Malware, virus, pages de pub, difficultés d'installation [RESOLU]

Malware, virus, pages de pub, difficultés d'installation [RESOLU] - Sécurité - Virus

Recherche Recherche
Règles Règles
Aide Aide

Dans la même thématique :

Ceci répond-il à votre question ? Oui | Non

Voir les posts : Par défaut Tous Les bonnes notes Les notes insuffisantes

Mot : Pseudo : Filtrer
Bas de page
Auteur	Sujet : Malware, virus, pages de pub, difficultés d'installation [RESOLU]

Jazcasasof t

"Aux grands maux, les grands remèdes"
Profil : IDNaute

Plus d'informations

19-04-2007 à 23:46:13

salut,
C'est Jazcasasoft,
Je suis vraiment très :??: inquiets et bouleversé par ces virus insupprimables (Smitfraud-C.Toolbar888+WIN32), ce message d'erreur de chargement de SISPower.dll, ces pages pub intempestives inévitables, cette réinstallation impossible de mon imprimante CanoniP1200, et ce "electrinic-group" dans éditeurs approuvés!!! :fou: et qui sait encore...Je suis déjà atteint d'une infection chronique et j'essaye de lire dans les pages web comment vivre avec...mais C impossible avec tous ça "j'avais cru que le monde est meilleur..." je lance un appel aux âmes charitables de me venir en aide, je suis nouveau dans ce domaine et je ne sais quoi faire.
A vrai dire , je me suis inscrit dans d'autres sites mais c'était très difficile d'envoyer un message. J'espère qu'ici ça marcherait.
Puisque c'est ma 1ère fois, ça ne me pose pas de prob -si vous voulez bien- de me répondre à mon adresse mail.
pour commencer et j'espère que je ne suis pas allé trop vite: voici un HijackThis tout frais :
--------
Logfile of HijackThis v1.99.1
Scan saved at 21:42:55, on 19-04-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\domino.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\WINDOWS\VMSnap1.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\DAP\DAP.EXE
C:\PROGRA~1\SPEEDB~1\VideoAccelerator.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Collection Microsoft Encarta 2006\EDICT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Menara\dslmon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\hddbdcso.dll
O2 - BHO: (no name) - {733FD72F-103E-4B9E-BCB9-A76064AF3C72} - C:\WINDOWS\system32\ssqonon.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {ADEB1CF7-A86E-4372-8B2A-77E6E2F49984} - C:\WINDOWS\system32\ssqro.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CC3F4F56-4E51-4B23-B177-BFA34D3608F9} - C:\WINDOWS\system32\levtkvjy.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [domino] C:\WINDOWS\domino.exe
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [VMSnap1] C:\WINDOWS\VMSnap1.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\nhhwoulo.dll",setvm
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [E06FDXRC_8323390] "E:\Program Files\Collection Microsoft Encarta 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolb [...] jhtml?p=ZN
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6C26C7F-294F-4716-AAA5-5735FB054178}: NameServer = 212.217.1.4 212.217.0.14
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: CLKERN.DLL
O20 - Winlogon Notify: ssqonon - C:\WINDOWS\SYSTEM32\ssqonon.dll
O20 - Winlogon Notify: ssqro - C:\WINDOWS\system32\ssqro.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe

-----[b][/b]

Message édité par Jazcasasof t le 29-04-2007 à 17:58:27

Liens

Angeldark

Profil : Helper

Plus d'informations

19-04-2007 à 23:48:14

Masquer

Bonjour,

Tu as un Windows piraté ?

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

Double-clique VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo
Lorsque le scan est complété, clique sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

---------------
Prévention & Protection|Les logiciels gratuits|L'homme du FLCCF

Jazcasasof t

"Aux grands maux, les grands remèdes"
Profil : IDNaute

Plus d'informations

20-04-2007 à 01:20:03

Masquer

:hello: Bonjour Angeldark,
Merci d'avoir répondu aussi vite à mon secours. En ce qui concerne Windows c'est une histoire que je vins d'apprendre et je souhaite la régler dès que possible.
J'ai 2 RUNDLL : Erreur de chargement de: "C:\WINDOWS\system32\nhhwoulo.dll" et de "SISPower.dll":
Voici les rapports:
----

VundoFix V6.3.19

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 22:26:08 19-04-2007

Listing files found while scanning....

