virus & Co... :S
Dernière réponse : dans Sécurité
Bonjour a tous, depuis quelque temps mon pc ram a fond pour démarer, mon antivirus (avast) trouver bcp de virus qu'il suprime et aussi des dll qui reviennes sans cesse, mais qui sont invisble quand je vait ds le dossier conserner...:S
Quand je veut lancé 1page internet le pc beug 1fois sur 3...défois la barre de tache disparai et la plus rien é possible...
J'ai fait des scan avec avast il a trouvé dé tonnes de truc qu'il a suprimé mais rien a changé é jai aussi ad-aware BE!! Ke dois je faire ???
Aidez moi svp sa me gave pourtant g rien changé mon antivirus é tjrs ok et jai tjrs le firewall de windows ché pas dou sa vien enfin bon...
Merci davance !!
Quand je veut lancé 1page internet le pc beug 1fois sur 3...défois la barre de tache disparai et la plus rien é possible...
J'ai fait des scan avec avast il a trouvé dé tonnes de truc qu'il a suprimé mais rien a changé é jai aussi ad-aware BE!! Ke dois je faire ???
Aidez moi svp sa me gave pourtant g rien changé mon antivirus é tjrs ok et jai tjrs le firewall de windows ché pas dou sa vien enfin bon...
Merci davance !!
Autres pages sur : virus
Lassé par la pub ? Créez un compte
Bonjour,
Télécharge Hijackthis (de Merjin).
Dézippe-le dans un dossier ou sur ton Bureau.
Lance l'application (Hijackthis.exe) :
- Choisis l'option "Do a system scan and save a logfile"
- Le Bloc-Notes s'ouvre, poste son contenu :
Edition / Sélectionner tout
Edition / Copier
Clique-Droit / Coller dans ta réponse
AIDE : Tuto en vidéo sur Hijackthis
Télécharge Hijackthis (de Merjin).
Dézippe-le dans un dossier ou sur ton Bureau.
Lance l'application (Hijackthis.exe) :
- Choisis l'option "Do a system scan and save a logfile"
- Le Bloc-Notes s'ouvre, poste son contenu :
AIDE : Tuto en vidéo sur Hijackthis
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14:47:49, on 18/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WinSys.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Documents and Settings\All Users\Application Data\ytgloxyp.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Ma Maison\Logiciels\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: metaspinner media GmbH - {12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443} - C:\PROGRA~1\YETISP~1\IEBUTT~1.DLL
O2 - BHO: (no name) - {400D8E70-786A-4C39-B548-AEAABF8C5D8B} - C:\WINDOWS\system32\ddayx.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\jknpoxah.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C004A8DA-623A-4409-B6ED-F3E3DA367792} - C:\WINDOWS\system32\jkkkijg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime2\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinSys] C:\WINDOWS\system32\WinSys.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E70CE7C0726B954E2C2832210359926033AAC01F09DDF7618419154310B87659CA5E04E5067DF690232BC10E3C283201530856D1E27
O4 - HKLM\..\Run: [ytgloxyp.exe] C:\Documents and Settings\All Users\Application Data\ytgloxyp.exe
O4 - HKLM\..\Run: [j9271439] rundll32 C:\WINDOWS\system32\j9271439.dll sook
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [SC2] C:\WINDOWS\system32\scchk32.exe
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\axhenuld.dll",realset
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Registration-Studio 8.lnk = C:\Program Files\Pinnacle\Studio 8\Register\RegTool.exe
O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {3F0EECCE-E138-11D1-8712-0060083D83F5} (LPViewer Class) - http://www.mgisoft.com/ActiveX/LPControl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O20 - Winlogon Notify: ddayx - C:\WINDOWS\system32\ddayx.dll
O20 - Winlogon Notify: jkkkijg - C:\WINDOWS\SYSTEM32\jkkkijg.dll
O20 - Winlogon Notify: winexz32 - C:\WINDOWS\SYSTEM32\winexz32.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
--
End of file - 13093 bytes
merci davance
Scan saved at 14:47:49, on 18/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WinSys.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Documents and Settings\All Users\Application Data\ytgloxyp.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Ma Maison\Logiciels\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: metaspinner media GmbH - {12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443} - C:\PROGRA~1\YETISP~1\IEBUTT~1.DLL
O2 - BHO: (no name) - {400D8E70-786A-4C39-B548-AEAABF8C5D8B} - C:\WINDOWS\system32\ddayx.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\jknpoxah.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C004A8DA-623A-4409-B6ED-F3E3DA367792} - C:\WINDOWS\system32\jkkkijg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime2\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinSys] C:\WINDOWS\system32\WinSys.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E70CE7C0726B954E2C2832210359926033AAC01F09DDF7618419154310B87659CA5E04E5067DF690232BC10E3C283201530856D1E27
O4 - HKLM\..\Run: [ytgloxyp.exe] C:\Documents and Settings\All Users\Application Data\ytgloxyp.exe
O4 - HKLM\..\Run: [j9271439] rundll32 C:\WINDOWS\system32\j9271439.dll sook
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [SC2] C:\WINDOWS\system32\scchk32.exe
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\axhenuld.dll",realset
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Registration-Studio 8.lnk = C:\Program Files\Pinnacle\Studio 8\Register\RegTool.exe
O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {3F0EECCE-E138-11D1-8712-0060083D83F5} (LPViewer Class) - http://www.mgisoft.com/ActiveX/LPControl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O20 - Winlogon Notify: ddayx - C:\WINDOWS\system32\ddayx.dll
O20 - Winlogon Notify: jkkkijg - C:\WINDOWS\SYSTEM32\jkkkijg.dll
O20 - Winlogon Notify: winexz32 - C:\WINDOWS\SYSTEM32\winexz32.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
--
End of file - 13093 bytes
merci davance
Re,
Télécharge Clean.zip (de Malekal),
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.
