Toujours la photo... assistance svp! [Résolu-ArchiRésolu]

[Résolu-ArchiRésolu] Toujours la photo... assistance svp! - Sécurité - Virus

Recherche Recherche
Règles Règles
Aide Aide

Dans la même thématique :

Ceci répond-il à votre question ? Oui | Non

Voir les posts : Par défaut Tous Les bonnes notes Les notes insuffisantes

Mot : Pseudo : Filtrer
Bas de page
Auteur	Sujet : [Résolu-ArchiRésolu] Toujours la photo... assistance svp!

freedee

Profil : IDNaute

Plus d'informations

28-06-2007 à 23:16:10

Bonjour à tous,

Je me suis fait avoir avec la photo sur msn et depuis quelques jours, avast a détecté ces virus (trojan) mais ils reviennent constament même lorsque je les suprimmes avec avast.
Des pages internet qui me dirigent vers des sites d'antivirus et de publicités en tous genres s'ouvrent constament lorsque je suis sur internet.

Je vois que vous le demandez souvent donc voici un rapport HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 23:24:24, on 28/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rmctrl.exe
C:\WINDOWS\system32\kwcixddm.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\sistray.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Alwil Software\Avast4\ashLogV.exe
C:\WINDOWS\system32\NOTEPAD.EXE
F:\anti virus\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE" /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [LogitechGalleryRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [Control Center] "C:\Program Files\ASUS\WLAN Card Utilities\Center.exe"
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000627.exe 61A847B5BBF72813329B385070FE01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\mwiveogm.dll",forkonce
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://zylom.midasplayer.com/ctl/kingcomie.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/ [...] insctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.co [...] nPUpld.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/g [...] ection.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/ [...] cgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AEAFCFF2-9F39-41FE-BD30-DDED24E3F6B3}: NameServer = 195.238.2.22 195.238.2.21
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: DomainService - - C:\WINDOWS\system32\kwcixddm.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Voiçi le rapport compet de avast:

26/06/2007 21:18:58 Administrateur 2144 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7.

27/06/2007 18:09:55 SYSTEM 1076 Sign of "Win32:Agent-HZS [Trj]" has been found in "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\litheogl.exe" file.

27/06/2007 22:02:59 Administrateur 480 Sign of "Win32:Agent-HZS [Trj]" has been found in "C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\AR6RM9MR\koocwolla_20070601[1]" file.

27/06/2007 22:24:09 Administrateur 480 Sign of "Win32:Agent-HKJ [Trj]" has been found in "C:\System Volume Information\_restore{4C9C1BDD-A51E-47BC-A4B3-8E123D5C4EEC}\RP369\A0074496.exe\[UPX]" file.

28/06/2007 10:46:42 Administrateur 3396 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7.

28/06/2007 14:06:02 SYSTEM 1092 Function setifaceUpdatePackages() has failed. Return code is 0x2000000A, dwRes is 2000000A.

28/06/2007 14:06:03 SYSTEM 1092 An error has occured while attempting to update. Please check the logs.

28/06/2007 14:06:45 Administrateur 460 Function setifaceUpdatePackages() has failed. Return code is 0x2000000A, dwRes is 2000000A.

28/06/2007 14:07:36 Administrateur 460 Function setifaceUpdatePackages() has failed. Return code is 0x2000000A, dwRes is 2000000A.

28/06/2007 22:08:58 SYSTEM 1100 Sign of "Win32:Agent-HZS [Trj]" has been found in "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hsayslnm.exe" file.

Si je dois installer et poster un rapport d'un autre soft, n'hésitez pas à me le dire.

D'avance merci à tous!

Message édité par freedee le 05-07-2007 à 21:27:26

Liens

freedee

Profil : IDNaute

Plus d'informations

29-06-2007 à 01:14:56

Masquer

vraiment persone pour m'aider?

Angeldark

Profil : Helper

Plus d'informations

29-06-2007 à 13:37:15

Masquer

Bonjour,

Tu as posté à 23h, on n'a pas que ça à faire !

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

Double-clique VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo
Lorsque le scan est complété, clique sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

---------------
Prévention & Protection|Les logiciels gratuits|L'homme du FLCCF

freedee

Profil : IDNaute

Plus d'informations

02-07-2007 à 17:31:39

Masquer

Salut Angeldark,

Excuse moi pour mon impatience de l'autre soir mais je voulais éradiquer cette crasse de ma machine...

Depuis lors, l'ordi n'a pas beaucoup tourné car j'étais en festival...

Enfin soit, revenons à nos moutons.