C:\WINDOWS\system32\apxpepfo.dll
C:\WINDOWS\system32\bkrfjmos.dll
C:\WINDOWS\system32\bmdyxmjl.dll
C:\WINDOWS\system32\bwghxqkx.dll
C:\WINDOWS\system32\cghaqhjo.ini
C:\WINDOWS\system32\eceyswwu.dll
C:\WINDOWS\system32\edyalhgv.dll
C:\WINDOWS\system32\fkyokyxb.dll
C:\WINDOWS\system32\ggnybnqb.dll
C:\WINDOWS\system32\gsdamfgl.dll
C:\WINDOWS\system32\gsmucvoi.dll
C:\WINDOWS\system32\hddbdcso.dll
C:\WINDOWS\system32\hdyxertn.dll
C:\WINDOWS\system32\herdsrdm.dll
C:\WINDOWS\system32\kyhxwvbj.dll
C:\WINDOWS\system32\lgfmadsg.ini
C:\WINDOWS\system32\nhhwoulo.dll
C:\WINDOWS\system32\ntrexydh.ini
C:\WINDOWS\system32\nwhprtgu.dll
C:\WINDOWS\system32\odokpuei.dll
C:\WINDOWS\system32\ojhqahgc.dll
C:\WINDOWS\system32\oluowhhn.ini
C:\WINDOWS\system32\oluowhhn.ini2
C:\WINDOWS\system32\oluowhhn.tmp
C:\WINDOWS\system32\omravkmf.dll
C:\WINDOWS\system32\onjshkje.dll
C:\WINDOWS\system32\orawhnbk.dll
C:\WINDOWS\system32\orvsatuc.dll
C:\WINDOWS\system32\ratihsmk.dll
C:\WINDOWS\system32\sqvdeswq.dll
C:\WINDOWS\system32\srocdsjw.dll
C:\WINDOWS\system32\ssqonon.dll
C:\WINDOWS\system32\ssqro.dll
C:\WINDOWS\system32\tbtmokpj.dll
C:\WINDOWS\system32\tyethhfb.dll
C:\WINDOWS\system32\ulyaidmx.dll
C:\WINDOWS\system32\vmuhrnqc.dll
C:\WINDOWS\system32\whejtblt.dll
C:\WINDOWS\system32\wkdrmjmf.dll
C:\WINDOWS\system32\wobnvlry.dll
C:\WINDOWS\system32\xkqxhgwb.ini
C:\WINDOWS\system32\ypomdylm.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\apxpepfo.dll
C:\WINDOWS\system32\apxpepfo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bkrfjmos.dll
C:\WINDOWS\system32\bkrfjmos.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bmdyxmjl.dll
C:\WINDOWS\system32\bmdyxmjl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bwghxqkx.dll
C:\WINDOWS\system32\bwghxqkx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cghaqhjo.ini
C:\WINDOWS\system32\cghaqhjo.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\eceyswwu.dll
C:\WINDOWS\system32\eceyswwu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\edyalhgv.dll
C:\WINDOWS\system32\edyalhgv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fkyokyxb.dll
C:\WINDOWS\system32\fkyokyxb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ggnybnqb.dll
C:\WINDOWS\system32\ggnybnqb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gsdamfgl.dll
C:\WINDOWS\system32\gsdamfgl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gsmucvoi.dll
C:\WINDOWS\system32\gsmucvoi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hddbdcso.dll
C:\WINDOWS\system32\hddbdcso.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hdyxertn.dll
C:\WINDOWS\system32\hdyxertn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\herdsrdm.dll
C:\WINDOWS\system32\herdsrdm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kyhxwvbj.dll
C:\WINDOWS\system32\kyhxwvbj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lgfmadsg.ini
C:\WINDOWS\system32\lgfmadsg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\nhhwoulo.dll
C:\WINDOWS\system32\nhhwoulo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ntrexydh.ini
C:\WINDOWS\system32\ntrexydh.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\nwhprtgu.dll
C:\WINDOWS\system32\nwhprtgu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\odokpuei.dll
C:\WINDOWS\system32\odokpuei.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ojhqahgc.dll
C:\WINDOWS\system32\ojhqahgc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\oluowhhn.ini
C:\WINDOWS\system32\oluowhhn.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\oluowhhn.ini2
C:\WINDOWS\system32\oluowhhn.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\oluowhhn.tmp
C:\WINDOWS\system32\oluowhhn.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\omravkmf.dll
C:\WINDOWS\system32\omravkmf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\onjshkje.dll
C:\WINDOWS\system32\onjshkje.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\orawhnbk.dll
C:\WINDOWS\system32\orawhnbk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\orvsatuc.dll
C:\WINDOWS\system32\orvsatuc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ratihsmk.dll
C:\WINDOWS\system32\ratihsmk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sqvdeswq.dll
C:\WINDOWS\system32\sqvdeswq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\srocdsjw.dll
C:\WINDOWS\system32\srocdsjw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqonon.dll
C:\WINDOWS\system32\ssqonon.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ssqro.dll
C:\WINDOWS\system32\ssqro.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tbtmokpj.dll
C:\WINDOWS\system32\tbtmokpj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tyethhfb.dll
C:\WINDOWS\system32\tyethhfb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ulyaidmx.dll
C:\WINDOWS\system32\ulyaidmx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vmuhrnqc.dll
C:\WINDOWS\system32\vmuhrnqc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\whejtblt.dll
C:\WINDOWS\system32\whejtblt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wkdrmjmf.dll
C:\WINDOWS\system32\wkdrmjmf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wobnvlry.dll
C:\WINDOWS\system32\wobnvlry.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xkqxhgwb.ini
C:\WINDOWS\system32\xkqxhgwb.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ypomdylm.dll
C:\WINDOWS\system32\ypomdylm.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.19

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 22:37:15 19-04-2007

Listing files found while scanning....

C:\WINDOWS\system32\ssqonon.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ssqonon.dll
C:\WINDOWS\system32\ssqonon.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ssqonon.dll
C:\WINDOWS\system32\ssqonon.dll Could not be deleted.