Télécharge Clean.zip (de Malekal),
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.
18/06/2007 a 15:01:04,51
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
C:\WINDOWS\UnGins.exe FOUND
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\mcrh.tmp FOUND
C:\WINDOWS\system32\winsys.exe FOUND
C:\WINDOWS\system32\P0620Pin.dll FOUND
C:\WINDOWS\system32\winexz32.dll FOUND
C:\WINDOWS\Temp\win????.tmp.exe FOUND
*** Recherche des fichiers dans C:\Program Files
*** Fin du rapport !
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
C:\WINDOWS\UnGins.exe FOUND
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\mcrh.tmp FOUND
C:\WINDOWS\system32\winsys.exe FOUND
C:\WINDOWS\system32\P0620Pin.dll FOUND
C:\WINDOWS\system32\winexz32.dll FOUND
C:\WINDOWS\Temp\win????.tmp.exe FOUND
*** Recherche des fichiers dans C:\Program Files
*** Fin du rapport !
Re,
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
Double-clique VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo
Lorsque le scan est complété, clique sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
voila le bloc note de VundoFiX :
VundoFix V6.5.0
Checking Java version...
Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.11
Scan started at 15:17:08 18/06/2007
Listing files found while scanning....
C:\windows\system32\bsxiyqns.dll
C:\windows\system32\byxvuvv.dll
C:\windows\system32\cmnnesag.dll
C:\windows\system32\cuccvhoi.dll
C:\WINDOWS\system32\ddayx.dll
C:\windows\system32\ebyvlmug.dll
C:\windows\system32\eojwyouo.exe
C:\windows\system32\ffktpbep.exe
C:\windows\system32\gasennmc.ini
C:\windows\system32\gumlvybe.ini
C:\windows\system32\hbibybui.dll
C:\windows\system32\hhkgqlff.exe
C:\windows\system32\hjemigjx.exe
C:\windows\system32\imvcwgoa.exe
C:\windows\system32\iubybibh.ini
C:\windows\system32\j1261936.dll
C:\WINDOWS\system32\jkkkijg.dll
C:\windows\system32\kdicjvpf.exe
C:\windows\system32\mhpnphid.exe
C:\windows\system32\pgxglbwu.dll
C:\windows\system32\rmdfyfju.dll
C:\windows\system32\rtkaiehi.dll
C:\windows\system32\scvvukfl.exe
C:\windows\system32\sfuqkdnj.exe
C:\WINDOWS\system32\tgecsxtn.dll
C:\windows\system32\tmecomsy.dll
C:\windows\system32\ujfyfdmr.ini
C:\windows\system32\upxvqryg.exe
C:\windows\system32\uwblgxgp.ini
C:\windows\system32\vhaksunw.ini
C:\windows\system32\vnbpbhan.dll
C:\windows\system32\vqkrnlqi.exe
C:\windows\system32\vtkckjvi.exe
C:\WINDOWS\system32\wgtouhxf.dll
C:\windows\system32\wnuskahv.dll
C:\WINDOWS\system32\xyadd.bak1
C:\windows\system32\xyadd.bak2
C:\windows\system32\xyadd.ini
C:\WINDOWS\system32\xyadd.ini2
C:\windows\system32\xyadd.tmp
C:\windows\system32\ysmocemt.ini
C:\windows\system32\ywuevnvp.exe
C:\WINDOWS\system32\ywvtthjd.dll
Beginning removal...
