Je pense que mon ordi est infecté
Forum Sécurité - Virus : Je pense que mon ordi est infecté
Depuis quelque tps mon ordi rame, des pages internet s'ouvre seul me proposant antiviruspro2006, spydoctor, scan... bref de faux antivirus...
J'ai hijackthis mais je ne sais pas quoi supprimer sur mon ordi.
Que faire?
Voici ceux que j'ai sur mon ordi "hijackthis"
Logfile of HijackThis v1.99.1
Scan saved at 20:33:35, on 02/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\RamBoost XP\rambxpfr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.138.64.143:8000
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {3D063FF9-7310-4280-84F1-A98F2AA83ED2} - C:\WINDOWS\system32\jkkjh.dll
O2 - BHO: (no name) - {4302F7E3-87ED-2BC5-B0C9-0475406503B1} - (no file)
O2 - BHO: (no name) - {435D4D84-BBF0-38A0-4706-08A7712484D5} - C:\WINDOWS\system32\mpqwbai.dll
O2 - BHO: (no name) - {4ED7CCE3-F634-34B4-D986-0614AB036EBD} - (no file)
O2 - BHO: (no name) - {5096D507-795E-492F-870D-FBFD557D285B} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {72667DC9-E13C-4B2D-5B24-07B543897C42} - C:\WINDOWS\system32\gqtyfsm.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\tjfkgolp.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\iihbfbyh.dll",setvm
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - Startup: LifeDrive™ Manager.lnk = C:\Program Files\palmOne\LifeDriveMgrTray.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramew [...] b34246.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/d [...] uncher.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: jkkjh - C:\WINDOWS\system32\jkkjh.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PS: dites moi ce qu'il faut enlever pour plus avoir de probleme ou quel programme puis je utiliser
Merci
David
Bonsoir,
Infection Vundo.
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
- Double-clique VundoFix.exe afin de le lancer
- Clique sur le bouton Scan for Vundo
- Lorsque le scan est complété, clique sur le bouton Remove Vundo
- Une invite te demandera si tu veux supprimer les fichiers, clique YES
- Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
- Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
- Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
Répondre à Angeldark
De plus j'ai ma barre de tache avec le menu demarrer qui disparait tt le temps, et me laisse juste un ecran avec les programmes ouverts pour pouvroir quitter je dois faire un reset en debranchant la batterie
ok, je l'ai deja fait il y a 2 semaines
Supprime ta version de Vundofix puis recommence.
Répondre à Angeldark
Voici le resultat du vundofix
le vundofix text
VundoFix V6.2.8
Checking Java version...
Java version is 1.4.2.3
Scan started at 13:46:29 16/11/2006
Listing files found while scanning....
C:\WINDOWS\system32\brrohcn.dll
C:\WINDOWS\system32\mwizqyd.dll
C:\WINDOWS\system32\winbfi32.dll
C:\WINDOWS\system32\yvcqsxb.dll
C:\WINDOWS\system32\lmiedtvv.exe
C:\WINDOWS\Registration\ysstfp.dll
C:\WINDOWS\Registration\pftssy.ini
C:\WINDOWS\Registration\pftssy.bak1
C:\WINDOWS\Registration\pftssy.bak2
C:\WINDOWS\Registration\pftssy.ini2
C:\WINDOWS\Registration\pftssy.tmp
Beginning removal...
Attempting to delete C:\WINDOWS\system32\brrohcn.dll
C:\WINDOWS\system32\brrohcn.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mwizqyd.dll
C:\WINDOWS\system32\mwizqyd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\winbfi32.dll
C:\WINDOWS\system32\winbfi32.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\yvcqsxb.dll
C:\WINDOWS\system32\yvcqsxb.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\lmiedtvv.exe
C:\WINDOWS\system32\lmiedtvv.exe Has been deleted!
Attempting to delete C:\WINDOWS\Registration\ysstfp.dll
C:\WINDOWS\Registration\ysstfp.dll Has been deleted!
Attempting to delete C:\WINDOWS\Registration\pftssy.ini
C:\WINDOWS\Registration\pftssy.ini Has been deleted!
Attempting to delete C:\WINDOWS\Registration\pftssy.bak1
C:\WINDOWS\Registration\pftssy.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\Registration\pftssy.bak2
C:\WINDOWS\Registration\pftssy.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\Registration\pftssy.ini2
C:\WINDOWS\Registration\pftssy.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\Registration\pftssy.tmp
C:\WINDOWS\Registration\pftssy.tmp Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.2.8
Checking Java version...
Java version is 1.4.2.3
Scan started at 14:02:09 06-11-16
Listing files found while scanning....
VundoFix V6.2.13
Checking Java version...
Java version is 1.4.2.3
Scan started at 20:49:11 02/01/2007
Listing files found while scanning....
C:\WINDOWS\system32\jkkjh.dll
C:\WINDOWS\system32\hjkkj.ini
C:\WINDOWS\system32\hjkkj.bak1
C:\WINDOWS\system32\hjkkj.bak2
C:\WINDOWS\system32\hjkkj.ini2
C:\WINDOWS\system32\hjkkj.tmp
C:\WINDOWS\system32\jkkjh.dll
C:\WINDOWS\system32\hjkkj.ini
C:\WINDOWS\system32\hjkkj.bak1
C:\WINDOWS\system32\hjkkj.bak2
C:\WINDOWS\system32\hjkkj.ini2
C:\WINDOWS\system32\hjkkj.tmp
C:\WINDOWS\system32\hjkkj.ini
C:\WINDOWS\system32\hjkkj.bak1
C:\WINDOWS\system32\hjkkj.bak2
C:\WINDOWS\system32\hjkkj.ini2
C:\WINDOWS\system32\hjkkj.tmp
Beginning removal...