N.B.: depusi l'antivirus avast a été désinstallé et j'ai suivi vos conseils et j'ai installé AVG antispyware

Voici comme demandé un rapport :

VundoFix V6.5.4

Checking Java version...

Sun Java not detected
Scan started at 2:47:12 29/06/2007

Listing files found while scanning....

C:\windows\system32\awtqoon.dll
C:\windows\system32\awtrqrr.dll
C:\windows\system32\awtspoo.dll
C:\windows\system32\awtstro.dll
C:\windows\system32\awtuvur.dll
C:\windows\system32\cbxxwxw.dll
C:\windows\system32\ddcdbbx.dll
C:\windows\system32\ddcyvvt.dll
C:\windows\system32\ddcywxw.dll
C:\WINDOWS\system32\dgogskrf.dll
C:\windows\system32\efcaxvu.dll
C:\windows\system32\efcywwv.dll
C:\windows\system32\fccyaww.dll
C:\windows\system32\gebbaya.dll
C:\windows\system32\gebxywv.dll
C:\windows\system32\iifcyxy.dll
C:\windows\system32\jkkkkjg.dll
C:\windows\system32\khfcdca.dll
C:\windows\system32\khfgedd.dll
C:\windows\system32\khfgheb.dll
C:\windows\system32\kwcixddm.exe
C:\windows\system32\ljjgghf.dll
C:\windows\system32\ljjhecy.dll
C:\windows\system32\ljjigec.dll
C:\WINDOWS\system32\mgoeviwm.ini
C:\windows\system32\mljjjhi.dll
C:\WINDOWS\system32\mwiveogm.dll
C:\windows\system32\nnnmjkl.dll
C:\windows\system32\nnnnnom.dll
C:\windows\system32\nqstv.bak1
C:\windows\system32\nqstv.bak2
C:\windows\system32\nqstv.ini
C:\windows\system32\pmnllli.dll
C:\windows\system32\rqronop.dll
C:\windows\system32\rtvygird.exe
C:\windows\system32\ssqpomk.dll
C:\windows\system32\ssqrolk.dll
C:\windows\system32\tcblhxvo.exe
C:\WINDOWS\system32\tuvsrss.dll
C:\windows\system32\tuvuvwu.dll
C:\windows\system32\urqqpmm.dll
C:\WINDOWS\system32\vtsqn.dll
C:\windows\system32\vtutuuu.dll
C:\windows\system32\vtuvwxv.dll
C:\windows\system32\xxywvtt.dll
C:\windows\system32\xxyxxvt.dll
C:\windows\system32\xxyxxxw.dll

Beginning removal...

VundoFix V6.5.4

Checking Java version...

Sun Java not detected
Scan started at 17:19:46 2/07/2007

Listing files found while scanning....

C:\windows\system32\awtqoon.dll
C:\windows\system32\awtrqrr.dll
C:\windows\system32\awtspoo.dll
C:\windows\system32\awtstro.dll
C:\windows\system32\awtuvur.dll
C:\windows\system32\cbxxwxw.dll
C:\windows\system32\cdglmsbv.exe
C:\windows\system32\ddcdbbx.dll
C:\windows\system32\ddcyvvt.dll
C:\windows\system32\ddcywxw.dll
C:\WINDOWS\system32\dgogskrf.dll
C:\windows\system32\efcaxvu.dll
C:\windows\system32\efcywwv.dll
C:\windows\system32\fccyaww.dll
C:\windows\system32\gebbaya.dll
C:\windows\system32\gebxywv.dll
C:\windows\system32\iifcyxy.dll
C:\windows\system32\jkkkkjg.dll
C:\windows\system32\khfcdca.dll
C:\windows\system32\khfgedd.dll
C:\windows\system32\khfgheb.dll
C:\windows\system32\ljjgghf.dll
C:\windows\system32\ljjhecy.dll
C:\windows\system32\ljjigec.dll
C:\windows\system32\lucdeqem.exe
C:\windows\system32\mljjjhi.dll
C:\windows\system32\nnnmjkl.dll
C:\windows\system32\nnnnnom.dll
C:\WINDOWS\system32\nqstv.bak1
C:\WINDOWS\system32\nqstv.bak2
C:\WINDOWS\system32\nqstv.ini
C:\windows\system32\pmnllli.dll
C:\windows\system32\rqronop.dll
C:\windows\system32\ssqpomk.dll
C:\windows\system32\ssqrolk.dll
C:\WINDOWS\system32\tuvsrss.dll
C:\windows\system32\tuvuvwu.dll
C:\windows\system32\urqqpmm.dll
C:\WINDOWS\system32\vtsqn.dll
C:\windows\system32\vtutuuu.dll
C:\windows\system32\vtuvwxv.dll
C:\windows\system32\xxywvtt.dll
C:\windows\system32\xxyxxvt.dll
C:\windows\system32\xxyxxxw.dll
C:\windows\system32\xywftayy.ini
C:\WINDOWS\system32\yyatfwyx.dll

Beginning removal...