Attempting to delete C:\windows\system32\bsxiyqns.dll
C:\windows\system32\bsxiyqns.dll Has been deleted!
Attempting to delete C:\windows\system32\byxvuvv.dll
C:\windows\system32\byxvuvv.dll Has been deleted!
Attempting to delete C:\windows\system32\cmnnesag.dll
C:\windows\system32\cmnnesag.dll Has been deleted!
Attempting to delete C:\windows\system32\cuccvhoi.dll
C:\windows\system32\cuccvhoi.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddayx.dll
C:\WINDOWS\system32\ddayx.dll Has been deleted!
Attempting to delete C:\windows\system32\ebyvlmug.dll
C:\windows\system32\ebyvlmug.dll Has been deleted!
Attempting to delete C:\windows\system32\eojwyouo.exe
C:\windows\system32\eojwyouo.exe Has been deleted!
Attempting to delete C:\windows\system32\ffktpbep.exe
C:\windows\system32\ffktpbep.exe Has been deleted!
Attempting to delete C:\windows\system32\gasennmc.ini
C:\windows\system32\gasennmc.ini Has been deleted!
Attempting to delete C:\windows\system32\gumlvybe.ini
C:\windows\system32\gumlvybe.ini Has been deleted!
Attempting to delete C:\windows\system32\hbibybui.dll
C:\windows\system32\hbibybui.dll Has been deleted!
Attempting to delete C:\windows\system32\hhkgqlff.exe
C:\windows\system32\hhkgqlff.exe Has been deleted!
Attempting to delete C:\windows\system32\hjemigjx.exe
C:\windows\system32\hjemigjx.exe Has been deleted!
Attempting to delete C:\windows\system32\imvcwgoa.exe
C:\windows\system32\imvcwgoa.exe Has been deleted!
Attempting to delete C:\windows\system32\iubybibh.ini
C:\windows\system32\iubybibh.ini Has been deleted!
Attempting to delete C:\windows\system32\j1261936.dll
C:\windows\system32\j1261936.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkkkijg.dll
C:\WINDOWS\system32\jkkkijg.dll Has been deleted!
Attempting to delete C:\windows\system32\kdicjvpf.exe
C:\windows\system32\kdicjvpf.exe Has been deleted!
Attempting to delete C:\windows\system32\mhpnphid.exe
C:\windows\system32\mhpnphid.exe Has been deleted!
Attempting to delete C:\windows\system32\pgxglbwu.dll
C:\windows\system32\pgxglbwu.dll Has been deleted!
Attempting to delete C:\windows\system32\rmdfyfju.dll
C:\windows\system32\rmdfyfju.dll Has been deleted!
Attempting to delete C:\windows\system32\rtkaiehi.dll
C:\windows\system32\rtkaiehi.dll Has been deleted!
Attempting to delete C:\windows\system32\scvvukfl.exe
C:\windows\system32\scvvukfl.exe Has been deleted!
Attempting to delete C:\windows\system32\sfuqkdnj.exe
C:\windows\system32\sfuqkdnj.exe Has been deleted!
Attempting to delete C:\windows\system32\tmecomsy.dll
C:\windows\system32\tmecomsy.dll Has been deleted!
Attempting to delete C:\windows\system32\ujfyfdmr.ini
C:\windows\system32\ujfyfdmr.ini Has been deleted!
Attempting to delete C:\windows\system32\upxvqryg.exe
C:\windows\system32\upxvqryg.exe Has been deleted!
Attempting to delete C:\windows\system32\uwblgxgp.ini
C:\windows\system32\uwblgxgp.ini Has been deleted!
Attempting to delete C:\windows\system32\vhaksunw.ini
C:\windows\system32\vhaksunw.ini Has been deleted!
Attempting to delete C:\windows\system32\vnbpbhan.dll
C:\windows\system32\vnbpbhan.dll Has been deleted!
Attempting to delete C:\windows\system32\vqkrnlqi.exe
C:\windows\system32\vqkrnlqi.exe Has been deleted!
Attempting to delete C:\windows\system32\vtkckjvi.exe
C:\windows\system32\vtkckjvi.exe Has been deleted!
Attempting to delete C:\windows\system32\wnuskahv.dll
C:\windows\system32\wnuskahv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xyadd.bak1
C:\WINDOWS\system32\xyadd.bak1 Has been deleted!
Attempting to delete C:\windows\system32\xyadd.bak2
C:\windows\system32\xyadd.bak2 Has been deleted!