Performing Repairs to the registry.
Done!
---------
et,
----
Logfile of HijackThis v1.99.1
Scan saved at 23:05:06, on 19-04-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\domino.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\WINDOWS\VMSnap1.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Collection Microsoft Encarta 2006\EDICT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Menara\dslmon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\hddbdcso.dll (file missing)
O2 - BHO: (no name) - {733FD72F-103E-4B9E-BCB9-A76064AF3C72} - C:\WINDOWS\system32\ssqonon.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {ADEB1CF7-A86E-4372-8B2A-77E6E2F49984} - C:\WINDOWS\system32\ssqro.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CC3F4F56-4E51-4B23-B177-BFA34D3608F9} - C:\WINDOWS\system32\levtkvjy.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [domino] C:\WINDOWS\domino.exe
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [VMSnap1] C:\WINDOWS\VMSnap1.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\nhhwoulo.dll",setvm
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [E06FDXRC_8323390] "E:\Program Files\Collection Microsoft Encarta 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolb [...] jhtml?p=ZN
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6C26C7F-294F-4716-AAA5-5735FB054178}: NameServer = 212.217.1.4 212.217.0.14
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: CLKERN.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
--------------
Bonne réception...

Angeldark

Profil : Helper

Plus d'informations

20-04-2007 à 12:00:26

Masquer

Tu pourrais répondre à ma question ?

Télécharge combofix.exe (par sUBs) sur ton Bureau
Double clique combofix.exe.
Tape sur la touche Y (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

---------------
Prévention & Protection|Les logiciels gratuits|L'homme du FLCCF

Jazcasasof t

"Aux grands maux, les grands remèdes"
Profil : IDNaute

Plus d'informations

20-04-2007 à 16:21:51

Masquer

Bonjour Monsieur,
Merci de votre patience...car je dois reconnaitre que je ne comprend pas la langue anglaise
Après ouverture du combofixe.exe, il m'a donné un message, pour choisir entre le "1" ou le "2"-il n'avait ni y ni n j'ai opté pour le "1" et je crois que ça a marché...enfin j'espère
---------
"Administrateur" - 07-04-20 13:47:04 Service Pack 2
ComboFix 07-04-20V - Running from: C:\Documents and Settings\Anass\Mes documents\My Completed Downloads\

/wow section not completed

(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\awtqo.dll
C:\WINDOWS\system32\ajphbhtj.dll
C:\WINDOWS\system32\bcnlpwpd.dll
C:\WINDOWS\system32\afvyvxhu.dll
C:\WINDOWS\system32\aotcxqed.dll
C:\WINDOWS\system32\blpnrwmn.dll
C:\WINDOWS\system32\dkfrwfqi.dll
C:\WINDOWS\system32\frqkfruo.dll
C:\WINDOWS\system32\hbiobpjm.dll
C:\WINDOWS\system32\jbwoaqkt.dll
C:\WINDOWS\system32\mgbfkhrf.dll
C:\WINDOWS\system32\pxajgrry.dll
C:\WINDOWS\system32\qagcagop.dll
C:\WINDOWS\system32\quatfruc.dll
C:\WINDOWS\system32\rvhjeevb.dll
C:\WINDOWS\system32\twatjrxg.dll
C:\WINDOWS\system32\uiditjit.dll
C:\WINDOWS\system32\wfecliwv.dll
C:\WINDOWS\system32\yuhtvfmd.dll
C:\WINDOWS\system32\sstqr.dll
C:\WINDOWS\system32\bxsvmerj.dll
C:\WINDOWS\system32\ssqonon.dll
C:\WINDOWS\system32\oqtwa.ini2
C:\WINDOWS\system32\oqtwa.tmp
C:\WINDOWS\system32\klnmp.bak2
C:\WINDOWS\system32\klnmp.ini
C:\WINDOWS\system32\pmnlk.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\nvs2.inf
C:\Program Files\vsadd-in
C:\WINDOWS\system32\nwkxtvljz_navps.dat
C:\WINDOWS\system32\nwkxtvljz.exe
C:\WINDOWS\system32\nwkxtvljz.dat

((((((((((((((((((((((((((((((( Files Created from 2007-03-20 to 2007-04-20 ))))))))))))))))))))))))))))))))))