Attempting to delete C:\WINDOWS\system32\jkkjh.dll
C:\WINDOWS\system32\jkkjh.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\hjkkj.ini
C:\WINDOWS\system32\hjkkj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\hjkkj.bak1
C:\WINDOWS\system32\hjkkj.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\hjkkj.bak2
C:\WINDOWS\system32\hjkkj.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\hjkkj.ini2
C:\WINDOWS\system32\hjkkj.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\hjkkj.tmp
C:\WINDOWS\system32\hjkkj.tmp Has been deleted!
Performing Repairs to the registry.
Done!
Reposte un rapport Hijackthis.
Répondre à Angeldark
Logfile of HijackThis v1.99.1
Scan saved at 21:07:54, on 02/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\RamBoost XP\rambxpfr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\palmOne\LifeDriveMgrTray.exe
C:\Program Files\palmOne\PalmOneLiveConnect.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\David et Ana\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.138.64.143:8000
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {3D063FF9-7310-4280-84F1-A98F2AA83ED2} - C:\WINDOWS\system32\jkkjh.dll (file missing)
O2 - BHO: (no name) - {4302F7E3-87ED-2BC5-B0C9-0475406503B1} - (no file)
O2 - BHO: (no name) - {435D4D84-BBF0-38A0-4706-08A7712484D5} - C:\WINDOWS\system32\mpqwbai.dll
O2 - BHO: (no name) - {4ED7CCE3-F634-34B4-D986-0614AB036EBD} - (no file)
O2 - BHO: (no name) - {5096D507-795E-492F-870D-FBFD557D285B} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {72667DC9-E13C-4B2D-5B24-07B543897C42} - C:\WINDOWS\system32\gqtyfsm.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\tjfkgolp.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\iihbfbyh.dll",setvm
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - Startup: LifeDrive™ Manager.lnk = C:\Program Files\palmOne\LifeDriveMgrTray.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramew [...] b34246.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/d [...] uncher.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Re,
- Télécharge combofix.exe (par sUBs) sur ton Bureau
- Double clique combofix.exe.
- Tape sur la touche Y (Yes) pour démarrer le scan.
- Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Répondre à Angeldark
le rapport
David et Ana - 07-01-02 21:16:36,12 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\David et Ana\Bureau"
((((((((((((((((((((((((((((((( Files Created from 2006-12-02 to 2007-01-02 ))))))))))))))))))))))))))))))))))
2007-01-02 20:56 1,492 --a------ C:\WINDOWSvundofix.reg
2007-01-02 15:46 81,684 --a------ C:\WINDOWS\system32\oikvifcf.dll
2007-01-02 15:46 118,804 --a------ C:\WINDOWS\system32\iihbfbyh.dll
2007-01-02 15:44 <REP> dr-h----- C:\Documents and Settings\David et Ana\Recent
2007-01-02 15:42 118,804 --a------ C:\WINDOWS\system32\okxqjkmo.dll
2007-01-02 13:45 118,804 --a------ C:\WINDOWS\system32\tpsjdbpo.dll
2007-01-02 12:15 81,684 --a------ C:\WINDOWS\system32\ojkjukjv.dll
2007-01-01 16:32 16,694 --a------ C:\WINDOWS\system32\drivers\PalmUSBD.sys
2007-01-01 16:09 <REP> d-------- C:\palm
2006-12-29 18:24 <REP> d-------- C:\Program Files\GiftBox
2006-12-28 08:00 44,060 --a------ C:\WINDOWS\system32\tjfkgolp.dll
2006-12-27 08:17 118,804 --a------ C:\WINDOWS\system32\bvywbons.dll
2006-12-26 14:36 81,684 --a------ C:\WINDOWS\system32\odvknkhi.dll
2006-12-26 12:42 <REP> d-------- C:\Documents and Settings\David et Ana\Application Data\Leadertech
2006-12-26 10:14 <REP> d-------- C:\Documents and Settings\David et Ana\Application Data\Help
2006-12-26 10:10 <REP> d-------- C:\Documents and Settings\David et Ana\Application Data\Arcsoft
2006-12-26 09:59 53,248 --a------ C:\WINDOWS\PalmDevC.dll
2006-12-26 09:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HotSync
2006-12-26 09:58 <REP> d-------- C:\Program Files\palmOne
2006-12-26 09:57 <REP> d-------- C:\Documents and Settings\David et Ana\Application Data\HotSync
2006-12-22 21:30 <REP> d-------- C:\lj281
2006-12-22 21:26 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2006-12-22 09:30 118,804 --a------ C:\WINDOWS\system32\rugrjytw.dll
2006-12-22 09:30 <REP> d-------- C:\Program Files\SlySoft
2006-12-22 09:27 118,804 --a------ C:\WINDOWS\system32\vwklvpqq.dll
2006-12-21 19:17 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2006-12-20 18:52 <REP> d-------- C:\Program Files\CDex_150