Attempting to delete C:\windows\system32\awtqoon.dll
C:\windows\system32\awtqoon.dll Has been deleted!

Attempting to delete C:\windows\system32\awtrqrr.dll
C:\windows\system32\awtrqrr.dll Has been deleted!

Attempting to delete C:\windows\system32\awtspoo.dll
C:\windows\system32\awtspoo.dll Has been deleted!

Attempting to delete C:\windows\system32\awtstro.dll
C:\windows\system32\awtstro.dll Has been deleted!

Attempting to delete C:\windows\system32\awtuvur.dll
C:\windows\system32\awtuvur.dll Has been deleted!

Attempting to delete C:\windows\system32\cbxxwxw.dll
C:\windows\system32\cbxxwxw.dll Has been deleted!

Attempting to delete C:\windows\system32\cdglmsbv.exe
C:\windows\system32\cdglmsbv.exe Has been deleted!

Attempting to delete C:\windows\system32\ddcdbbx.dll
C:\windows\system32\ddcdbbx.dll Has been deleted!

Attempting to delete C:\windows\system32\ddcyvvt.dll
C:\windows\system32\ddcyvvt.dll Has been deleted!

Attempting to delete C:\windows\system32\ddcywxw.dll
C:\windows\system32\ddcywxw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dgogskrf.dll
C:\WINDOWS\system32\dgogskrf.dll Has been deleted!

Attempting to delete C:\windows\system32\efcaxvu.dll
C:\windows\system32\efcaxvu.dll Has been deleted!

Attempting to delete C:\windows\system32\efcywwv.dll
C:\windows\system32\efcywwv.dll Has been deleted!

Attempting to delete C:\windows\system32\fccyaww.dll
C:\windows\system32\fccyaww.dll Has been deleted!

Attempting to delete C:\windows\system32\gebbaya.dll
C:\windows\system32\gebbaya.dll Has been deleted!

Attempting to delete C:\windows\system32\gebxywv.dll
C:\windows\system32\gebxywv.dll Has been deleted!

Attempting to delete C:\windows\system32\iifcyxy.dll
C:\windows\system32\iifcyxy.dll Has been deleted!

Attempting to delete C:\windows\system32\jkkkkjg.dll
C:\windows\system32\jkkkkjg.dll Has been deleted!

Attempting to delete C:\windows\system32\khfcdca.dll
C:\windows\system32\khfcdca.dll Has been deleted!

Attempting to delete C:\windows\system32\khfgedd.dll
C:\windows\system32\khfgedd.dll Has been deleted!

Attempting to delete C:\windows\system32\khfgheb.dll
C:\windows\system32\khfgheb.dll Has been deleted!

Attempting to delete C:\windows\system32\ljjgghf.dll
C:\windows\system32\ljjgghf.dll Has been deleted!

Attempting to delete C:\windows\system32\ljjhecy.dll
C:\windows\system32\ljjhecy.dll Has been deleted!

Attempting to delete C:\windows\system32\ljjigec.dll
C:\windows\system32\ljjigec.dll Has been deleted!

Attempting to delete C:\windows\system32\lucdeqem.exe
C:\windows\system32\lucdeqem.exe Has been deleted!

Attempting to delete C:\windows\system32\mljjjhi.dll
C:\windows\system32\mljjjhi.dll Has been deleted!

Attempting to delete C:\windows\system32\nnnmjkl.dll
C:\windows\system32\nnnmjkl.dll Has been deleted!

Attempting to delete C:\windows\system32\nnnnnom.dll
C:\windows\system32\nnnnnom.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nqstv.bak1
C:\WINDOWS\system32\nqstv.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\nqstv.bak2
C:\WINDOWS\system32\nqstv.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\nqstv.ini
C:\WINDOWS\system32\nqstv.ini Has been deleted!

Attempting to delete C:\windows\system32\pmnllli.dll
C:\windows\system32\pmnllli.dll Has been deleted!

Attempting to delete C:\windows\system32\rqronop.dll
C:\windows\system32\rqronop.dll Has been deleted!

Attempting to delete C:\windows\system32\ssqpomk.dll
C:\windows\system32\ssqpomk.dll Has been deleted!