2007-04-20 12:41 <REP> d-------- C:\DOCUME~1\Anass\APPLIC~1\MailFrontier
2007-04-20 01:07 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-04-20 01:07 54,936 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2007-04-20 01:07 42,648 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2007-04-20 01:07 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-04-20 01:07 22,168 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2007-04-20 01:07 18,072 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2007-04-20 01:07 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-04-20 01:07 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-04-20 01:07 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2007-04-20 01:01 125,460 --a------ C:\WINDOWS\system32\vtliijgb.dll
2007-04-19 22:26 <REP> d-------- C:\VundoFix Backups
2007-04-18 13:53 2,658 --a------ C:\WINDOWS\system32\tmp.reg
2007-04-17 23:13 125,460 --a------ C:\WINDOWS\system32\levtkvjy.dll
2007-04-13 22:57 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2007-04-13 17:18 46,892 --a------ C:\WINDOWS\system32\adadix16.dll
2007-04-13 17:18 4,981 --a------ C:\WINDOWS\system32\adadix2k.dll
2007-04-13 17:18 22,395 --a------ C:\WINDOWS\system32\drivers\fpga.bin
2007-04-13 17:18 155,648 --a------ C:\WINDOWS\system32\adadix32.dll
2007-04-13 17:18 152,308 --a------ C:\WINDOWS\system32\drivers\L1E4I2.BIN
2007-04-13 17:18 152,306 --a------ C:\WINDOWS\system32\drivers\L1E4I1.BIN
2007-04-13 17:18 152,306 --a------ C:\WINDOWS\system32\drivers\L1E4I0.BIN
2007-04-13 17:18 152,146 --a------ C:\WINDOWS\system32\drivers\L1E4P2.BIN
2007-04-13 17:18 152,145 --a------ C:\WINDOWS\system32\drivers\L1E4P1.BIN
2007-04-13 17:18 152,145 --a------ C:\WINDOWS\system32\drivers\L1E4P0.BIN
2007-04-13 17:18 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9P2.BIN
2007-04-13 17:18 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9P1.BIN
2007-04-13 17:18 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9P0.BIN
2007-04-13 17:18 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9I2.BIN
2007-04-13 17:18 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9I1.BIN
2007-04-13 17:18 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9I0.BIN
2007-04-13 17:18 152,036 --a------ C:\WINDOWS\system32\drivers\L1E4D2.BIN
2007-04-13 17:18 152,034 --a------ C:\WINDOWS\system32\drivers\L1E4D1.BIN
2007-04-13 17:18 152,034 --a------ C:\WINDOWS\system32\drivers\L1E4D0.BIN
2007-04-13 17:18 143,360 --a------ C:\WINDOWS\adiras.exe
2007-04-13 17:18 135,168 --a------ C:\WINDOWS\system32\unaddrv.exe
2007-04-13 17:18 127,456 --a------ C:\WINDOWS\system32\ipdetect.exe
2007-04-13 17:18 126,976 --a------ C:\WINDOWS\system32\coclassfast.dll
2007-04-13 17:18 126,489 --a------ C:\WINDOWS\system32\adiusbaw.sys
2007-04-13 17:18 114,616 --a------ C:\WINDOWS\system32\e4usbaw.sys
2007-04-13 17:10 <REP> d-------- C:\Program Files\Menara
2007-04-13 15:23 <REP> d-------- C:\DOCUME~1\Anass\APPLIC~1\SYSTRAN
2007-04-13 15:19 <REP> d-------- C:\WINDOWS\system32\E177E04D548C4006A465EEB92D3DE021
2007-04-13 00:07 <REP> d-------- C:\WINDOWS\Prefetch
2007-04-13 00:01 0 --a------ C:\AUTOEXEC.BAT
2007-04-12 23:45 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-04-12 23:45 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-04-12 23:33 <REP> d-------- C:\WINDOWS\setup.pss
2007-04-12 19:02 <REP> d-------- C:\DOCUME~1\MONDEN~1\APPLIC~1\Adobe
2007-04-12 17:37 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2007-04-12 17:37 24,576 --a------ C:\WINDOWS\system32\IdleTrac.dll
2007-04-12 17:37 <REP> d-------- C:\Program Files\Mailinfo
2007-04-12 17:34 <REP> d-------- C:\Program Files\SpeedOptimizer
2007-04-12 17:33 <REP> d-------- C:\Program Files\SpeedBit Video Accelerator
2007-04-12 17:33 <REP> d-------- C:\Program Files\AskPBar
2007-04-12 17:20 <REP> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-04-12 17:19 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2007-04-12 17:19 <REP> d-------- C:\Program Files\DAP
2007-04-12 15:33 76,082 --a------ C:\WINDOWS\system32\perfc040.dat
2007-04-12 15:33 482,706 --a------ C:\WINDOWS\system32\perfh040.dat
2007-04-12 11:49 492,373 ---hs---- C:\WINDOWS\system32\orqss.bak2
2007-04-12 01:30 <REP> d-------- C:\Program Files\Lavalys
2007-04-11 22:17 <REP> d-------- C:\Program Files\Shareaza
2007-04-11 20:41 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2007-04-11 11:49 484,741 --ahs---- C:\WINDOWS\system32\orqss.bak1
2007-04-10 17:50 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-10 09:23 <REP> d-------- C:\DOCUME~1\MONDEN~1\APPLIC~1\Google
2007-04-10 09:19 1,048,576 --ah----- C:\DOCUME~1\MONDEN~1\NTUSER.DAT
2007-04-10 09:19 <REP> dr------- C:\DOCUME~1\MONDEN~1\Mes documents
2007-04-10 09:19 <REP> dr------- C:\DOCUME~1\MONDEN~1\Menu D‚marrer
2007-04-10 09:19 <REP> dr------- C:\DOCUME~1\MONDEN~1\Favoris
2007-04-10 09:19 <REP> d--h----- C:\DOCUME~1\MONDEN~1\Voisinage r‚seau
2007-04-10 09:19 <REP> d--h----- C:\DOCUME~1\MONDEN~1\Voisinage d'impression
2007-04-10 09:19 <REP> d--h----- C:\DOCUME~1\MONDEN~1\Modٹles
2007-04-10 09:19 <REP> d-------- C:\DOCUME~1\MONDEN~1\Bureau
2007-04-09 14:25 <REP> d-------- C:\Program Files\SpywareBlaster
2007-04-08 16:36 <REP> d---s---- C:\DOCUME~1\Anass\UserData
2007-04-06 00:52 6,422,611 --a------ C:\Program Files\frostwire-4.13.1.6.windows.exe
2007-04-04 16:44 <REP> d-------- C:\WINDOWS\RegisteredPackages
2007-04-02 00:16 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2007-03-31 15:43 229,467 --a------ C:\WINDOWS\RACHook36.dll
2007-03-31 15:43 199,680 --a------ C:\WINDOWS\MediaR36.dll
2007-03-31 15:43 1,770,496 --a------ C:\WINDOWS\MediaDico36Dll.dll
2007-03-31 15:43 <REP> d-------- C:\Program Files\Micro Application
2007-03-30 20:09 <REP> d-------- C:\Program Files\RegCleaner
2007-03-29 21:12 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
2007-03-29 13:46 <REP> d-------- C:\DOCUME~1\Anass\APPLIC~1\Talkback
2007-03-28 18:13 <REP> d-------- C:\Program Files\WinZip Self-Extractor
2007-03-28 15:30 947,472 --a------ C:\WINDOWS\system32\msjava.dll
2007-03-28 15:30 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2007-03-28 15:30 6,550 --a------ C:\WINDOWS\jautoexp.dat
2007-03-28 15:30 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2007-03-28 15:30 46,352 --a------ C:\WINDOWS\setdebug.exe
2007-03-28 15:30 404,752 --a------ C:\WINDOWS\system32\javart.dll
2007-03-28 15:30 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2007-03-28 15:30 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2007-03-28 15:30 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2007-03-28 15:30 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2007-03-28 15:30 172,304 --a------ C:\WINDOWS\system32\jview.exe
2007-03-28 15:30 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2007-03-28 15:30 171,280 --a------ C:\WINDOWS\system32\jit.dll
2007-03-28 15:30 154,384 --a------ C:\WINDOWS\system32\msawt.dll
2007-03-28 15:30 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2007-03-28 15:30 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-03-28 15:30 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-03-28 13:05 <REP> d-------- C:\Program Files\ZIO Interactive
2007-03-28 11:12 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-03-28 03:32 <REP> d-------- C:\Program Files\Disc2Phone
2007-03-28 03:00 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-03-27 22:18 <REP> d-------- C:\Program Files\Recuva
2007-03-27 17:43 774,144 --a------ C:\Program Files\RngInterstitial.dll
2007-03-27 16:28 <REP> d-------- C:\WINDOWS\system32\NtmsData
2007-03-24 19:07 94,208 --a------ C:\WINDOWS\VMCap.exe
2007-03-24 19:07 61,440 --a------ C:\WINDOWS\system32\VM31bSTI.dll
2007-03-24 19:07 57,344 --a------ C:\WINDOWS\StillCap.exe
2007-03-24 19:07 49,152 --a------ C:\WINDOWS\VMSnap1.exe
2007-03-24 19:07 49,152 --a------ C:\WINDOWS\domino.exe
2007-03-24 19:07 307,200 --a------ C:\WINDOWS\vidcap32.Exe
2007-03-24 19:07 195,299 --a------ C:\WINDOWS\system32\drivers\usbVM31b.sys
2007-03-24 19:07 176,128 --a------ C:\WINDOWS\amcap.exe
2007-03-24 19:07 <REP> d-------- C:\WINDOWS\CatRoot
2007-03-24 19:07 <REP> d-------- C:\Program Files\Vimicro
2007-03-23 21:06 6,029,312 --a------ C:\DOCUME~1\Anass\ntuser.dat
2007-03-23 19:21 2,560 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-03-23 19:21 2,432 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-03-23 19:21 <REP> d-------- C:\WINDOWS\system32\IOSUBSYS
2007-03-22 20:46 49,532 --ah----- C:\WINDOWS\system32\mlfcache.dat
2007-03-21 18:15 <REP> d-------- C:\Program Files\SuperUtility
2007-03-21 17:08 <REP> d-------- C:\WINDOWS\speech
2007-03-21 17:08 <REP> d-------- C:\WINDOWS\Lhsp
2007-03-20 22:02 286,720 --a------ C:\WINDOWS\iun506.exe
2007-03-20 17:40 <REP> d-------- C:\Program Files\CCleaner
2007-03-20 13:52 <REP> d-------- C:\DOCUME~1\Anass\APPLIC~1\Symantec