Attempting to delete C:\windows\system32\xyadd.ini
C:\windows\system32\xyadd.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\xyadd.ini2
C:\WINDOWS\system32\xyadd.ini2 Has been deleted!
Attempting to delete C:\windows\system32\xyadd.tmp
C:\windows\system32\xyadd.tmp Has been deleted!
Attempting to delete C:\windows\system32\ysmocemt.ini
C:\windows\system32\ysmocemt.ini Has been deleted!
Attempting to delete C:\windows\system32\ywuevnvp.exe
C:\windows\system32\ywuevnvp.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\ywvtthjd.dll
C:\WINDOWS\system32\ywvtthjd.dll Has been deleted!
Performing Repairs to the registry.
Done!
Et celui de Hijackthis juste au redémarage de la bécanne:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15:29:37, on 18/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime2\qttask.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\WinSys.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Documents and Settings\All Users\Application Data\ytgloxyp.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Ma Maison\Logiciels\Lutte anti virus\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: metaspinner media GmbH - {12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443} - C:\PROGRA~1\YETISP~1\IEBUTT~1.DLL
O2 - BHO: (no name) - {400D8E70-786A-4C39-B548-AEAABF8C5D8B} - C:\WINDOWS\system32\ddayx.dll (file missing)
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\jknpoxah.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime2\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinSys] C:\WINDOWS\system32\WinSys.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E70CE7C0726B954E2C2832210359926033AAC01F09DDF7618419154310B87659CA5E04E5067DF690232BC10E3C283201530856D1E27
O4 - HKLM\..\Run: [ytgloxyp.exe] C:\Documents and Settings\All Users\Application Data\ytgloxyp.exe
O4 - HKLM\..\Run: [j9271439] rundll32 C:\WINDOWS\system32\j9271439.dll sook
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [SC2] C:\WINDOWS\system32\scchk32.exe
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\axhenuld.dll",realset
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Registration-Studio 8.lnk = C:\Program Files\Pinnacle\Studio 8\Register\RegTool.exe
O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {3F0EECCE-E138-11D1-8712-0060083D83F5} (LPViewer Class) - http://www.mgisoft.com/ActiveX/LPControl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O20 - Winlogon Notify: winexz32 - C:\WINDOWS\SYSTEM32\winexz32.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
--
End of file - 13200 bytes
VundoFix V6.5.0
Checking Java version...
Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.11
Scan started at 15:17:08 18/06/2007
Listing files found while scanning....
C:\windows\system32\bsxiyqns.dll
C:\windows\system32\byxvuvv.dll
C:\windows\system32\cmnnesag.dll
C:\windows\system32\cuccvhoi.dll
C:\WINDOWS\system32\ddayx.dll
C:\windows\system32\ebyvlmug.dll
C:\windows\system32\eojwyouo.exe
C:\windows\system32\ffktpbep.exe
C:\windows\system32\gasennmc.ini
C:\windows\system32\gumlvybe.ini
C:\windows\system32\hbibybui.dll
C:\windows\system32\hhkgqlff.exe
C:\windows\system32\hjemigjx.exe
C:\windows\system32\imvcwgoa.exe
C:\windows\system32\iubybibh.ini
C:\windows\system32\j1261936.dll
C:\WINDOWS\system32\jkkkijg.dll
C:\windows\system32\kdicjvpf.exe
C:\windows\system32\mhpnphid.exe
C:\windows\system32\pgxglbwu.dll
C:\windows\system32\rmdfyfju.dll
C:\windows\system32\rtkaiehi.dll
C:\windows\system32\scvvukfl.exe
C:\windows\system32\sfuqkdnj.exe
C:\WINDOWS\system32\tgecsxtn.dll
C:\windows\system32\tmecomsy.dll
C:\windows\system32\ujfyfdmr.ini
C:\windows\system32\upxvqryg.exe
C:\windows\system32\uwblgxgp.ini
C:\windows\system32\vhaksunw.ini
C:\windows\system32\vnbpbhan.dll
C:\windows\system32\vqkrnlqi.exe
C:\windows\system32\vtkckjvi.exe
C:\WINDOWS\system32\wgtouhxf.dll
C:\windows\system32\wnuskahv.dll
C:\WINDOWS\system32\xyadd.bak1
C:\windows\system32\xyadd.bak2
C:\windows\system32\xyadd.ini
C:\WINDOWS\system32\xyadd.ini2
C:\windows\system32\xyadd.tmp
C:\windows\system32\ysmocemt.ini
C:\windows\system32\ywuevnvp.exe
C:\WINDOWS\system32\ywvtthjd.dll
Beginning removal...
