PC infecté [résolu]

Bonjour


Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4

* Double-clique VundoFix.exe afin de le lancer.
* Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton Remove Vundo.
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
* Démarre ton PC à nouveau.
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

--------------------------------------------------------------


bonjour, et merci de ton aide.

voici le rapport de vundofix :


VundoFix V6.5.1

Checking Java version...

Sun Java not detected
Scan started at 18:40:06 25/06/2007

Listing files found while scanning....

C:\WINDOWS\System32\awtqr.dll
C:\WINDOWS\System32\bcxqeftu.dll
C:\windows\system32\celgobgd.ini
C:\windows\system32\dgboglec.dll
C:\windows\system32\jxhbvssv.dll
C:\WINDOWS\System32\rqtwa.bak1
C:\WINDOWS\System32\rqtwa.bak2
C:\WINDOWS\System32\rqtwa.ini
C:\WINDOWS\System32\rqtwa.ini2
C:\WINDOWS\System32\rqtwa.tmp
C:\WINDOWS\System32\utfeqxcb.ini
C:\windows\system32\vssvbhxj.ini

Beginning removal...

Attempting to delete C:\WINDOWS\System32\awtqr.dll
C:\WINDOWS\System32\awtqr.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\bcxqeftu.dll
C:\WINDOWS\System32\bcxqeftu.dll Could not be deleted.

Attempting to delete C:\windows\system32\celgobgd.ini
C:\windows\system32\celgobgd.ini Has been deleted!

Attempting to delete C:\windows\system32\dgboglec.dll
C:\windows\system32\dgboglec.dll Has been deleted!

Attempting to delete C:\windows\system32\jxhbvssv.dll
C:\windows\system32\jxhbvssv.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\rqtwa.bak1
C:\WINDOWS\System32\rqtwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\rqtwa.bak2
C:\WINDOWS\System32\rqtwa.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\rqtwa.ini
C:\WINDOWS\System32\rqtwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\rqtwa.ini2
C:\WINDOWS\System32\rqtwa.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\rqtwa.tmp
C:\WINDOWS\System32\rqtwa.tmp Has been deleted!

Attempting to delete C:\WINDOWS\System32\utfeqxcb.ini
C:\WINDOWS\System32\utfeqxcb.ini Has been deleted!

Attempting to delete C:\windows\system32\vssvbhxj.ini
C:\windows\system32\vssvbhxj.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.1

Checking Java version...

Sun Java not detected
Scan started at 18:44:20 25/06/2007

Listing files found while scanning....

C:\windows\system32\bcxqeftu.dll

Beginning removal...

Attempting to delete C:\windows\system32\bcxqeftu.dll
C:\windows\system32\bcxqeftu.dll Has been deleted!

Performing Repairs to the registry.
Done!




et voici le rapport de hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 18:55:20, on 25/06/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\NVATray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\DRV\Path pour OfficeOneNote\OFFICEOneNotesv6.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\OFFICE One6.0\program\soffice.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\System32\rundll32.exe
C:\HJT\azerty.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.numericable.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {05041043-0C5F-46A4-A959-58D2A1F73262} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1229BA9F-BFBF-49BD-809B-CED44625EAD9} - C:\WINDOWS\System32\awtqr.dll (file missing)
O2 - BHO: (no name) - {36786C2F-D948-4DCD-A2AF-0F5A26445CD1} - C:\WINDOWS\System32\jkklj.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {674DDFA6-BB3D-427B-961F-E9EEEF293004} - C:\WINDOWS\System32\xxyvsro.dll
O2 - BHO: (no name) - {9ED34A81-0EC6-4506-9114-00A83C9CC597} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [oov6multiuser.exe] C:\Program Files\OFFICE One6.0\program\oov6multiuser.exe
O4 - HKLM\..\Run: [OFFICEOneNotesv6.exe] C:\DRV\Path pour OfficeOneNote\OFFICEOneNotesv6.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: OFFICE One 6.0.lnk = C:\Program Files\OFFICE One6.0\program\quickstart.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: Yahoo! Checkers - http://download2.games.yahoo.com/games/clients/y/kt4_x....
O16 - DPF: Yahoo! Dominoes - http://download2.games.yahoo.com/games/clients/y/dot9_x...
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yins...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: jkklj - C:\WINDOWS\System32\jkklj.dll
O20 - Winlogon Notify: xxyvsro - C:\WINDOWS\SYSTEM32\xxyvsro.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - (no file)

Re


Il reste des infections.