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-04-14 07:47 94552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-14 07:47 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-14 07:45 23416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-14 07:44 43176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-14 07:43 26888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-14 07:42 90112 --a------ C:\WINDOWS\system32\avastss.scr
2007-04-13 17:21 -------- d--h----- C:\Program Files\installshield installation information
2007-04-13 00:17 83892 --a------ C:\WINDOWS\system32\perfc00c.dat
2007-04-13 00:17 507178 --a------ C:\WINDOWS\system32\perfh00c.dat
2007-04-12 23:59 23660 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-11 23:25 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\skype
2007-04-10 11:18 712832 --a------ C:\WINDOWS\system32\aswboot.exe
2007-04-09 01:04 241066 --a------ C:\WINDOWS\system32\nwkxtvljz_nav.dat
2007-04-08 20:35 -------- d-------- C:\Program Files\Fichiers communs\real
2007-04-08 20:35 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\real
2007-04-04 13:53 -------- d-------- C:\Program Files\windows media connect 2
2007-04-02 02:23 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\dvdcss
2007-04-02 00:16 -------- d-------- C:\Program Files\skype
2007-03-28 23:50 11739 --a------ C:\WINDOWS\mozver.dat
2007-03-28 07:54 -------- d-------- C:\Program Files\quicktime
2007-03-19 21:21 5954520 --a------ C:\Program Files\windows-kb890830-v1.27.exe
2007-03-19 16:03 509 --a------ C:\WINDOWS\system32\gdnqxvsm_navps.dat
2007-03-19 16:02 6422 --a------ C:\WINDOWS\system32\gdnqxvsm.dat
2007-03-17 20:57 218653 --a------ C:\WINDOWS\system32\gdnqxvsm_nav.dat
2007-03-17 09:50 -------- d-------- C:\Program Files\internetgamebox
2007-03-16 14:39 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\sun
2007-03-16 12:25 315904 --a------ C:\WINDOWS\system32\gdnqxvsm.exe
2007-03-16 12:25 314880 --a------ C:\WINDOWS\system32\gdtfnl.exe
2007-03-13 21:51 -------- d-------- C:\Program Files\google
2007-03-13 21:15 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\google
2007-03-13 20:35 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\leadertech
2007-03-12 13:57 -------- d-------- C:\Program Files\msn messenger
2007-03-12 01:02 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\itslabel
2007-03-11 14:50 -------- d-------- C:\Program Files\alwil software
2007-03-11 13:40 -------- d-------- C:\Program Files\elaborate bytes
2007-03-10 01:01 335 --a------ C:\WINDOWS\nsreg.dat
2007-03-10 01:00 -------- d-------- C:\Program Files\viewpoint
2007-03-10 00:59 -------- d-------- C:\Program Files\java
2007-03-05 13:36 -------- d-------- C:\Program Files\msbuild
2007-03-05 13:32 -------- d-------- C:\Program Files\reference assemblies
2007-03-05 00:21 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\shareaza
2007-03-04 23:37 247207 --a------ C:\WINDOWS\piolet_toolbar_uninstaller_4000.exe
2007-03-03 20:18 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\cyberlink
2007-03-03 16:11 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\nasa
2007-03-03 16:09 -------- d-------- C:\Program Files\nasa
2007-03-03 13:54 -------- d-------- C:\Program Files\Fichiers communs\wise installation wizard
2007-03-03 13:54 -------- d-------- C:\Program Files\ageia technologies
2007-03-02 21:22 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\media player classic
2007-03-02 20:30 -------- d-------- C:\Program Files\Fichiers communs\java
2007-03-02 20:03 -------- d-------- C:\Program Files\mpcstar
2007-03-02 14:07 -------- d-------- C:\Program Files\yahoo!
2007-03-02 12:41 -------- d-------- C:\Program Files\lavasoft
2007-03-02 12:41 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\lavasoft
2007-03-01 22:31 44 --a------ C:\WINDOWS\system32\msssc.dll
2007-03-01 00:05 -------- d-------- C:\Program Files\windows live toolbar
2007-02-28 20:46 -------- d-------- C:\Program Files\windows live safety center
2007-02-27 16:22 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\vlc
2007-02-27 16:11 -------- d-------- C:\Program Files\videolan
2007-02-27 13:49 -------- d-------- C:\Program Files\smart projects
2007-02-27 07:54 2560 --a------ C:\WINDOWS\_msrstrt.exe
2007-02-27 07:51 -------- d-------- C:\Program Files\Fichiers communs\teleca shared
2007-02-27 03:19 -------- d-------- C:\Program Files\messenger
2007-02-27 03:05 -------- d-------- C:\Program Files\msxml 4.0
2007-02-26 21:29 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\adobeum
2007-02-25 22:06 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\ahead
2007-02-24 09:20 -------- d-------- C:\Program Files\winamp3
2007-02-24 09:05 -------- d-------- C:\Program Files\netscape