Attempting to delete C:\windows\system32\bsxiyqns.dll
C:\windows\system32\bsxiyqns.dll Has been deleted!
Attempting to delete C:\windows\system32\byxvuvv.dll
C:\windows\system32\byxvuvv.dll Has been deleted!
Attempting to delete C:\windows\system32\cmnnesag.dll
C:\windows\system32\cmnnesag.dll Has been deleted!
Attempting to delete C:\windows\system32\cuccvhoi.dll
C:\windows\system32\cuccvhoi.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddayx.dll
C:\WINDOWS\system32\ddayx.dll Has been deleted!
Attempting to delete C:\windows\system32\ebyvlmug.dll
C:\windows\system32\ebyvlmug.dll Has been deleted!
Attempting to delete C:\windows\system32\eojwyouo.exe
C:\windows\system32\eojwyouo.exe Has been deleted!
Attempting to delete C:\windows\system32\ffktpbep.exe
C:\windows\system32\ffktpbep.exe Has been deleted!
Attempting to delete C:\windows\system32\gasennmc.ini
C:\windows\system32\gasennmc.ini Has been deleted!
Attempting to delete C:\windows\system32\gumlvybe.ini
C:\windows\system32\gumlvybe.ini Has been deleted!
Attempting to delete C:\windows\system32\hbibybui.dll
C:\windows\system32\hbibybui.dll Has been deleted!
Attempting to delete C:\windows\system32\hhkgqlff.exe
C:\windows\system32\hhkgqlff.exe Has been deleted!
Attempting to delete C:\windows\system32\hjemigjx.exe
C:\windows\system32\hjemigjx.exe Has been deleted!
Attempting to delete C:\windows\system32\imvcwgoa.exe
C:\windows\system32\imvcwgoa.exe Has been deleted!
Attempting to delete C:\windows\system32\iubybibh.ini
C:\windows\system32\iubybibh.ini Has been deleted!
Attempting to delete C:\windows\system32\j1261936.dll
C:\windows\system32\j1261936.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkkkijg.dll
C:\WINDOWS\system32\jkkkijg.dll Has been deleted!
Attempting to delete C:\windows\system32\kdicjvpf.exe
C:\windows\system32\kdicjvpf.exe Has been deleted!
Attempting to delete C:\windows\system32\mhpnphid.exe
C:\windows\system32\mhpnphid.exe Has been deleted!
Attempting to delete C:\windows\system32\pgxglbwu.dll
C:\windows\system32\pgxglbwu.dll Has been deleted!
Attempting to delete C:\windows\system32\rmdfyfju.dll
C:\windows\system32\rmdfyfju.dll Has been deleted!
Attempting to delete C:\windows\system32\rtkaiehi.dll
C:\windows\system32\rtkaiehi.dll Has been deleted!
Attempting to delete C:\windows\system32\scvvukfl.exe
C:\windows\system32\scvvukfl.exe Has been deleted!
Attempting to delete C:\windows\system32\sfuqkdnj.exe
C:\windows\system32\sfuqkdnj.exe Has been deleted!
Attempting to delete C:\windows\system32\tmecomsy.dll
C:\windows\system32\tmecomsy.dll Has been deleted!
Attempting to delete C:\windows\system32\ujfyfdmr.ini
C:\windows\system32\ujfyfdmr.ini Has been deleted!
Attempting to delete C:\windows\system32\upxvqryg.exe
C:\windows\system32\upxvqryg.exe Has been deleted!
Attempting to delete C:\windows\system32\uwblgxgp.ini
C:\windows\system32\uwblgxgp.ini Has been deleted!
Attempting to delete C:\windows\system32\vhaksunw.ini
C:\windows\system32\vhaksunw.ini Has been deleted!
Attempting to delete C:\windows\system32\vnbpbhan.dll
C:\windows\system32\vnbpbhan.dll Has been deleted!
Attempting to delete C:\windows\system32\vqkrnlqi.exe
C:\windows\system32\vqkrnlqi.exe Has been deleted!
Attempting to delete C:\windows\system32\vtkckjvi.exe
C:\windows\system32\vtkckjvi.exe Has been deleted!
Attempting to delete C:\windows\system32\wnuskahv.dll
C:\windows\system32\wnuskahv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xyadd.bak1
C:\WINDOWS\system32\xyadd.bak1 Has been deleted!
Attempting to delete C:\windows\system32\xyadd.bak2
C:\windows\system32\xyadd.bak2 Has been deleted!