Attempting to delete C:\windows\system32\ssqrolk.dll
C:\windows\system32\ssqrolk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvsrss.dll
C:\WINDOWS\system32\tuvsrss.dll Has been deleted!

Attempting to delete C:\windows\system32\tuvuvwu.dll
C:\windows\system32\tuvuvwu.dll Has been deleted!

Attempting to delete C:\windows\system32\urqqpmm.dll
C:\windows\system32\urqqpmm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtsqn.dll
C:\WINDOWS\system32\vtsqn.dll Has been deleted!

Attempting to delete C:\windows\system32\vtutuuu.dll
C:\windows\system32\vtutuuu.dll Has been deleted!

Attempting to delete C:\windows\system32\vtuvwxv.dll
C:\windows\system32\vtuvwxv.dll Has been deleted!

Attempting to delete C:\windows\system32\xxywvtt.dll
C:\windows\system32\xxywvtt.dll Has been deleted!

Attempting to delete C:\windows\system32\xxyxxvt.dll
C:\windows\system32\xxyxxvt.dll Has been deleted!

Attempting to delete C:\windows\system32\xxyxxxw.dll
C:\windows\system32\xxyxxxw.dll Has been deleted!

Attempting to delete C:\windows\system32\xywftayy.ini
C:\windows\system32\xywftayy.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\yyatfwyx.dll
C:\WINDOWS\system32\yyatfwyx.dll Has been deleted!

Performing Repairs to the registry.
Done!

D'avance merci du temps que tu consacre a nous, pauvres nauteurs ignorants ;o)

a+

freedee

Profil : IDNaute

Plus d'informations

02-07-2007 à 18:04:21

Masquer

re,

Tiens, au fait, depuis que j'ai lancé vundofix, j'ai plus aucune fenêtre de pub qui s'ouvre toute seule.
L'ordi est il guerri?
Ou dois je encore faire des manipulations?

freedee

Profil : IDNaute

Plus d'informations

02-07-2007 à 18:49:54

Masquer

A tout hasard, j'ai refait un hijackthis avec rapport:

Logfile of HijackThis v1.99.1
Scan saved at 18:49:04, on 2/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rmctrl.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\WINDOWS\system32\sistray.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\anti virus\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {DF9C31B2-3EB1-4D95-9ED7-3EC8F461FF6C} - C:\WINDOWS\system32\vtsqn.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE" /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [LogitechGalleryRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [Control Center] "C:\Program Files\ASUS\WLAN Card Utilities\Center.exe"
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6 [...] vSniff.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://zylom.midasplayer.com/ctl/kingcomie.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/ [...] insctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.co [...] nPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6 [...] /cabsa.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/g [...] ection.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/ [...] cgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AEAFCFF2-9F39-41FE-BD30-DDED24E3F6B3}: NameServer = 195.238.2.22 195.238.2.21
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\kwcixddm.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

freedee

Profil : IDNaute

Plus d'informations

03-07-2007 à 15:52:33

Masquer

Je vois que mon post n'interesse personne...
ou alors, mon problème est trop compliqué???

???

lapointe3

Profil : IDNaute

Plus d'informations

03-07-2007 à 17:44:51

Masquer

maus non et il parait quand telechargant livekill sur livekill.org et en faisant un scan complet sa repare se probleme
angel si tu veux tu peux editer

Message édité par lapointe3 le 03-07-2007 à 17:55:13

Angeldark

Profil : Helper

Plus d'informations

03-07-2007 à 17:52:41

Masquer

Re,

Télécharge combofix.exe (par sUBs) sur ton Bureau.
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

---------------
Prévention & Protection|Les logiciels gratuits|L'homme du FLCCF

freedee

Profil : IDNaute

Plus d'informations

03-07-2007 à 19:45:13

Masquer

Salut Angeldark,

Voici le rapport combofix.
Est ce normal que l'ordi a redémarré tout seul?

"Administrateur" - 2007-07-03 19:32:39 - ComboFix 07-07-03.9 - Service Pack 2

ADS removed - svchost.exe: deleted 68 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((((((((((((((((((((((( Files Created from 2007-06-03 to 2007-07-03 )))))))))))))))))))))))))))))))