2007-02-22 21:28 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\apple computer
2007-02-22 20:57 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\teleca
2007-02-22 20:53 -------- d-------- C:\Program Files\Fichiers communs\installshield
2007-02-21 19:54 -------- d-------- C:\DOCUME~1\Anass\APPLIC~1\help
2007-02-20 22:41 18432 --a------ C:\WINDOWS\ss3unstl.exe
2007-02-20 19:17 -------- d-------- C:\Program Files\Fichiers communs\ms shared
2007-02-20 18:48 -------- d-------- C:\Program Files\jargon informatique
2007-02-17 17:54 544256 --a------ C:\WINDOWS\system32\autopartnt.exe
2007-02-17 17:17 62 --ahs---- C:\DOCUME~1\Anass\APPLIC~1\desktop.ini
2007-02-17 17:05 37888 --a------ C:\WINDOWS\system32\setupnt.dll
2007-02-17 16:25 0 -rahs---- C:\MSDOS.SYS
2007-02-17 16:25 0 -rahs---- C:\IO.SYS
2007-02-17 16:25 0 --a------ C:\CONFIG.SYS
2007-01-24 15:36 45305 --a------ C:\Program Files\dxdllreg_x86.cab
2007-01-24 15:36 198275 --a------ C:\Program Files\feb2007_xact_x64.cab
2007-01-24 15:36 151583 --a------ C:\Program Files\feb2007_xact_x86.cab
2007-01-24 15:27 255848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-01-24 15:21 976020 --a------ C:\Program Files\bdaxp.cab
2007-01-24 15:21 917318 --a------ C:\Program Files\apr2006_mdx1_x86.cab
2007-01-24 15:21 91265 --a------ C:\Program Files\oct2006_xinput_x64.cab
2007-01-24 15:21 88102 --a------ C:\Program Files\aug2006_xinput_x64.cab
2007-01-24 15:21 87989 --a------ C:\Program Files\apr2006_xinput_x64.cab
2007-01-24 15:21 86925 --a------ C:\Program Files\oct2005_xinput_x64.cab
2007-01-24 15:21 85235 --a------ C:\Program Files\dxupdate.cab
2007-01-24 15:21 77160 --a------ C:\WINDOWS\dsetup.dll
2007-01-24 15:21 77160 --a------ C:\Program Files\dsetup.dll
2007-01-24 15:21 503144 --a------ C:\WINDOWS\dxsetup.exe
2007-01-24 15:21 49149 --a------ C:\Program Files\oct2006_xinput_x86.cab
2007-01-24 15:21 47018 --a------ C:\Program Files\aug2006_xinput_x86.cab
2007-01-24 15:21 46898 --a------ C:\Program Files\apr2006_xinput_x86.cab
2007-01-24 15:21 46247 --a------ C:\Program Files\oct2005_xinput_x86.cab
2007-01-24 15:21 4163518 --a------ C:\Program Files\apr2006_mdx1_x86_archive.cab
2007-01-24 15:21 213767 --a------ C:\Program Files\dec2006_d3dx10_00_x64.cab
2007-01-24 15:21 193435 --a------ C:\Program Files\dec2006_xact_x64.cab
2007-01-24 15:21 192680 --a------ C:\Program Files\dec2006_d3dx10_00_x86.cab
2007-01-24 15:21 183863 --a------ C:\Program Files\aug2006_xact_x64.cab
2007-01-24 15:21 183321 --a------ C:\Program Files\oct2006_xact_x64.cab
2007-01-24 15:21 181745 --a------ C:\Program Files\jun2006_xact_x64.cab
2007-01-24 15:21 180021 --a------ C:\Program Files\apr2006_xact_x64.cab
2007-01-24 15:21 179247 --a------ C:\Program Files\feb2006_xact_x64.cab
2007-01-24 15:21 1673576 --a------ C:\WINDOWS\dsetup32.dll
2007-01-24 15:21 1673576 --a------ C:\Program Files\dsetup32.dll
2007-01-24 15:21 1575336 --a------ C:\Program Files\dec2006_d3dx9_32_x86.cab
2007-01-24 15:21 1572114 --a------ C:\Program Files\dec2006_d3dx9_32_x64.cab
2007-01-24 15:21 146559 --a------ C:\Program Files\dec2006_xact_x86.cab
2007-01-24 15:21 1413862 --a------ C:\Program Files\oct2006_d3dx9_31_x64.cab
2007-01-24 15:21 1398718 --a------ C:\Program Files\apr2006_d3dx9_30_x64.cab
2007-01-24 15:21 138977 --a------ C:\Program Files\oct2006_xact_x86.cab
2007-01-24 15:21 138195 --a------ C:\Program Files\aug2006_xact_x86.cab
2007-01-24 15:21 1363684 --a------ C:\Program Files\feb2006_d3dx9_29_x64.cab
2007-01-24 15:21 1358864 --a------ C:\Program Files\dec2005_d3dx9_28_x64.cab
2007-01-24 15:21 1351430 --a------ C:\Program Files\aug2005_d3dx9_27_x64.cab
2007-01-24 15:21 1348242 --a------ C:\Program Files\apr2005_d3dx9_25_x64.cab
2007-01-24 15:21 134631 --a------ C:\Program Files\jun2006_xact_x86.cab
2007-01-24 15:21 133991 --a------ C:\Program Files\apr2006_xact_x86.cab
2007-01-24 15:21 1336890 --a------ C:\Program Files\jun2005_d3dx9_26_x64.cab
2007-01-24 15:21 133297 --a------ C:\Program Files\feb2006_xact_x86.cab
2007-01-24 15:21 13265040 --a------ C:\Program Files\dxnt.cab
2007-01-24 15:21 1248387 --a------ C:\Program Files\feb2005_d3dx9_24_x64.cab
2007-01-24 15:21 1156363 --a------ C:\Program Files\bdant.cab
2007-01-24 15:21 1128177 --a------ C:\Program Files\oct2006_d3dx9_31_x86.cab
2007-01-24 15:21 1116109 --a------ C:\Program Files\apr2006_d3dx9_30_x86.cab
2007-01-24 15:21 1085608 --a------ C:\Program Files\feb2006_d3dx9_29_x86.cab
2007-01-24 15:21 1080344 --a------ C:\Program Files\dec2005_d3dx9_28_x86.cab
2007-01-24 15:21 1079850 --a------ C:\Program Files\apr2005_d3dx9_25_x86.cab
2007-01-24 15:21 1078532 --a------ C:\Program Files\aug2005_d3dx9_27_x86.cab
2007-01-24 15:21 1065813 --a------ C:\Program Files\jun2005_d3dx9_26_x86.cab
2007-01-24 15:21 1014113 --a------ C:\Program Files\feb2005_d3dx9_24_x86.cab