Relance un scan HijackThis [/b]et coche les lignes ci-dessous :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {05041043-0C5F-46A4-A959-58D2A1F73262} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1229BA9F-BFBF-49BD-809B-CED44625EAD9} - C:\WINDOWS\System32\awtqr.dll (file missing)
O2 - BHO: (no name) - {36786C2F-D948-4DCD-A2AF-0F5A26445CD1} - C:\WINDOWS\System32\jkklj.dll
O2 - BHO: (no name) - {674DDFA6-BB3D-427B-961F-E9EEEF293004} - C:\WINDOWS\System32\xxyvsro.dll
O2 - BHO: (no name) - {9ED34A81-0EC6-4506-9114-00A83C9CC597} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: Yahoo! Checkers - http://download2.games.yahoo.com/g [...] /kt4_x.cab
O16 - DPF: Yahoo! Dominoes - http://download2.games.yahoo.com/g [...] dot9_x.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6 [...] vSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://us.dl1.yimg.com/download.ya [...] urrent.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6 [...] /cabsa.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O20 - Winlogon Notify: jkklj - C:\WINDOWS\System32\jkklj.dll
O20 - Winlogon Notify: xxyvsro - C:\WINDOWS\SYSTEM32\xxyvsro.dll

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »

Double-clique VundoFix.exe afin de le lancer.

[***]Ne clique pas sur "Scan for Vundo"

Fais un clic droit dans la fenêtre blanche et clique "Add more files?"

Dans la nouvelle fenêtre qui apparait, Copie/colle le chemin des fichiers suivants dans les cases (un par case)

C:\WINDOWS\System32\jkklj.dll
C:\WINDOWS\System32\jlkkj.*
C:\WINDOWS\System32\xxyvsro.dll
C:\WINDOWS\System32\orsvyxx.*

Clique sur le bouton "Add File(s)"

Clique sur le bouton "Close Window"

Clique à nouveau sur "Remove Vundo"

Une invite te demandera si tu veux supprimer les fichiers, clique YES

Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.

Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK

Démarre ton PC à nouveau.

Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

[/b]

--------------------------------------------------------------

salut,

voici le rapport de vundofix :

Beginning removal...

Attempting to delete C:\WINDOWS\System32\jkklj.dll
C:\WINDOWS\System32\jkklj.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\xxyvsro.dll
C:\WINDOWS\System32\xxyvsro.dll Has been deleted!

Performing Repairs to the registry.
Done!


et voici le nouveau scan hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 19:20:44, on 26/06/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\NVATray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\DRV\Path pour OfficeOneNote\OFFICEOneNotesv6.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\OFFICE One6.0\program\soffice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\HJT\azerty.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.numericable.fr/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\System32\wgumxntg.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {674DDFA6-BB3D-427B-961F-E9EEEF293004} - C:\WINDOWS\system32\xxyvsro.dll (file missing)
O2 - BHO: (no name) - {DCC6AA46-B1A4-45F7-AA86-52E5A05135F5} - C:\WINDOWS\System32\jkklj.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\System32\casguljd.dll",forkonce
O4 - HKLM\..\Run: [oov6multiuser.exe] C:\Program Files\OFFICE One6.0\program\oov6multiuser.exe
O4 - HKLM\..\Run: [OFFICEOneNotesv6.exe] C:\DRV\Path pour OfficeOneNote\OFFICEOneNotesv6.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: OFFICE One 6.0.lnk = C:\Program Files\OFFICE One6.0\program\quickstart.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - (no file)

D'autres sont apparus.

Télécharge SREng (par Smallfrogs) de ce lien:
http://www.kztechs.com/eng/download.html

Extrais tout son contenu sur ton Bureau
Du dossier sreng2 qui se trouve maintenant sur ton Bureau, double clique sur SREng.exe afin de lancer l'outil
Clique sur Smart Scan
Ensuite, clique sur le bouton [Scan]

Lorsque complété, clique sur le bouton [Save Reports]
Sauvegarde le rapport sur ton Bureau
Copie/colle le contenu du fichier SREnglLOG.log dans ta prochaine réponse

--------------------------------------------------------------

salut,


voici le rapport de sreng2 :

2007-06-27,18:58:36

 
System Repair Engineer 2.4.12.806

Smallfrogs (<a href="http://www.KZTechs.com" target="_blank">http://www.KZTechs.com</a>)

 
Windows XP Home Edition  (Build 2600) - Administrative User - Completed Functions Allowed

 
Follow item(s) have been choosed:

    All Boot Items (Including Registry, Startup Folders, Services and so on)

    Browser Add-ons

    Runing Processes (Including process model information)

    File Associations

    Winsock Provider

    Autorun.Inf

    HOSTS File

 
 
Boot Items

Registry

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

    <CTFMON.EXE><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Windows XP Publisher (Europe)]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

    <nwiz><nwiz.exe /install>  [(Verified)Microsoft Windows XP Publisher (Europe)]

    <NVIDIA nForce APU1 Utilities><NVATray.exe>  [NVIDIA® Corporation]

