor.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bittorrent"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FreeRAM XP Pro"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\YourWare Solutions\\FreeRAM XP Pro\\FreeRAM XP Pro.exe\" -win"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FTP Server]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ftpserv"
"hkey"="HKLM"
"command"="C:\\TYPSOF~1\\ftpserv.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mmtask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mm_tray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nzwogv]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="w?crtupd"
"hkey"="HKCU"
"command"="C:\\Documents and Settings\\Flo\\Application Data\\?icrosoft\\w?crtupd.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="steam"
"hkey"="HKCU"
"command"="\"c:\\progra~1\\steam\\steam.exe\" -silent"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Completion time: 06-11-27 19:20:01.04
C:\ComboFix.txt ... 06-11-27 19:20
C:\ComboFix2.txt ... 06-11-27 17:48
Je pense oui.
Dénonce ton infection (VUNDO) pour faire condamner les auteurs, ça serait sympa.
Crée un message pour faire avancer les choses sur Malware-Complaints, nous devons être le plus nombreux possibles, alors rends compte de ton infection.
AIDE : Comment rapporter son infection sur Malware-Complaints ?
Consulte cette page pour éviter que ces problèmes ne réapparaissent pas.
Dénonce ton infection (VUNDO) pour faire condamner les auteurs, ça serait sympa.
Crée un message pour faire avancer les choses sur Malware-Complaints, nous devons être le plus nombreux possibles, alors rends compte de ton infection.
AIDE : Comment rapporter son infection sur Malware-Complaints ?
Consulte cette page pour éviter que ces problèmes ne réapparaissent pas.
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumRapport hijackthis svp
- ForumRapport hijackthis svp interpretation
- ForumAnalyse de mon rapport hijackthis svp
- ForumAide pour rapport hijackthis svp
- ForumExaminez mon rapport hijackthis svp
- ForumAnalyse rapport hijackthis svp -
- ForumAnalyse du rapport hijackthis svp
- ForumDechiffrer rapport hijackthis svp
- ForumAnalyser un rapport hijackthis svp
- ForumAnalyse de rapport hijackthis svp
- Voir plus