2007-07-03 19:28 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-06-29 12:26 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-06-29 10:48 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-06-29 10:48 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2007-06-29 10:48 <REP> d-------- C:\WINDOWS\AU_Backup
2007-06-29 10:47 <REP> d-------- C:\WINDOWS\AU_Temp
2007-06-29 10:45 <REP> d-------- C:\WINDOWS\AU_Log
2007-06-29 10:44 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-06-29 10:44 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-06-29 10:44 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-06-29 03:12 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-29 02:47 <REP> d-------- C:\VundoFix Backups
2007-06-28 22:35 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-06-27 20:38 <REP> d-------- C:\WINDOWS\system32\xircom
2007-06-27 20:38 <REP> d-------- C:\Program Files\microsoft frontpage
2007-06-26 19:10 71,411 --a------ C:\WINDOWS\system32\call.exe
2007-06-26 18:08 71,411 --a------ C:\DOCUME~1\ADMINI~1\call.exe
2007-06-26 18:08 239,715 --a------ C:\DOCUME~1\ADMINI~1\services.exe
2007-06-19 21:35 <REP> d-------- C:\Program Files\WowCartographe
2007-06-18 19:26 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
2007-06-17 20:09 <REP> d-------- C:\WOW
2007-06-16 20:52 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-06-16 20:52 <REP> d-------- C:\WINDOWS\nview
2007-06-16 20:31 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-06-16 13:25 <REP> d-------- C:\Program Files\World of Warcraft
2007-06-16 13:25 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
2007-06-10 19:57 <REP> d-------- C:\WINDOWS\pss
2007-06-09 18:50 <REP> d--hs---- C:\WINDOWS\CSC
2007-06-09 00:05 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
2007-06-09 00:05 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\HP
2007-06-09 00:03 <REP> d-------- C:\Program Files\Fichiers communs\Sonic Shared
2007-06-09 00:03 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
2007-06-09 00:00 <REP> d-------- C:\WINDOWS\system32\URTTemp
2007-06-08 23:59 <REP> d-------- C:\Program Files\Hewlett-Packard
2007-06-08 23:59 <REP> d-------- C:\Program Files\Fichiers communs\HP
2007-06-08 23:57 77,824 -ra------ C:\WINDOWS\system32\hpzids01.dll
2007-06-08 23:57 49,664 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2007-06-08 23:57 48,128 --a------ C:\WINDOWS\system32\hpz3l4pi.dll
2007-06-08 23:57 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-06-08 23:55 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-06-08 23:55 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-06-08 23:55 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-06-08 23:55 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-06-08 23:55 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-06-08 23:55 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-06-08 23:54 <REP> d-------- C:\Program Files\HP
2007-06-08 23:50 14,916 --------- C:\WINDOWS\hphmdl12.dat
2007-06-08 23:50 136,931 --a------ C:\WINDOWS\HPHins12.dat

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-03 17:25:16 64,492 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-07-03 17:25:16 447,772 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-06-26 16:07:02 -------- d-----w C:\Program Files\MSN Messenger
2007-06-21 19:33:38 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\AdobeUM
2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2006-05-03 10:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2003-05-15 00:47 50376 --a------ C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]
C:\Program Files\eoRezo\EoAdv\EoRezobho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]
2004-08-13 17:42 155648 --a------ C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-20 00:56 2436160 -ra------ c:\program files\google\googletoolbar3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
2003-05-15 01:03 147456 --a------ C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
2006-01-17 17:04 282624 --a------ C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DF9C31B2-3EB1-4D95-9ED7-3EC8F461FF6C}]
C:\WINDOWS\system32\vtsqn.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 06:42 C:\WINDOWS\SOUNDMAN.EXE]
"MPFTray"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" []
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2002-11-23 03:15]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 11:50 C:\WINDOWS\LOGI_MWX.EXE]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-12-16 22:37]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-12-16 22:39]
"LogitechGalleryRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-12-16 22:37]
"Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [2004-11-04 20:36]
"MISAggregator"="" []
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 14:27]
"EoEngine"="" []
"EoComputer"="" []
"EoSudoku"="" []
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 09:57]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"nwiz"="nwiz.exe" [2006-08-11 21:43 C:\WINDOWS\system32\nwiz.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-10-31 14:00]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-24 14:58]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-24 17:22]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-01-23 09:06]
"Steam"="" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"=0 (0x0)
"NoFind"=0 (0x0)
"NoRun"=0 (0x0)
"NoDesktop"=0 (0x0)
"NoControlPanel"=0 (0x0)
"NoClose"=0 (0x0)
"StartMenuLogOff"=0 (0x0)
"HideClock"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

**************************************************************************

catchme 0.3.914 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-03 19:37:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-03 19:39:47 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-03 19:39

--- E O F ---

Merci!

Angeldark

Profil : Helper

Plus d'informations

03-07-2007 à 20:02:19

Masquer

Reposte un rapport Hijackthis.

---------------

Messages similaires

Dans l'actualité

Les téléchargements

Albums

Les dernières actualités

Les derniers dossiers