    <avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe>  [(Verified)ALWIL Software]

    <icq.com><rundll32.exe "C:\WINDOWS\System32\casguljd.dll",forkonce>  []

    <oov6multiuser.exe><C:\Program Files\OFFICE One6.0\program\oov6multiuser.exe>  []

    <OFFICEOneNotesv6.exe><C:\DRV\Path pour OfficeOneNote\OFFICEOneNotesv6.exe>  [ISSENDIS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

    <shell><Explorer.exe>  [(Verified)Microsoft Windows XP Publisher (Europe)]

    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows XP Publisher (Europe)]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

    <AppInit_DLLs><>  [N/A]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

    <UIHost><logonui.exe>  [(Verified)Microsoft Windows XP Publisher (Europe)]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

    <{05041043-0C5F-46A4-A959-58D2A1F73262}><>  [N/A]

    <{674DDFA6-BB3D-427B-961F-E9EEEF293004}><C:\WINDOWS\system32\xxyvsro.dll>  [N/A]

 
==================================

Startup Folders

[InterVideo WinCinema Manager]

  <C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\InterVideo WinCinema Manager.lnk --> C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE []><N>

[OFFICE One 6.0]

  <C:\Documents and Settings\Malik\Menu Démarrer\Programmes\Démarrage\OFFICE One 6.0.lnk --> C:\PROGRA~1\OFFICE~1.0\program\QUICKS~1.EXE [N/A]><N>

 
==================================

Services

[avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start]

  <"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><ALWIL Software>

[avast! Antivirus / avast! Antivirus][Running/Auto Start]

  <"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><ALWIL Software>

[avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start]

  <"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>

[avast! Web Scanner / avast! Web Scanner][Running/Manual Start]

  <"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>

[Client/Server Runtime Server Subsystem / CSRSS][Stopped/Auto Start]

  <><N/A>

[DomainService / DomainService][Stopped/Auto Start]

  <><N/A>

[NVIDIA Driver Helper Service / NVSvc][Running/Auto Start]

  <C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>

[Pml Driver HPZ12 / Pml Driver HPZ12][Running/Auto Start]

  <C:\WINDOWS\System32\HPZipm12.exe><HP>

[Remote Print Spooler / Remote Print Spooler][Stopped/Auto Start]

  <><N/A>

[WAN Miniport (ATW) Service / WANMiniportService][Stopped/Auto Start]

  <><N/A>

[Service de numéro de série du lecteur multimédia portable / WmdmPmSN][Stopped/Manual Start]

  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\mspmsnsv.dll><Microsoft Corporation>

 
==================================

Drivers

[CO_Mon / CO_Mon][Stopped/Manual Start]

  <\??\C:\WINDOWS\System32\Drivers\CO_Mon.sys><N/A>

[Pilote de la carte EtherLink XL 90XB/C 3Com / EL90XBC][Stopped/Manual Start]

  <System32\DRIVERS\el90xbc5.sys><3Com Corporation>

[IEEE-1284.4 Driver HPZid412 / HPZid412][Stopped/Manual Start]

  <System32\DRIVERS\HPZid412.sys><HP>

[Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Stopped/Manual Start]

  <System32\DRIVERS\HPZipr12.sys><HP>

[USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Stopped/Manual Start]

  <System32\DRIVERS\HPZius12.sys><HP>

[Mtlmnt5 / Mtlmnt5][Running/Manual Start]

  <System32\DRIVERS\Mtlmnt5.sys><>

[Mtlstrm / Mtlstrm][Stopped/Manual Start]

  <System32\DRIVERS\Mtlstrm.sys><>

[RCA USB Digital Cable Modem Driver / netrcacm][Running/Manual Start]

  <System32\DRIVERS\netrcacm.sys><Thomson Multimedia>

[NtMtlFax / NtMtlFax][Stopped/Manual Start]

  <System32\DRIVERS\NtMtlFax.sys><>

[nv / nv][Running/Manual Start]

  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>

[Service for NVIDIA® nForce(TM) Audio Enumerator / nvax][Running/Manual Start]

  <system32\drivers\nvax.sys><NVIDIA® Corporation>

[Service for NVIDIA® nForce(TM) Audio / nvnforce][Running/Manual Start]

  <system32\drivers\nvapu.sys><NVIDIA® Corporation>

[NVIDIA nForce AGP Bus Filter / nv_agp][Running/Boot Start]

  <\SystemRoot\System32\DRIVERS\nv_agp.sys><NVIDIA Corporation>

[Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]

  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>

[Secdrv / Secdrv][Stopped/Manual Start]

  <System32\DRIVERS\secdrv.sys><N/A>

[SmartLink AMR_PCI Driver / Slntamr][Running/Manual Start]