2006-12-19 09:56 <REP> d-------- C:\My Download Files
2006-12-19 09:54 774,144 --a------ C:\Program Files\RngInterstitial.dll
2006-12-19 09:53 <REP> d-------- C:\Program Files\Fichiers communs\Real
2006-12-17 22:06 389,120 --a------ C:\WINDOWS\Adventure Inlay.scr
2006-12-17 21:05 <REP> d-------- C:\Documents and Settings\David et Ana\Application Data\Zylom
2006-12-17 21:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Zylom
2006-12-16 17:51 <REP> d-------- C:\WINDOWS\tiinst
2006-12-16 12:11 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2006-12-16 12:11 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-12-15 20:34 44,052 --a------ C:\WINDOWS\system32\jfkldfcj.dll
2006-12-15 20:33 126,996 --a------ C:\WINDOWS\system32\cfolorqo.dll
2006-12-15 09:36 118,804 --a------ C:\WINDOWS\system32\cayljuno.dll
2006-12-12 09:32 126,996 --a------ C:\WINDOWS\system32\dnchiqbn.dll
2006-12-11 21:45 126,996 --a------ C:\WINDOWS\system32\wtvknwsp.dll
2006-12-09 20:00 516,173 --a------ C:\WINDOWS\system32\MSVCP60D.DLL
2006-12-09 19:59 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll
2006-12-09 19:59 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
2006-12-09 19:59 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2006-12-09 19:59 <REP> d-------- C:\Program Files\Free Audio Pack
2006-12-09 19:29 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2006-12-08 10:43 126,996 --a------ C:\WINDOWS\system32\qtuoyevu.dll
2006-12-07 15:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Leenie Games
2006-12-03 12:49 <REP> d-------- C:\Documents and Settings\David et Ana\Application Data\Wildfire
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-02 20:58 -------- d-------- C:\Program Files\RamBoost XP
2007-01-02 15:21 -------- d-------- C:\Program Files\Internet Explorer
2007-01-01 14:52 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-12-28 11:02 -------- d-------- C:\Documents and Settings\David et Ana\Application Data\Azureus
2006-12-19 09:53 -------- d-------- C:\Program Files\Fichiers communs
2006-12-17 22:01 -------- d-------- C:\Documents and Settings\David et Ana\Application Data\Identities
2006-12-17 11:27 -------- d-------- C:\Program Files\Outlook Express
2006-12-17 11:27 -------- d-------- C:\Program Files\Fichiers communs\System
2006-12-17 10:52 -------- d-------- C:\Program Files\Messenger Plus! Live
2006-12-16 12:11 -------- d-------- C:\Program Files\Picasa2
2006-12-16 12:11 -------- d-------- C:\Program Files\Google
2006-12-07 17:02 2174976 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-03 21:27 -------- d-------- C:\Documents and Settings\David et Ana\Application Data\PlayFirst
2006-12-03 02:51 154040 --a------ C:\Documents and Settings\David et Ana\Application Data\GDIPFONTCACHEV1.DAT
2006-11-30 21:47 126996 --a------ C:\WINDOWS\system32\ebjufvri.dll
2006-11-30 17:58 126996 --a------ C:\WINDOWS\system32\xsawvrqr.dll
2006-11-29 21:22 -------- d-------- C:\Program Files\Opera
2006-11-29 21:22 -------- d-------- C:\Documents and Settings\David et Ana\Application Data\Flock
2006-11-29 21:13 -------- d-------- C:\Program Files\Foxit Software
2006-11-29 00:43 18688 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2006-11-28 08:54 88340 --a------ C:\WINDOWS\system32\swrqrxiv.exe
2006-11-28 08:54 42516 --a------ C:\WINDOWS\system32\jjgxxjus.dll
2006-11-27 20:04 -------- d-------- C:\Program Files\DVD Shrink
2006-11-26 21:22 126996 --a------ C:\WINDOWS\system32\aasdwcxr.dll
2006-11-26 20:23 126996 --a------ C:\WINDOWS\system32\vhtgjcqk.dll
2006-11-26 13:07 -------- d-------- C:\Documents and Settings\David et Ana\Application Data\Google
2006-11-23 17:56 -------- d-------- C:\Documents and Settings\David et Ana\Application Data\Apple Computer
2006-11-23 17:21 38420 --a------ C:\WINDOWS\system32\bvbjkbca.dll
2006-11-22 17:23 60436 --a------ C:\WINDOWS\system32\vuuuqvmv.dll
2006-11-22 17:23 126996 --a------ C:\WINDOWS\system32\hphlflfa.dll
2006-11-22 09:03 126996 --a------ C:\WINDOWS\system32\jsotyitr.dll
2006-11-21 17:21 60436 --a------ C:\WINDOWS\system32\xaghqfta.dll
2006-11-20 17:21 60436 --a------ C:\WINDOWS\system32\wlolimyc.dll
2006-11-20 17:21 126996 --a------ C:\WINDOWS\system32\kkawatkd.dll
2006-11-19 21:06 -------- d-------- C:\Program Files\GRETECH