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
{0A94B111-4504-4e26-AB05-E61E474AA38B} C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
{1557B435-8242-4686-9AA3-9265BF7525A4} C:\WINDOWS\system32\bxsvmerj.dll [x]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{733FD72F-103E-4B9E-BCB9-A76064AF3C72} C:\WINDOWS\system32\ssqonon.dll [x]
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar3.dll
{ADEB1CF7-A86E-4372-8B2A-77E6E2F49984} C:\WINDOWS\system32\ssqro.dll [x]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\Windows Live Toolbar\msntb.dll
{CC3F4F56-4E51-4B23-B177-BFA34D3608F9} C:\WINDOWS\system32\vtliijgb.dll
{F4D76F01-7896-458a-890F-E1F05C46069F} C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"domino"="C:\\WINDOWS\\domino.exe"
"AGEIA PhysX SysTray"="C:\\Program Files\\AGEIA Technologies\\TrayIcon.exe"
"VMSnap1"="C:\\WINDOWS\\VMSnap1.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Edition Découverte\\3.0\\Apps\\apdproxy.exe\""
"a-squared"="\"C:\\Program Files\\a-squared Anti-Malware\\a2guard.exe\""
"DownloadAccelerator"="\"C:\\Program Files\\DAP\\DAP.EXE\" /STARTUP"
"SpeedOptimizer"="C:\\PROGRA~1\\SPEEDO~1\\SPO.EXE -s "
"SiSPower"="Rundll32.exe SiSPower.dll,ModeAgent"
"SoundMan"="SOUNDMAN.EXE"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"E06FDXRC_8323390"="\"E:\\Program Files\\Collection Microsoft Encarta 2006\\EDICT.EXE\" -m"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=dword:00000001
"NoRecentDocsMenu"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{733FD72F-103E-4B9E-BCB9-A76064AF3C72}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="CLKERN.DLL"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\DSLMON.lnk"
"backup"="C:\\WINDOWS\\pss\\DSLMON.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Menara\\dslmon.exe "
"item"="DSLMON"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk.disabled]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Outil de mise à jour Google.lnk.disabled"
"backup"="C:\\WINDOWS\\pss\\Outil de mise à jour Google.lnk.disabledCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Outil de mise à jour Google.lnk.disabled"
"item"="Outil de mise à jour Google.lnk"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Photoshop Album Edition Découverte\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TrayIcon"
"hkey"="HKLM"
"command"="C:\\Program Files\\AGEIA Technologies\\TrayIcon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\domino]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="domino"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\domino.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FDXRC_8323390]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EDICT"
"hkey"="HKCU"
"command"="\"E:\\Program Files\\Collection Microsoft Encarta 2006\\EDICT.EXE\" -m"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Shareaza"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Shareaza\\Shareaza.exe\" -tray"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sfaiwemc"
"hkey"="HKLM"
"command"="rundll32.exe \"C:\\WINDOWS\\system32\\sfaiwemc.dll\",setvm"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TeaTimer"
"hkey"="HKCU"
"command"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VMSnap1"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\VMSnap1.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e2f6c7a-c10f-11db-95e6-4d6564696130}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa981390-ddf9-11db-86ba-4d6564696130}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7a5d913-dca9-11db-86dd-4d6564696130}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job