  <System32\DRIVERS\slntamr.sys><>

[SlNtHal / SlNtHal][Stopped/Manual Start]

  <System32\DRIVERS\Slnthal.sys><>

[SlWdmSup / SlWdmSup][Running/Manual Start]

  <System32\DRIVERS\SlWdmSup.sys><Vireo Software>

[V90drv / V90drv][Stopped/Manual Start]

  <System32\DRIVERS\v90drv.sys><>

[WAN Miniport (ATW) / wanatw][Running/Manual Start]

  <System32\DRIVERS\wanatw4.sys><America Online, Inc.>

 
==================================

Browser Add-ons

[Yahoo! Toolbar Helper]

  {02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.>

[]

  {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} <C:\WINDOWS\System32\wgumxntg.dll, N/A>

[]

  {53707962-6F74-2D53-2644-206D7942484F} <C:\Program Files\Spybot - Search & Destroy\SDHelper.dll, Safer Networking Limited>

[]

  {674DDFA6-BB3D-427B-961F-E9EEEF293004} <C:\WINDOWS\system32\xxyvsro.dll, N/A>

[]

  {DCC6AA46-B1A4-45F7-AA86-52E5A05135F5} <C:\WINDOWS\System32\jkklj.dll, N/A>

[Yahoo! Toolbar]

  {EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.>

[BDSCANONLINE Control]

  {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} <C:\WINDOWS\DOWNLO~1\oscan8.ocx, SOFTWIN>

[ActiveScan Installer Class]

  {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} <C:\WINDOWS\Downloaded Program Files\asinst.dll, Panda Software>

[Shockwave Flash Object]

  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>

 
==================================

Running Processes

[PID: 528][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

[PID: 576][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

[PID: 600][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

    [C:\WINDOWS\system32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]

    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

[PID: 644][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

[PID: 656][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

[PID: 864][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

[PID: 944][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

[PID: 1444][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]

    [C:\WINDOWS\System32\casguljd.dll]  [N/A, ]

    [C:\WINDOWS\System32\wgumxntg.dll]  [N/A, ]

    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]

    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

    [C:\Program Files\Spybot - Search & Destroy\SDHelper.dll]  [Safer Networking Limited, 1, 4, 0, 0]

[PID: 1616][C:\WINDOWS\System32\NVATray.exe]  [NVIDIA® Corporation, 5.10.2826.0]

[PID: 1624][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe]  [ALWIL Software, 4, 7, 997, 0]

    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll]  [ALWIL Software, 4, 7, 997, 0]

    [C:\WINDOWS\System32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]

    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]

    [C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll]  [ALWIL Software, 4, 7, 997, 0]

    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll]  [ALWIL Software, 4, 7, 997, 0]

    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll]  [ALWIL Software, 4, 7, 997, 0]

    [C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll]  [ALWIL Software, 4, 7, 997, 0]

    [C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll]  [ALWIL Software, 4, 7, 997, 0]

    [C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll]  [ALWIL Software, 4, 7, 997, 0]

    [C:\Program Files\Alwil Software\Avast4\French\Base.dll]  [ALWIL Software, 4, 7, 997, 0]

    [C:\Program Files\Alwil Software\Avast4\French\Lang.dll]  [ALWIL Software, 4, 7, 997, 0]

    [C:\WINDOWS\System32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]

    [C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll]  [ALWIL Software, 4, 7, 997, 0]

    [c:\program files\alwil software\avast4\ahruimai.dll]  [ALWIL Software, 4, 7, 997, 0]

    [C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll]  [ALWIL Software, 4, 7, 997, 0]

    [C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll]  [Codejock Software, 1, 9, 4, 0]

    [c:\program files\alwil software\avast4\ahruimes.dll]  [ALWIL Software, 4, 7, 997, 0]

    [c:\program files\alwil software\avast4\ahruins.dll]  [ALWIL Software, 4, 7, 997, 0]

    [c:\program files\alwil software\avast4\ahruiout.dll]  [ALWIL Software, 4, 7, 997, 0]

    [C:\WINDOWS\System32\MAPI32.dll]  [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)]

    [c:\program files\alwil software\avast4\ahruip2p.dll]  [ALWIL Software, 4, 7, 997, 0]

    [c:\program files\alwil software\avast4\ahruistd.dll]  [ALWIL Software, 4, 7, 997, 0]

    [c:\program files\alwil software\avast4\ahruiws.dll]  [ALWIL Software, 4, 7, 997, 0]

[PID: 1648][C:\DRV\Path pour OfficeOneNote\OFFICEOneNotesv6.exe]  [ISSENDIS, 6.0.7.0]

    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\pdfui206.dll]  [AMYUNI Consultants