2006-11-19 21:06 -------- d-------- C:\Documents and Settings\David et Ana\Application Data\GRETECH
2006-11-19 21:04 -------- d-------- C:\Program Files\K-Lite Codec Pack
2006-11-19 20:59 126996 --a------ C:\WINDOWS\system32\ouecnsll.dll
2006-11-19 18:12 -------- d-------- C:\Program Files\PeerGuardian2
2006-11-18 17:21 126996 --a------ C:\WINDOWS\system32\nrkgklus.dll
2006-11-17 17:20 60436 --a------ C:\WINDOWS\system32\edkhooek.dll
2006-11-17 17:20 126996 --a------ C:\WINDOWS\system32\mnyoatsf.dll
2006-11-16 15:17 -------- d-------- C:\Documents and Settings\David et Ana\Application Data\Opera
2006-11-16 14:04 126996 --a------ C:\WINDOWS\system32\afhltmli.dll
2006-11-16 09:24 126996 --a------ C:\WINDOWS\system32\xltmqpsn.dll
2006-11-16 09:08 126996 --a------ C:\WINDOWS\system32\juksvyjv.dll
2006-11-14 12:40 93696 --a------ C:\WINDOWS\system32\bmsotsn.dll
2006-11-14 12:40 71168 --a------ C:\WINDOWS\system32\mpqwbai.dll
2006-11-14 12:40 40973 ---hs---- C:\WINDOWS\system32\ljjhfec.dll
2006-11-14 07:46 94208 --a------ C:\WINDOWS\system32\cnspwn.dll
2006-11-14 07:46 71168 --a------ C:\WINDOWS\system32\gqtyfsm.dll
2006-11-14 07:46 40973 ---hs---- C:\WINDOWS\system32\urqomnn.dll
2006-11-13 19:25 -------- d-------- C:\Program Files\Fichiers communs\PDFView
2006-11-13 19:23 -------- d-------- C:\Documents and Settings\David et Ana\Application Data\NewSoft
2006-11-13 19:17 -------- d-------- C:\Program Files\Canon
2006-11-13 19:16 -------- d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
2006-11-12 17:58 -------- d-------- C:\Program Files\Unlocker
2006-11-12 17:28 106496 --a------ C:\WINDOWS\system32\impgsje.dll
2006-11-12 17:22 40973 ---hs---- C:\WINDOWS\system32\wvuutqp.dll
2006-11-12 14:23 -------- d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-12 12:20 -------- d-------- C:\Documents and Settings\David et Ana\Application Data\Lavasoft
2006-11-12 12:19 -------- d-------- C:\Program Files\Lavasoft
2006-11-12 11:41 40973 ---hs---- C:\WINDOWS\system32\pmnmkjk.dll
2006-11-09 10:44 93696 --a------ C:\WINDOWS\system32\yraekge.dll
2006-11-09 10:42 40973 ---hs---- C:\WINDOWS\system32\ljjgdef.dll
2006-11-08 06:07 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-05 20:28 -------- d-------- C:\Program Files\Fichiers communs\Microsoft Shared
2006-11-04 18:51 -------- d-------- C:\Program Files\iTunes
2006-11-04 18:51 -------- d-------- C:\Program Files\iPod
2006-11-04 18:47 -------- d-------- C:\Program Files\QuickTime
2006-11-04 18:39 -------- d-------- C:\Program Files\Apple Software Update
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-04 13:40 81920 --a------ C:\WINDOWS\system32\ElbyCDIO.dll
2006-10-30 18:40 110612 --a------ C:\WINDOWS\system32\bfdxwimv.exe
2006-10-27 02:44 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-20 02:38 716800 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-13 13:36 145920 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-08 10:33 40 ---hs---- C:\Documents and Settings\David et Ana\Application Data\.zreglib
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"RamBoostXp"="C:\\Program Files\\RamBoost XP\\rambxpfr.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"DllRunning"="rundll32.exe \"C:\\WINDOWS\\system32\\iihbfbyh.dll\",setvm"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
Completion time: 07-01-02 21:17:58.17
C:\ComboFix.txt ... 07-01-02 21:17
Re,
Télécharge KillBox d'Option^Explicit.
Dézippe le dans un dossier ou sur ton bureau (Clique droit puis Extraire Tout).
Selectionne le texte dans le cadre :
| Citation : C:\WINDOWS\system32\oikvifcf.dll
|
---> Clique Droit puis Copier.
----------
-- Ouvre Killbox.exe
-- Choisis "Delete on reboot"
-- Clique sur :
- " File " -> " Paste from Clipboard "
- " All Files "
Pour terminer clique sur ![[:angeldark:3]](http://img.infos-du-net.com/forum/images/perso/3/angeldark.gif "[:angeldark:3]")
Une question te sera alors posée :
" File will be Removed on Reboot, Do you want to reboot now ? "
-- Répond par OUI, un compte à rebours s'enclenche, ton PC va redémarrer.
-- Après redémarrage, relance Killbox puis clique sur le menu : Files -> Logs -> Actions History Log, poste ce rapport ici.
NOTE: Si tu reçois le message "PendingFileRenameOperations Registry Data has been removed by external process!"
Redémarre ton PC manuellement.