Attempting to delete C:\windows\system32\xyadd.ini
C:\windows\system32\xyadd.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\xyadd.ini2
C:\WINDOWS\system32\xyadd.ini2 Has been deleted!
Attempting to delete C:\windows\system32\xyadd.tmp
C:\windows\system32\xyadd.tmp Has been deleted!
Attempting to delete C:\windows\system32\ysmocemt.ini
C:\windows\system32\ysmocemt.ini Has been deleted!
Attempting to delete C:\windows\system32\ywuevnvp.exe
C:\windows\system32\ywuevnvp.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\ywvtthjd.dll
C:\WINDOWS\system32\ywvtthjd.dll Has been deleted!
Performing Repairs to the registry.
Done!
Et celui de Hijackthis juste au redémarage de la bécanne:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15:29:37, on 18/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime2\qttask.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\WinSys.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Documents and Settings\All Users\Application Data\ytgloxyp.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Ma Maison\Logiciels\Lutte anti virus\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: metaspinner media GmbH - {12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443} - C:\PROGRA~1\YETISP~1\IEBUTT~1.DLL
O2 - BHO: (no name) - {400D8E70-786A-4C39-B548-AEAABF8C5D8B} - C:\WINDOWS\system32\ddayx.dll (file missing)
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\jknpoxah.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime2\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinSys] C:\WINDOWS\system32\WinSys.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E70CE7C0726B954E2C2832210359926033AAC01F09DDF7618419154310B87659CA5E04E5067DF690232BC10E3C283201530856D1E27
O4 - HKLM\..\Run: [ytgloxyp.exe] C:\Documents and Settings\All Users\Application Data\ytgloxyp.exe
O4 - HKLM\..\Run: [j9271439] rundll32 C:\WINDOWS\system32\j9271439.dll sook
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [SC2] C:\WINDOWS\system32\scchk32.exe
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\axhenuld.dll",realset
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Registration-Studio 8.lnk = C:\Program Files\Pinnacle\Studio 8\Register\RegTool.exe
O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {3F0EECCE-E138-11D1-8712-0060083D83F5} (LPViewer Class) - http://www.mgisoft.com/ActiveX/LPControl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O20 - Winlogon Notify: winexz32 - C:\WINDOWS\SYSTEM32\winexz32.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
--
End of file - 13200 bytes
Re,
Télécharge Combofix
Sauvegarde-le sur ton Bureau et pas ailleurs !
Clique sur le menu Démarrer puis Executer, copie/colle ceci :
"%userprofile%\Bureau\combofix.exe" /v winexz32
Clique sur [OK]. Suis les invites.
Attends que Combofix ait terminé, un rapport sera créé. Poste le rapport.
Télécharge Combofix
Sauvegarde-le sur ton Bureau et pas ailleurs !
Clique sur le menu Démarrer puis Executer, copie/colle ceci :
"%userprofile%\Bureau\combofix.exe" /v winexz32
Clique sur [OK]. Suis les invites.
Attends que Combofix ait terminé, un rapport sera créé. Poste le rapport.
voila le rapport de combosFix apres redémarege de lordinateur :
ComboFix 07-06-17 - C:\Documents and Settings\HP_Propri‚taire\Bureau\combofix.exe
"HP_Propri‚taire" - 2007-06-18 15:43:20 - Service Pack 2 NTFS
Command switches used :: /v winexz32
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\axhenuld.dll
C:\WINDOWS\system32\bcyaxgxg.dll
C:\WINDOWS\system32\fxonafnb.dll
C:\WINDOWS\system32\gunryebl.dll
C:\WINDOWS\system32\jtbboeag.dll
C:\WINDOWS\system32\winexz32.dll
C:\WINDOWS\system32\dlunehxa.ini
C:\WINDOWS\system32\gxgxaycb.ini
C:\WINDOWS\system32\bnfanoxf.ini
C:\WINDOWS\system32\gaeobbtj.ini
C:\WINDOWS\system32\cbxwvts.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\HP_PRO~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\E7CC65PY\www.broadcaster.com
C:\DOCUME~1\HP_PRO~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\HP_PRO~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\Fichiers communs\Yazzle1162OinUninstaller.exe
C:\WINDOWS\retadpu.exe
C:\WINDOWS\system32\j3261034.dll
C:\WINDOWS\system32\winsys.exe
C:\WINDOWS\wr.txt
((((((((((((((((((((((((( Files Created from 2007-05-18 to 2007-06-18 )))))))))))))))))))))))))))))))
2007-06-18 15:39 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-16 15:18 <REP> d-------- C:\WINDOWS\system32\fjsvlvfh
2007-06-16 03:13 286,720 --a------ C:\WINDOWS\system32\scchk32.exe
2007-06-13 21:27 62,516 --a------ C:\WINDOWS\system32\jknpoxah.dll
2007-06-12 15:36 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-06-11 16:09 <REP> d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\Nokia Multimedia Player
2007-06-11 16:04 <REP> d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\Nokia
2007-06-11 16:04 <REP> d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\DataLayer