<a href="http://www.amyuni.com" target="_blank">http://www.amyuni.com</a>, 2.06]

[PID: 1716][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

[PID: 1840][C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe]  [, 1.0]

[PID: 1924][C:\Program Files\OFFICE One6.0\program\soffice.exe]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\sal3.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\stlport_vc6.dll]  [STLport Consulting, Inc., 4.0.2000.0707]

    [C:\Program Files\OFFICE One6.0\program\vos2MSC.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\tl641mi.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\cppu3.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\cppuhelper3MSC.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\svl641mi.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\comphelp2.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\utl641mi.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\ucbhelper1MSC.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\salhelper3MSC.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\vcl641mi.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\sot641mi.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\smgr.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\cpld.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\simreg.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\defreg.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\tdmgr.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\impreg.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\reg3.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\store3.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\rdbtdp.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\cfgmgr2.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\tcv.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\sax.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\ucb1.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\ucpfile1.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\msci_uno.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\wrp641mi.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\svx641mi.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\svt641mi.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\tk641mi.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\so641mi.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\j641mi_g.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\xo641mi.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\go641mi.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\sfx641mi.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\fwe641mi.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\sb641mi.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\xcr641mi.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\dl641mi.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\ofa641mi.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\i18npool641mi.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\i18n641mi.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\package2.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\fwk641mi.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\fwi641mi.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\fwl641mi.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\ucpchelp1.dll]  [Sun Microsystems, Inc., 6.00.7663]

    [C:\Program Files\OFFICE One6.0\program\libdb32.dll]  [Sleepycat Software, 3.2.9]

    [C:\Program Files\OFFICE One6.0\program\olebrdg.dll]  [Sun Microsystems, Inc., 6.00.7663]

[PID: 152][C:\WINDOWS\System32\HPZipm12.exe]  [HP, 9, 0, 0, 0]

[PID: 2388][C:\Program Files\internet explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]

    [C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll]  [Yahoo! Inc., 2006, 10, 26, 1]

    [C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTabBar.dll]  [Yahoo!, 2006.10.17.1]

    [C:\WINDOWS\System32\wgumxntg.dll]  [N/A, ]

    [C:\Program Files\Spybot - Search & Destroy\SDHelper.dll]  [Safer Networking Limited, 1, 4, 0, 0]

    [C:\Program Files\Yahoo!\Companion\Installs\cpn0\pubmod.dll]  [Yahoo! Inc., 2005, 12, 16, 1]

    [C:\Program Files\Yahoo!\Companion\Installs\cpn0\ypubc.dll]  [Yahoo! Inc., 2006.1.25.01]

    [C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTMsgr.dll]  [Yahoo!, Inc., 2006, 4, 26, 1]

    [C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]

    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]

    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

[PID: 3680][C:\Documents and Settings\Malik\Bureau\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]

 
==================================

File Associations

.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]

.EXE  OK. ["%1" %*]

.COM  OK. ["%1" %*]

.PIF  OK. ["%1" %*]

.REG  OK. [regedit.exe "%1"]

.BAT  OK. ["%1" %*]

.SCR  OK. ["%1" /S]

.CHM  OK. ["C:\WINDOWS\hh.exe" %1]

.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]

.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]

.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]

.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]

.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]

.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

 
==================================

Winsock Provider

N/A

 
==================================

Autorun.Inf

N/A

 
==================================

HOSTS File

127.0.0.1       localhost

 
==================================

API HOOK

N/A

 
==================================

Hidden Process

N/A

 
==================================

Bien.


Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.

Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis.

--------------------------------------------------------------

salut,

voici le rapport combofix :

"Malik" - 2007-06-28 18:43:23 - ComboFix 07-06-27.7 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ogmjpfmb.exe
C:\WINDOWS\system32\wrkxljbp.exe
C:\WINDOWS\system32\xltjheeh.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-28 )))))))))))))))))))))))))))))))


2007-06-26 19:11 <REP> d-------- C:\VundoFix Backups
2007-06-26 17:21 66,112 --a------ C:\WINDOWS\system32\wgumxntg.dll
2007-06-26 17:18 128,576 --a------ C:\WINDOWS\system32\casguljd.dll
2007-06-26 17:15 1,145,003 ---hs---- C:\WINDOWS\system32\jlkkj.bak2
2007-06-25 18:53 6,369 ---hs---- C:\WINDOWS\system32\jlkkj.bak1
2007-06-21 17:42 23,304 --ah----- C:\WINDOWS\system32\stqdeb.exe
2007-06-20 17:28 4,968 --ah----- C:\WINDOWS\system32\wzeap.exe
2007-06-18 11:39 29,923 --a------ C:\WINDOWS\spdy.exe
2007-06-18 11:14 6,504 --ah----- C:\WINDOWS\system32\todtoxw.exe
2007-06-14 08:18 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-08 16:58 853 --a------ C:\reboot.cmd
2007-06-08 16:58 68,096 --a------ C:\diff.exe
2007-06-08 16:58 103,424 --a------ C:\grep.exe
2007-06-07 08:47 <REP> d-------- C:\Program Files\CCleaner