AIDE : Tuto sur KillBox (Jesses)
Répondre à Angeldark
Pocket Killbox version 2.0.0.648
Running on Windows XP as David et Ana(Administrator)
was started @ mercredi, janvier 03, 2007, 9:46 AM
Killbox Closed(Exit) @ 10:08:36 AM
__________________________________________________
Pocket Killbox version 2.0.0.648
Running on Windows XP as David et Ana(Administrator)
was started @ mercredi, janvier 03, 2007, 10:08 AM
# 1 [Delete on Reboot]
Path = C:\WINDOWS\system32\oikvifcf.dll
# 2 [Delete on Reboot]
Path = C:\WINDOWS\system32\iihbfbyh.dll
# 3 [Delete on Reboot]
Path = C:\WINDOWS\system32\okxqjkmo.dll
# 4 [Delete on Reboot]
Path = C:\WINDOWS\system32\tpsjdbpo.dll
# 5 [Delete on Reboot]
Path = C:\WINDOWS\system32\ojkjukjv.dll
# 6 [Delete on Reboot]
Path = C:\WINDOWS\system32\tjfkgolp.dll
# 7 [Delete on Reboot]
Path = C:\WINDOWS\system32\bvywbons.dll
# 8 [Delete on Reboot]
Path = C:\WINDOWS\system32\odvknkhi.dll
# 9 [Delete on Reboot]
Path = C:\WINDOWS\system32\rugrjytw.dll
# 10 [Delete on Reboot]
Path = C:\WINDOWS\system32\vwklvpqq.dll
# 11 [Delete on Reboot]
Path = C:\WINDOWS\system32\jfkldfcj.dll
# 12 [Delete on Reboot]
Path = C:\WINDOWS\system32\cfolorqo.dll
# 13 [Delete on Reboot]
Path = C:\WINDOWS\system32\dnchiqbn.dll
# 14 [Delete on Reboot]
Path = C:\WINDOWS\system32\wtvknwsp.dll
# 15 [Delete on Reboot]
Path = C:\WINDOWS\system32\cayljuno.dll
# 16 [Delete on Reboot]
Path = C:\WINDOWS\system32\qtuoyevu.dll
# 17 [Delete on Reboot]
Path = C:\WINDOWS\system32\ebjufvri.dll
# 18 [Delete on Reboot]
Path = C:\WINDOWS\system32\xsawvrqr.dll
# 19 [Delete on Reboot]
Path = C:\WINDOWS\system32\swrqrxiv.exe
# 20 [Delete on Reboot]
Path = C:\WINDOWS\system32\jjgxxjus.dll
# 21 [Delete on Reboot]
Path = C:\WINDOWS\system32\aasdwcxr.dll
# 22 [Delete on Reboot]
Path = C:\WINDOWS\system32\vhtgjcqk.dll
# 23 [Delete on Reboot]
Path = C:\WINDOWS\system32\bvbjkbca.dll
# 24 [Delete on Reboot]
Path = C:\WINDOWS\system32\vuuuqvmv.dll
# 25 [Delete on Reboot]
Path = C:\WINDOWS\system32\hphlflfa.dll
# 26 [Delete on Reboot]
Path = C:\WINDOWS\system32\jsotyitr.dll
# 27 [Delete on Reboot]
Path = C:\WINDOWS\system32\xaghqfta.dll
# 28 [Delete on Reboot]
Path = C:\WINDOWS\system32\wlolimyc.dll
# 29 [Delete on Reboot]
Path = C:\WINDOWS\system32\kkawatkd.dll
# 30 [Delete on Reboot]
Path = C:\WINDOWS\system32\nrkgklus.dll
# 31 [Delete on Reboot]
Path = C:\WINDOWS\system32\edkhooek.dll
# 32 [Delete on Reboot]
Path = C:\WINDOWS\system32\mnyoatsf.dll
# 33 [Delete on Reboot]
Path = C:\WINDOWS\system32\afhltmli.dll
# 34 [Delete on Reboot]
Path = C:\WINDOWS\system32\xltmqpsn.dll
# 35 [Delete on Reboot]
Path = C:\WINDOWS\system32\juksvyjv.dll
# 36 [Delete on Reboot]
Path = C:\WINDOWS\system32\bmsotsn.dll
# 37 [Delete on Reboot]
Path = C:\WINDOWS\system32\mpqwbai.dll
# 38 [Delete on Reboot]
Path = C:\WINDOWS\system32\ljjhfec.dll
# 39 [Delete on Reboot]
Path = C:\WINDOWS\system32\cnspwn.dll
# 40 [Delete on Reboot]
Path = C:\WINDOWS\system32\gqtyfsm.dll
# 41 [Delete on Reboot]
Path = C:\WINDOWS\system32\urqomnn.dll
# 42 [Delete on Reboot]
Path = C:\WINDOWS\system32\impgsje.dll
# 43 [Delete on Reboot]
Path = C:\WINDOWS\system32\wvuutqp.dll
# 44 [Delete on Reboot]
Path = C:\WINDOWS\system32\pmnmkjk.dll
# 45 [Delete on Reboot]
Path = C:\WINDOWS\system32\yraekge.dll
# 46 [Delete on Reboot]
Path = C:\WINDOWS\system32\oikvifcf.dll
# 47 [Delete on Reboot]
Path = C:\WINDOWS\system32\iihbfbyh.dll
# 48 [Delete on Reboot]
Path = C:\WINDOWS\system32\okxqjkmo.dll
# 49 [Delete on Reboot]
Path = C:\WINDOWS\system32\tpsjdbpo.dll
# 50 [Delete on Reboot]
Path = C:\WINDOWS\system32\ojkjukjv.dll
# 51 [Delete on Reboot]
Path = C:\WINDOWS\system32\tjfkgolp.dll