********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-20 13:57:56 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-04-20 13:57
-------
je vous signale que je viens d'installer ZoneAlarm: il me signale déjà un programme qui me parait bizarre et à qui j'ai prohibé sa manip. en guise de prudence en voici sa fiche technique pour toutes les fins jugées utiles :
nwkxtvljz.exe tente de se connecter à Internet ou à votre réseau local
ZoneAlarm demande si vous souhaitez autoriser la connexion. Aucune brèche n'a été ouverte dans votre système de sécurité. Votre ordinateur est sain.

Dans l'alerte de programme

Propriété de l'alerte Valeur de la propriété de l'alerte Explication technique
Nom du programme nwkxtvljz.exe Un programme de votre ordinateur qui a tenté d'envoyer un paquet IP par Internet ou attend un paquet entrant.
Nom du fichier nwkxtvljz.exe Le nom de fichier du programme que ZoneAlarm a trouvé sur votre ordinateur.
Taille du programme 321536 La taille du fichier exécutable en octets.
Programme MD5 267e1ded90851f42f3ac20242cd1fd38 Le hachage MD5 ou le numéro, identifiant uniquement l'exécutable.
Smart Checksum 134265b5bd6bb6b6bd011a0f4e147694 Le hachage SKIMP ou le numéro, identifiant uniquement l'exécutable.
Date de modification Mar-14-2007 08:23:58 PM Dernière date de modification de nwkxtvljz.exe.
Type de connexion Accès Cette valeur peut représenter tout accès correspondant à une tentative de connexion à Internet de la part de nwkxtvljz.exe ou d'un serveur, ce qui indique que nwkxtvljz.exe attends des connexions provenant d'Internet.
Port distant 1115 Le port que nwkxtvljz

Messages similaires

Dans l'actualité

Les téléchargements

Ressources relatives

Albums

Les dernières actualités

Les derniers dossiers