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-24 15:10:48 -------- d-----w C:\Program Files\Mp3 My Mp3 2.0
2007-06-21 17:29:52 44,032 ----a-w C:\WINDOWS\system32\ftp.exe
2007-06-21 17:29:52 17,920 ----a-w C:\WINDOWS\system32\tftp.exe
2007-06-18 09:11:40 134,656 ----a-w C:\WINDOWS\system32\sfc_os.dll
2007-06-01 09:15:20 48,616 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-06-01 09:15:20 367,658 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:41:55 85,952 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-30 15:41:42 94,552 -c--a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-30 15:39:41 23,416 -c--a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-30 15:38:51 43,176 -c--a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-30 15:37:23 26,888 -c--a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 12:28]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2002-03-09 10:53 C:\WINDOWS\system32\nwiz.exe]
"NVIDIA nForce APU1 Utilities"="NVATray.exe" [2002-01-19 00:33 C:\WINDOWS\system32\NVATray.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"oov6multiuser.exe"="C:\Program Files\OFFICE One6.0\program\oov6multiuser.exe" [2002-07-09 06:00]
"OFFICEOneNotesv6.exe"="C:\DRV\Path pour OfficeOneNote\OFFICEOneNotesv6.exe" [2002-07-15 10:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-28 14:00]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Icône AOL.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Malik^Menu Démarrer^Programmes^Démarrage^Club-Internet.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc


HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}
rundll32 iesetup.dll,IEAccessUserInst

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-28 18:49:15
Windows 5.1.2600 NTFS

scanning hidden processes ...

cmd.exe [1408]
? [1644]


scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-28 18:51:25 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-28 18:51

--- E O F ---


et voici le rapport hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 18:55:46, on 28/06/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\NVATray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\DRV\Path pour OfficeOneNote\OFFICEOneNotesv6.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\OFFICE One6.0\program\soffice.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\HJT\azerty.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.numericable.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {DCC6AA46-B1A4-45F7-AA86-52E5A05135F5} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [oov6multiuser.exe] C:\Program Files\OFFICE One6.0\program\oov6multiuser.exe
O4 - HKLM\..\Run: [OFFICEOneNotesv6.exe] C:\DRV\Path pour OfficeOneNote\OFFICEOneNotesv6.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: OFFICE One 6.0.lnk = C:\Program Files\OFFICE One6.0\program\quickstart.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - (no file)

Bien, on continue.


Copie (Ctrl+C) le texte ci-dessous :

File::
C:\WINDOWS\system32\xxyvsro.dll
C:\WINDOWS\System32\jkklj.dll
C:\WINDOWS\System32\casguljd.dll
C:\WINDOWS\System32\wgumxntg.dll
C:\WINDOWS\system32\casguljd.dll
C:\WINDOWS\system32\jlkkj.bak2
C:\WINDOWS\system32\jlkkj.bak1
C:\WINDOWS\system32\stqdeb.exe
C:\WINDOWS\system32\wzeap.exe
C:\WINDOWS\spdy.exe
C:\WINDOWS\system32\todtoxw.exe

Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"icq.com"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{674DDFA6-BB3D-427B-961F-E9EEEF293004}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F6581D5-AA53-4b73-A6F9-41420C6B61F1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{674DDFA6-BB3D-427B-961F-E9EEEF293004}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DCC6AA46-B1A4-45F7-AA86-52E5A05135F5}]


Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de ComboFix-Do.txt




Comme l'image le montre, fait glisser ComboFix-Do.txt sur ComboFix.exe
Cela va relancer Combofix.

Après redémarrage (s'il a lieu), poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

---------------------------------------------------------------------------------------------------------

salut,

voici le rapport combofix :

"Malik" - 2007-06-29 19:14:56 - ComboFix 07-06-27.7 NTFS
Command switches used :: C:\Documents and Settings\Malik\Bureau\ComboFix-Do.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\spdy.exe
C:\WINDOWS\System32\casguljd.dll
C:\WINDOWS\system32\jlkkj.bak1
C:\WINDOWS\system32\jlkkj.bak2
C:\WINDOWS\system32\stqdeb.exe
C:\WINDOWS\system32\todtoxw.exe
C:\WINDOWS\System32\wgumxntg.dll
C:\WINDOWS\system32\wzeap.exe


((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-29 )))))))))))))))))))))))))))))))