# 52 [Delete on Reboot]
Path = C:\WINDOWS\system32\bvywbons.dll
# 53 [Delete on Reboot]
Path = C:\WINDOWS\system32\odvknkhi.dll
# 54 [Delete on Reboot]
Path = C:\WINDOWS\system32\rugrjytw.dll
# 55 [Delete on Reboot]
Path = C:\WINDOWS\system32\vwklvpqq.dll
# 56 [Delete on Reboot]
Path = C:\WINDOWS\system32\jfkldfcj.dll
# 57 [Delete on Reboot]
Path = C:\WINDOWS\system32\cfolorqo.dll
# 58 [Delete on Reboot]
Path = C:\WINDOWS\system32\dnchiqbn.dll
# 59 [Delete on Reboot]
Path = C:\WINDOWS\system32\wtvknwsp.dll
# 60 [Delete on Reboot]
Path = C:\WINDOWS\system32\cayljuno.dll
# 61 [Delete on Reboot]
Path = C:\WINDOWS\system32\qtuoyevu.dll
# 62 [Delete on Reboot]
Path = C:\WINDOWS\system32\ebjufvri.dll
# 63 [Delete on Reboot]
Path = C:\WINDOWS\system32\xsawvrqr.dll
# 64 [Delete on Reboot]
Path = C:\WINDOWS\system32\swrqrxiv.exe
# 65 [Delete on Reboot]
Path = C:\WINDOWS\system32\jjgxxjus.dll
# 66 [Delete on Reboot]
Path = C:\WINDOWS\system32\aasdwcxr.dll
# 67 [Delete on Reboot]
Path = C:\WINDOWS\system32\vhtgjcqk.dll
# 68 [Delete on Reboot]
Path = C:\WINDOWS\system32\bvbjkbca.dll
# 69 [Delete on Reboot]
Path = C:\WINDOWS\system32\vuuuqvmv.dll
# 70 [Delete on Reboot]
Path = C:\WINDOWS\system32\hphlflfa.dll
# 71 [Delete on Reboot]
Path = C:\WINDOWS\system32\jsotyitr.dll
# 72 [Delete on Reboot]
Path = C:\WINDOWS\system32\xaghqfta.dll
# 73 [Delete on Reboot]
Path = C:\WINDOWS\system32\wlolimyc.dll
# 74 [Delete on Reboot]
Path = C:\WINDOWS\system32\kkawatkd.dll
# 75 [Delete on Reboot]
Path = C:\WINDOWS\system32\nrkgklus.dll
# 76 [Delete on Reboot]
Path = C:\WINDOWS\system32\edkhooek.dll
# 77 [Delete on Reboot]
Path = C:\WINDOWS\system32\mnyoatsf.dll
# 78 [Delete on Reboot]
Path = C:\WINDOWS\system32\afhltmli.dll
# 79 [Delete on Reboot]
Path = C:\WINDOWS\system32\xltmqpsn.dll
# 80 [Delete on Reboot]
Path = C:\WINDOWS\system32\juksvyjv.dll
# 81 [Delete on Reboot]
Path = C:\WINDOWS\system32\bmsotsn.dll
# 82 [Delete on Reboot]
Path = C:\WINDOWS\system32\mpqwbai.dll
# 83 [Delete on Reboot]
Path = C:\WINDOWS\system32\ljjhfec.dll
# 84 [Delete on Reboot]
Path = C:\WINDOWS\system32\cnspwn.dll
# 85 [Delete on Reboot]
Path = C:\WINDOWS\system32\gqtyfsm.dll
# 86 [Delete on Reboot]
Path = C:\WINDOWS\system32\urqomnn.dll
# 87 [Delete on Reboot]
Path = C:\WINDOWS\system32\impgsje.dll
# 88 [Delete on Reboot]
Path = C:\WINDOWS\system32\wvuutqp.dll
# 89 [Delete on Reboot]
Path = C:\WINDOWS\system32\pmnmkjk.dll
# 90 [Delete on Reboot]
Path = C:\WINDOWS\system32\yraekge.dll
PendingFileRenameOperations Registry Data has been Removed by External Process! @ 10:11:16 AM
Killbox Closed(Exit) @ 10:11:52 AM
__________________________________________________
Pocket Killbox version 2.0.0.648
Running on Windows XP as David et Ana(Administrator)
was started @ mercredi, janvier 03, 2007, 10:11 AM
# 1 [Delete on Reboot]
Path = C:\WINDOWS\system32\oikvifcf.dll
# 2 [Delete on Reboot]
Path = C:\WINDOWS\system32\iihbfbyh.dll
# 3 [Delete on Reboot]
Path = C:\WINDOWS\system32\okxqjkmo.dll
# 4 [Delete on Reboot]
Path = C:\WINDOWS\system32\tpsjdbpo.dll
# 5 [Delete on Reboot]
Path = C:\WINDOWS\system32\ojkjukjv.dll
# 6 [Delete on Reboot]
Path = C:\WINDOWS\system32\tjfkgolp.dll
# 7 [Delete on Reboot]
Path = C:\WINDOWS\system32\bvywbons.dll
# 8 [Delete on Reboot]
Path = C:\WINDOWS\system32\odvknkhi.dll
# 9 [Delete on Reboot]
Path = C:\WINDOWS\system32\rugrjytw.dll
# 10 [Delete on Reboot]
Path = C:\WINDOWS\system32\vwklvpqq.dll
# 11 [Delete on Reboot]
Path = C:\WINDOWS\system32\jfkldfcj.dll
# 12 [Delete on Reboot]
Path = C:\WINDOWS\system32\cfolorqo.dll
# 13 [Delete on Reboot]
Path = C:\WINDOWS\system32\dnchiqbn.dll
# 14 [Delete on Reboot]
Path = C:\WINDOWS\system32\wtvknwsp.dll