2007-06-11 16:03 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Phone Browser
2007-06-11 16:01 <REP> d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\PC Suite
2007-06-11 15:59 <REP> d-------- C:\Program Files\Nokia
2007-06-11 15:59 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
2007-06-11 15:59 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
2007-06-11 15:58 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
2007-06-07 20:01 <REP> d-------- C:\Program Files\eMule
2007-06-06 20:48 55,316 --a------ C:\WINDOWS\system32\tufpfiol.dll
2007-06-02 21:03 <REP> d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\AdobeUM
2007-06-02 20:30 <REP> d-------- C:\Program Files\Windows Live
2007-06-02 20:30 <REP> d-------- C:\Program Files\Messenger Plus! Live
2007-05-30 20:31 14,868 --a------ C:\WINDOWS\system32\ylhtmfgt.exe
2007-05-30 18:05 57,344 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\ytgloxyp.exe
2007-05-27 20:55 <REP> d-------- C:\Program Files\Electronic Arts
2007-05-18 17:54 <REP> d-------- C:\Program Files\Valve
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-02 18:30:13 -------- d-----w C:\Program Files\MSN Messenger
2007-06-02 16:42:14 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-02 16:40:33 -------- d-----w C:\Program Files\Creative
2007-05-19 11:53:30 -------- d-----w C:\Program Files\Codemasters
2007-05-18 20:33:11 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-28 16:38:41 -------- d-----w C:\Program Files\EA SPORTS
2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-09 07:42:06 49,152 ----a-r C:\WINDOWS\system32\inetwh32.dll
2007-04-09 07:42:06 1,044,480 ----a-r C:\WINDOWS\system32\roboex32.dll
2007-03-25 07:48:43 65,602 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-03-25 07:48:43 449,740 ----a-w C:\WINDOWS\system32\perfh00C.dat
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 20:12]
{12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443}=C:\PROGRA~1\YETISP~1\IEBUTT~1.DLL [2005-02-07 12:25]
{400D8E70-786A-4C39-B548-AEAABF8C5D8B}=C:\WINDOWS\system32\ddayx.dll []
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 06:54 C:\WINDOWS\RTHDCPL.EXE]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 01:35]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-02-24 19:46]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 15:34]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 11:18]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"QuickTime Task"="C:\Program Files\QuickTime2\qttask.exe" [2006-09-10 10:30]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2004-04-29 10:59]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" []
"nwiz"="nwiz.exe" [2006-06-01 11:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 11:22 C:\WINDOWS\system32\nvmctray.dll]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"ytgloxyp.exe"="C:\Documents and Settings\All Users\Application Data\ytgloxyp.exe" [2007-05-30 18:05]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2005-12-13 08:49]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 11:22]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 17:34]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 06:00]
"Steam"="C:\Program Files\Valve\Steam\Steam.exe" [2007-06-01 16:46]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" []
"WINSOS VERIFY"="C:\Program Files\WINSOS\WINSOS.exe" []
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-11-30 16:56]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2006-01-26 18:21]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{032dc86a-35c8-11db-8b24-0016ec89190e}]
AutoRun\command- J:\autorun.exe
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-18 15:50:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-06-18 15:52:25 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-18 15:52
--- E O F ---
ComboFix 07-06-17 - C:\Documents and Settings\HP_Propri‚taire\Bureau\combofix.exe
"HP_Propri‚taire" - 2007-06-18 15:43:20 - Service Pack 2 NTFS
Command switches used :: /v winexz32
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\axhenuld.dll
C:\WINDOWS\system32\bcyaxgxg.dll
C:\WINDOWS\system32\fxonafnb.dll
C:\WINDOWS\system32\gunryebl.dll
C:\WINDOWS\system32\jtbboeag.dll
C:\WINDOWS\system32\winexz32.dll
C:\WINDOWS\system32\dlunehxa.ini
C:\WINDOWS\system32\gxgxaycb.ini
C:\WINDOWS\system32\bnfanoxf.ini
C:\WINDOWS\system32\gaeobbtj.ini
C:\WINDOWS\system32\cbxwvts.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\HP_PRO~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\E7CC65PY\www.broadcaster.com
C:\DOCUME~1\HP_PRO~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\HP_PRO~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\Fichiers communs\Yazzle1162OinUninstaller.exe
C:\WINDOWS\retadpu.exe
C:\WINDOWS\system32\j3261034.dll
C:\WINDOWS\system32\winsys.exe
C:\WINDOWS\wr.txt
((((((((((((((((((((((((( Files Created from 2007-05-18 to 2007-06-18 )))))))))))))))))))))))))))))))