2007-06-26 19:11 <REP> d-------- C:\VundoFix Backups
2007-06-14 08:18 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-08 16:58 853 --a------ C:\reboot.cmd
2007-06-08 16:58 68,096 --a------ C:\diff.exe
2007-06-08 16:58 103,424 --a------ C:\grep.exe
2007-06-07 08:47 <REP> d-------- C:\Program Files\CCleaner


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-24 15:10:48 -------- d-----w C:\Program Files\Mp3 My Mp3 2.0
2007-06-21 17:29:52 44,032 ----a-w C:\WINDOWS\system32\ftp.exe
2007-06-21 17:29:52 17,920 ----a-w C:\WINDOWS\system32\tftp.exe
2007-06-18 09:11:40 134,656 ----a-w C:\WINDOWS\system32\sfc_os.dll
2007-06-01 09:15:20 48,616 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-06-01 09:15:20 367,658 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:41:55 85,952 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-30 15:41:42 94,552 -c--a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-30 15:39:41 23,416 -c--a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-30 15:38:51 43,176 -c--a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-30 15:37:23 26,888 -c--a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 12:28]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2002-03-09 10:53 C:\WINDOWS\system32\nwiz.exe]
"NVIDIA nForce APU1 Utilities"="NVATray.exe" [2002-01-19 00:33 C:\WINDOWS\system32\NVATray.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"oov6multiuser.exe"="C:\Program Files\OFFICE One6.0\program\oov6multiuser.exe" [2002-07-09 06:00]
"OFFICEOneNotesv6.exe"="C:\DRV\Path pour OfficeOneNote\OFFICEOneNotesv6.exe" [2002-07-15 10:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-28 14:00]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Icône AOL.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Malik^Menu Démarrer^Programmes^Démarrage^Club-Internet.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc


HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}
rundll32 iesetup.dll,IEAccessUserInst

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-29 19:16:01
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-29 19:16:27
C:\ComboFix-quarantined-files.txt ... 2007-06-29 19:16
C:\ComboFix2.txt ... 2007-06-28 18:51

--- E O F ---


voici le rapport hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 19:19:51, on 29/06/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\NVATray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\DRV\Path pour OfficeOneNote\OFFICEOneNotesv6.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\OFFICE One6.0\program\soffice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\HJT\azerty.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.numericable.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [oov6multiuser.exe] C:\Program Files\OFFICE One6.0\program\oov6multiuser.exe
O4 - HKLM\..\Run: [OFFICEOneNotesv6.exe] C:\DRV\Path pour OfficeOneNote\OFFICEOneNotesv6.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: OFFICE One 6.0.lnk = C:\Program Files\OFFICE One6.0\program\quickstart.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - (no file)

Bonjour


Combofix a fait du ménage.
Hijackthis est propre.


Fais une analyse antivirus en ligne sur Kaspersky
http://webscanner.kaspersky.fr/
Clique sur Démarrer Online Scanner.
Sélectionne le poste de travail comme analyse.
Colle son rapport ici.

--------------------------------------------------------------
bonjour,

voici le rapport de kaspersky :

KASPERSKY ON-LINE SCANNER REPORT
Saturday, June 30, 2007 10:18:45 AM
Système d'exploitation : Microsoft Windows XP Home Edition, (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 30/06/2007
Enregistrements dans la base antivirus Kaspersky : 333920


Paramètres d'analyse
Analyser avec la base antivirus suivante standard
Analyser les archives vrai
Analyser les bases de messagerie vrai

Cible de l'analyse Poste de travail
A:\
C:\
D:\
E:\

Statistiques de l'analyse
Total d'objets analysés 40849
Nombre de virus trouvés 6
Nombre d'objets infectés 14 / 0
Nombre d'objets suspects 0
Durée de l'analyse 00:43:16

Nom de l'objet infecté Nom du virus Dernière action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\ntuser.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\Malik\Application Data\user60.rdb L'objet est verrouillé ignoré

C:\Documents and Settings\Malik\Cookies\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\Malik\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

C:\Documents and Settings\Malik\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\Malik\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\Malik\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\Malik\ntuser.dat L'objet est verrouillé ignoré

C:\Documents and Settings\Malik\ntuser.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\ntuser.dat L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré

C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré

C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré

C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int L'objet est verrouillé ignoré

C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws L'objet est verrouillé ignoré

C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log L'objet est verrouillé ignoré

C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré

C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt L'objet est verrouillé ignoré

C:\QooBox\Quarantine\C\WINDOWS\system32\ogmjpfmb.exe.vir Infecté : Trojan.Win32.Agent.aoy ignoré

C:\QooBox\Quarantine\C\WINDOWS\system32\todtoxw.exe.vir Infecté : Trojan.Win32.Agent.arc ignoré