# 15 [Delete on Reboot]
Path = C:\WINDOWS\system32\cayljuno.dll
# 16 [Delete on Reboot]
Path = C:\WINDOWS\system32\qtuoyevu.dll
# 17 [Delete on Reboot]
Path = C:\WINDOWS\system32\ebjufvri.dll
# 18 [Delete on Reboot]
Path = C:\WINDOWS\system32\xsawvrqr.dll
# 19 [Delete on Reboot]
Path = C:\WINDOWS\system32\swrqrxiv.exe
# 20 [Delete on Reboot]
Path = C:\WINDOWS\system32\jjgxxjus.dll
# 21 [Delete on Reboot]
Path = C:\WINDOWS\system32\aasdwcxr.dll
# 22 [Delete on Reboot]
Path = C:\WINDOWS\system32\vhtgjcqk.dll
# 23 [Delete on Reboot]
Path = C:\WINDOWS\system32\bvbjkbca.dll
# 24 [Delete on Reboot]
Path = C:\WINDOWS\system32\vuuuqvmv.dll
# 25 [Delete on Reboot]
Path = C:\WINDOWS\system32\hphlflfa.dll
# 26 [Delete on Reboot]
Path = C:\WINDOWS\system32\jsotyitr.dll
# 27 [Delete on Reboot]
Path = C:\WINDOWS\system32\xaghqfta.dll
# 28 [Delete on Reboot]
Path = C:\WINDOWS\system32\wlolimyc.dll
# 29 [Delete on Reboot]
Path = C:\WINDOWS\system32\kkawatkd.dll
# 30 [Delete on Reboot]
Path = C:\WINDOWS\system32\nrkgklus.dll
# 31 [Delete on Reboot]
Path = C:\WINDOWS\system32\edkhooek.dll
# 32 [Delete on Reboot]
Path = C:\WINDOWS\system32\mnyoatsf.dll
# 33 [Delete on Reboot]
Path = C:\WINDOWS\system32\afhltmli.dll
# 34 [Delete on Reboot]
Path = C:\WINDOWS\system32\xltmqpsn.dll
# 35 [Delete on Reboot]
Path = C:\WINDOWS\system32\juksvyjv.dll
# 36 [Delete on Reboot]
Path = C:\WINDOWS\system32\bmsotsn.dll
# 37 [Delete on Reboot]
Path = C:\WINDOWS\system32\mpqwbai.dll
# 38 [Delete on Reboot]
Path = C:\WINDOWS\system32\ljjhfec.dll
# 39 [Delete on Reboot]
Path = C:\WINDOWS\system32\cnspwn.dll
# 40 [Delete on Reboot]
Path = C:\WINDOWS\system32\gqtyfsm.dll
# 41 [Delete on Reboot]
Path = C:\WINDOWS\system32\urqomnn.dll
# 42 [Delete on Reboot]
Path = C:\WINDOWS\system32\impgsje.dll
# 43 [Delete on Reboot]
Path = C:\WINDOWS\system32\wvuutqp.dll
# 44 [Delete on Reboot]
Path = C:\WINDOWS\system32\pmnmkjk.dll
# 45 [Delete on Reboot]
Path = C:\WINDOWS\system32\yraekge.dll
PendingFileRenameOperations Registry Data has been Removed by External Process! @ 10:12:37 AM
# 46 [Delete on Reboot]
Path = C:\WINDOWS\system32\oikvifcf.dll
# 47 [Delete on Reboot]
Path = C:\WINDOWS\system32\iihbfbyh.dll
# 48 [Delete on Reboot]
Path = C:\WINDOWS\system32\okxqjkmo.dll
# 49 [Delete on Reboot]
Path = C:\WINDOWS\system32\tpsjdbpo.dll
# 50 [Delete on Reboot]
Path = C:\WINDOWS\system32\ojkjukjv.dll
# 51 [Delete on Reboot]
Path = C:\WINDOWS\system32\tjfkgolp.dll
# 52 [Delete on Reboot]
Path = C:\WINDOWS\system32\bvywbons.dll
# 53 [Delete on Reboot]
Path = C:\WINDOWS\system32\odvknkhi.dll
# 54 [Delete on Reboot]
Path = C:\WINDOWS\system32\rugrjytw.dll
# 55 [Delete on Reboot]
Path = C:\WINDOWS\system32\vwklvpqq.dll
# 56 [Delete on Reboot]
Path = C:\WINDOWS\system32\jfkldfcj.dll
# 57 [Delete on Reboot]
Path = C:\WINDOWS\system32\cfolorqo.dll
# 58 [Delete on Reboot]
Path = C:\WINDOWS\system32\dnchiqbn.dll
# 59 [Delete on Reboot]
Path = C:\WINDOWS\system32\wtvknwsp.dll
# 60 [Delete on Reboot]
Path = C:\WINDOWS\system32\cayljuno.dll
# 61 [Delete on Reboot]
Path = C:\WINDOWS\system32\qtuoyevu.dll
# 62 [Delete on Reboot]
Path = C:\WINDOWS\system32\ebjufvri.dll
# 63 [Delete on Reboot]
Path = C:\WINDOWS\system32\xsawvrqr.dll
# 64 [Delete on Reboot]
Path = C:\WINDOWS\system32\swrqrxiv.exe
# 65 [Delete on Reboot]
Path = C:\WINDOWS\system32\jjgxxjus.dll
# 66 [Delete on Reboot]
Path = C:\WINDOWS\system32\aasdwcxr.dll
# 67 [Delete on Reboot]
Path = C:\WINDOWS\system32\vhtgjcqk.dll
# 68 [Delete on Reboot]
Path = C:\WINDOWS\system32\bvbjkbca.dll
# 69 [Delete on Reboot]
Path = C:\WINDOWS\system32\vuuuqvmv.dll
# 70 [Delete on Reboot]
Path = C:\WINDOWS\system32\hphlflfa.dll
# 71 [Delete on Reboot]
Path = C:\WINDOWS\system32\jsotyitr.dll