2007-06-18 15:39 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-16 15:18 <REP> d-------- C:\WINDOWS\system32\fjsvlvfh
2007-06-16 03:13 286,720 --a------ C:\WINDOWS\system32\scchk32.exe
2007-06-13 21:27 62,516 --a------ C:\WINDOWS\system32\jknpoxah.dll
2007-06-12 15:36 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-06-11 16:09 <REP> d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\Nokia Multimedia Player
2007-06-11 16:04 <REP> d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\Nokia
2007-06-11 16:04 <REP> d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\DataLayer
2007-06-11 16:03 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Phone Browser
2007-06-11 16:01 <REP> d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\PC Suite
2007-06-11 15:59 <REP> d-------- C:\Program Files\Nokia
2007-06-11 15:59 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
2007-06-11 15:59 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
2007-06-11 15:58 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
2007-06-07 20:01 <REP> d-------- C:\Program Files\eMule
2007-06-06 20:48 55,316 --a------ C:\WINDOWS\system32\tufpfiol.dll
2007-06-02 21:03 <REP> d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\AdobeUM
2007-06-02 20:30 <REP> d-------- C:\Program Files\Windows Live
2007-06-02 20:30 <REP> d-------- C:\Program Files\Messenger Plus! Live
2007-05-30 20:31 14,868 --a------ C:\WINDOWS\system32\ylhtmfgt.exe
2007-05-30 18:05 57,344 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\ytgloxyp.exe
2007-05-27 20:55 <REP> d-------- C:\Program Files\Electronic Arts
2007-05-18 17:54 <REP> d-------- C:\Program Files\Valve
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-02 18:30:13 -------- d-----w C:\Program Files\MSN Messenger
2007-06-02 16:42:14 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-02 16:40:33 -------- d-----w C:\Program Files\Creative
2007-05-19 11:53:30 -------- d-----w C:\Program Files\Codemasters
2007-05-18 20:33:11 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-28 16:38:41 -------- d-----w C:\Program Files\EA SPORTS
2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-09 07:42:06 49,152 ----a-r C:\WINDOWS\system32\inetwh32.dll
2007-04-09 07:42:06 1,044,480 ----a-r C:\WINDOWS\system32\roboex32.dll
2007-03-25 07:48:43 65,602 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-03-25 07:48:43 449,740 ----a-w C:\WINDOWS\system32\perfh00C.dat
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 20:12]
{12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443}=C:\PROGRA~1\YETISP~1\IEBUTT~1.DLL [2005-02-07 12:25]
{400D8E70-786A-4C39-B548-AEAABF8C5D8B}=C:\WINDOWS\system32\ddayx.dll []
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 06:54 C:\WINDOWS\RTHDCPL.EXE]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 01:35]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-02-24 19:46]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 15:34]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 11:18]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"QuickTime Task"="C:\Program Files\QuickTime2\qttask.exe" [2006-09-10 10:30]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2004-04-29 10:59]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" []
"nwiz"="nwiz.exe" [2006-06-01 11:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 11:22 C:\WINDOWS\system32\nvmctray.dll]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"ytgloxyp.exe"="C:\Documents and Settings\All Users\Application Data\ytgloxyp.exe" [2007-05-30 18:05]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2005-12-13 08:49]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 11:22]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 17:34]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 06:00]
"Steam"="C:\Program Files\Valve\Steam\Steam.exe" [2007-06-01 16:46]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" []
"WINSOS VERIFY"="C:\Program Files\WINSOS\WINSOS.exe" []
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-11-30 16:56]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2006-01-26 18:21]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{032dc86a-35c8-11db-8b24-0016ec89190e}]
AutoRun\command- J:\autorun.exe
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-18 15:50:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-06-18 15:52:25 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-18 15:52
--- E O F ---
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumVirus windows live messenger
- ForumVirus - resolu
- ForumVirus dans windows live messenger
- ForumWindows live messenger en panne
- ForumVirus windows live messenger photos myspace
- ForumPub intenpestives virus
- ForumPc tres lent sous windows xp, virus
- ForumProbleme avec virus sur windows live
- ForumService centre de sécurité windows
- ForumWindows ne redémarre pas
- Voir plus