C:\QooBox\Quarantine\C\WINDOWS\system32\wrkxljbp.exe.vir Infecté : Trojan.Win32.Agent.aoy ignoré

C:\QooBox\Quarantine\C\WINDOWS\system32\xltjheeh.exe.vir Infecté : Trojan.Win32.Agent.aoy ignoré

C:\System Volume Information\_restore{86E64984-07BD-4BB5-8B87-B6513B6B0040}\RP20\A0032182.dll Infecté : Trojan-PSW.Win32.Agent.lu ignoré

C:\System Volume Information\_restore{86E64984-07BD-4BB5-8B87-B6513B6B0040}\RP20\A0032183.dll Infecté : Trojan-PSW.Win32.Sinowal.m ignoré

C:\System Volume Information\_restore{86E64984-07BD-4BB5-8B87-B6513B6B0040}\RP20\A0033715.exe Infecté : Backdoor.Win32.Agent.aml ignoré

C:\System Volume Information\_restore{86E64984-07BD-4BB5-8B87-B6513B6B0040}\RP20\A0037193.exe Infecté : Trojan.Win32.Agent.aoy ignoré

C:\System Volume Information\_restore{86E64984-07BD-4BB5-8B87-B6513B6B0040}\RP20\A0037194.exe Infecté : Trojan.Win32.Agent.aoy ignoré

C:\System Volume Information\_restore{86E64984-07BD-4BB5-8B87-B6513B6B0040}\RP20\A0038385.exe Infecté : Trojan.Win32.Agent.aoy ignoré

C:\System Volume Information\_restore{86E64984-07BD-4BB5-8B87-B6513B6B0040}\RP20\A0038386.exe Infecté : Trojan.Win32.Agent.aoy ignoré

C:\System Volume Information\_restore{86E64984-07BD-4BB5-8B87-B6513B6B0040}\RP20\A0038387.exe Infecté : Trojan.Win32.Agent.aoy ignoré

C:\System Volume Information\_restore{86E64984-07BD-4BB5-8B87-B6513B6B0040}\RP20\A0038496.exe Infecté : Trojan.Win32.Agent.arc ignoré

C:\System Volume Information\_restore{86E64984-07BD-4BB5-8B87-B6513B6B0040}\RP20\change.log L'objet est verrouillé ignoré

C:\WINDOWS\Debug\oakley.log L'objet est verrouillé ignoré

C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré

C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré

C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré

C:\WINDOWS\system32\logon.exe Infecté : Backdoor.Win32.VanBot.dd ignoré

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré

C:\WINDOWS\Temp\Perflib_Perfdata_530.dat L'objet est verrouillé ignoré

C:\WINDOWS\Temp\_avast4_\Webshlock.txt L'objet est verrouillé ignoré

C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré

C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré

Analyse terminée.

Bonjour


Pas grand chose dans ce rapport.


$$ Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt  aste List of Files/Folders to be moved.

C:\WINDOWS\system32\logon.exe
C:\Documents and Settings\Malik\Bureau\sreng2

Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.

Il te sera peut-être demander de redémarrer le PC pour achever la suppression. Si c'est le cas accepte par Yes.

Poste le rapport situé dans C:\_OTMoveIt\MovedFiles avant de continuer la manip.


$$ Clique sur Démarrer - Clic droit sur le Poste de Travail - Propriétés - Restauration du systéme - Cocher la case Désactiver la restauration du systéme et cliquer sur Appliquer.


$$ Lance OTmoveIT.

Clique sur CleanUp! (le programme va télécharger un fichier texte qui servira a nettoyer les programmes que l'on a téléchargé).
NOTE : Normalement, ton firewall (parefeu) devrait te demander si OTmoveIT peut accéder a internet, Autorise le.

Une liste apparait dans la partie gauche d'OTmoveIT.

Un message apparait pour confirmer le nettoyage. Confirme


$$ Redémarre le PC


$$ Clique sur Démarrer - Clic droit sur le Poste de Travail - Propriétés - Restauration du systéme - Décocher la case Désactiver la restauration du systéme et cliquer sur Appliquer.


As tu encore des dysfonctionnements ?

--------------------------------------------------------------


salut,
où est ce que je peux trouver OTmoveIT.

Oups.

Je croyais que je te l'avais déja fait utiliser.

Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt....

--------------------------------------------------------------

bonjour,

désolé, j'ai oublié de poster le rapport de OTmoveIT avant la désactivation de la restauration du systéme mais en tout cas je te confirme la suppression de :

C:\WINDOWS\system32\logon.exe
C:\Documents and Settings\Malik\Bureau\sreng2

de plus, plus aucun dysfonctionnement à signaler.
un grand merci à toi.