# 72 [Delete on Reboot]
Path = C:\WINDOWS\system32\xaghqfta.dll
# 73 [Delete on Reboot]
Path = C:\WINDOWS\system32\wlolimyc.dll
# 74 [Delete on Reboot]
Path = C:\WINDOWS\system32\kkawatkd.dll
# 75 [Delete on Reboot]
Path = C:\WINDOWS\system32\nrkgklus.dll
# 76 [Delete on Reboot]
Path = C:\WINDOWS\system32\edkhooek.dll
# 77 [Delete on Reboot]
Path = C:\WINDOWS\system32\mnyoatsf.dll
# 78 [Delete on Reboot]
Path = C:\WINDOWS\system32\afhltmli.dll
# 79 [Delete on Reboot]
Path = C:\WINDOWS\system32\xltmqpsn.dll
# 80 [Delete on Reboot]
Path = C:\WINDOWS\system32\juksvyjv.dll
# 81 [Delete on Reboot]
Path = C:\WINDOWS\system32\bmsotsn.dll
# 82 [Delete on Reboot]
Path = C:\WINDOWS\system32\mpqwbai.dll
# 83 [Delete on Reboot]
Path = C:\WINDOWS\system32\ljjhfec.dll
# 84 [Delete on Reboot]
Path = C:\WINDOWS\system32\cnspwn.dll
# 85 [Delete on Reboot]
Path = C:\WINDOWS\system32\gqtyfsm.dll
# 86 [Delete on Reboot]
Path = C:\WINDOWS\system32\urqomnn.dll
# 87 [Delete on Reboot]
Path = C:\WINDOWS\system32\impgsje.dll
# 88 [Delete on Reboot]
Path = C:\WINDOWS\system32\wvuutqp.dll
# 89 [Delete on Reboot]
Path = C:\WINDOWS\system32\pmnmkjk.dll
# 90 [Delete on Reboot]
Path = C:\WINDOWS\system32\yraekge.dll
Killbox Closed(Exit) @ 10:14:15 AM
__________________________________________________
Pocket Killbox version 2.0.0.648
Running on Windows XP as David et Ana(Administrator)
was started @ mercredi, janvier 03, 2007, 10:17 AM
maintenant au demarrage de l'ordi, j'ai ce message qui vient
c::windows/system32/jihbfbyh.dll que faire?
Reposte un rapport Hijackthis 
Répondre à Angeldark
Logfile of HijackThis v1.99.1
Scan saved at 17:00:34, on 03/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\RamBoost XP\rambxpfr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\palmOne\LifeDriveMgrTray.exe
C:\Program Files\palmOne\PalmOneLiveConnect.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.138.64.143:8000
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {3D063FF9-7310-4280-84F1-A98F2AA83ED2} - (no file)
O2 - BHO: (no name) - {4302F7E3-87ED-2BC5-B0C9-0475406503B1} - (no file)
O2 - BHO: (no name) - {435D4D84-BBF0-38A0-4706-08A7712484D5} - (no file)
O2 - BHO: (no name) - {4ED7CCE3-F634-34B4-D986-0614AB036EBD} - (no file)
O2 - BHO: (no name) - {5096D507-795E-492F-870D-FBFD557D285B} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {72667DC9-E13C-4B2D-5B24-07B543897C42} - (no file)
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - Startup: LifeDrive™ Manager.lnk = C:\Program Files\palmOne\LifeDriveMgrTray.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramew [...] b34246.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/d [...] uncher.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
En tout cas je tiens a te remercier pour ta patience et ta gentillesse
Re,
- Lance Hijackthis ->Do a system scan only
->Coche les lignes ci-dessous :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.138.64.143:8000
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {3D063FF9-7310-4280-84F1-A98F2AA83ED2} - (no file)
O2 - BHO: (no name) - {4302F7E3-87ED-2BC5-B0C9-0475406503B1} - (no file)
O2 - BHO: (no name) - {435D4D84-BBF0-38A0-4706-08A7712484D5} - (no file)
O2 - BHO: (no name) - {4ED7CCE3-F634-34B4-D986-0614AB036EBD} - (no file)
O2 - BHO: (no name) - {5096D507-795E-492F-870D-FBFD557D285B} - (no file)
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {72667DC9-E13C-4B2D-5B24-07B543897C42} - (no file)
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - (no file)
Clique sur Fix checked (en bas à gauche)
D'autres problèmes ?
Répondre à Angeldark
Il y a 1477 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
