Virus "ads served by..." besoin d'aide.
Dernière réponse : dans Sécurité
Bonjour,
Je n'arrive pas à me débarrasser de certains (apparament) virus. Il ya quelques temps j'ai réussi à me débarrasser d'un cheval de troie qui m'affiché des pubs en permanence (em-pc-on-internet). Depuis je fais très attention à ce que je fais sur mon ordi, je fais des scans réguliers avec AVG, Avast et Spybot, mais malheureusement il me semble que j'ai le même problème qu'avant avec cette fois-ci des pubs "ads served by rightonads"... (et des dizaines de pages webs qui s'affichent sans s'arréter)
De plus (grand naïf que suis) je me suis fais "haker" commme dit mon "pote". Ce dernier ma envoyé un fichier (il parraisait vrai je vous jure...) avec lequel je pouvais soi disant voir les contacts qui m'avez bloquer... Bien sur je me suis fait niquer, et il s'est amuser à m'éteindre mon ordi et tout le tralala... et il m'a nargué en me disant: "j'arrête de t'embété mais je pourrais toujours recommencé." Sympa comme perspective...(super pote quand j'y pense, tsss)
J'aimerais trouver de l'aide et peut-être réglé les 2 problèmes en même temps (au moins le premier qui est le plus important). je promets par la suite d'être moins naif (pour pas dire con) et 10 fois plus vigilant...
Merci 1000 fois (rien que de lire ce message)
Je n'arrive pas à me débarrasser de certains (apparament) virus. Il ya quelques temps j'ai réussi à me débarrasser d'un cheval de troie qui m'affiché des pubs en permanence (em-pc-on-internet). Depuis je fais très attention à ce que je fais sur mon ordi, je fais des scans réguliers avec AVG, Avast et Spybot, mais malheureusement il me semble que j'ai le même problème qu'avant avec cette fois-ci des pubs "ads served by rightonads"... (et des dizaines de pages webs qui s'affichent sans s'arréter)
De plus (grand naïf que suis) je me suis fais "haker" commme dit mon "pote". Ce dernier ma envoyé un fichier (il parraisait vrai je vous jure...) avec lequel je pouvais soi disant voir les contacts qui m'avez bloquer... Bien sur je me suis fait niquer, et il s'est amuser à m'éteindre mon ordi et tout le tralala... et il m'a nargué en me disant: "j'arrête de t'embété mais je pourrais toujours recommencé." Sympa comme perspective...(super pote quand j'y pense, tsss)
J'aimerais trouver de l'aide et peut-être réglé les 2 problèmes en même temps (au moins le premier qui est le plus important). je promets par la suite d'être moins naif (pour pas dire con) et 10 fois plus vigilant...
Merci 1000 fois (rien que de lire ce message)
Autres pages sur : virus ads served besoin aide
Lassé par la pub ? Créez un compte
On ne up qu'après 24h !
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Re, excusez-moi pour le up... Voilà le rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:46:57, on 29/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\PokerStars\PokerStars.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ads_optimizer - {26E45419-7205-4fac-BBFE-174BC7337A79} - C:\WINDOWS\system32\nsy5.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\system32\l8H3jQmb.dll
O2 - BHO: rightonadz browser optimizer - {971C3384-F75E-4562-95B3-CBE7417529BC} - C:\WINDOWS\system32\gzmrotate.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InCD Helper (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe (file missing)
--
End of file - 6911 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:46:57, on 29/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\PokerStars\PokerStars.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ads_optimizer - {26E45419-7205-4fac-BBFE-174BC7337A79} - C:\WINDOWS\system32\nsy5.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\system32\l8H3jQmb.dll
O2 - BHO: rightonadz browser optimizer - {971C3384-F75E-4562-95B3-CBE7417529BC} - C:\WINDOWS\system32\gzmrotate.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InCD Helper (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe (file missing)
--
End of file - 6911 bytes
Re,
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
Double-clique VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo
Lorsque le scan est complété, clique sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
et que je viens d'oublier de poster, pardon... voilà:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:34:54, on 29/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ads_optimizer - {26E45419-7205-4fac-BBFE-174BC7337A79} - C:\WINDOWS\system32\nsy5.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\system32\l8H3jQmb.dll
O2 - BHO: rightonadz browser optimizer - {971C3384-F75E-4562-95B3-CBE7417529BC} - C:\WINDOWS\system32\gzmrotate.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InCD Helper (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe (file missing)
--
End of file - 6798 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:34:54, on 29/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ads_optimizer - {26E45419-7205-4fac-BBFE-174BC7337A79} - C:\WINDOWS\system32\nsy5.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\system32\l8H3jQmb.dll
O2 - BHO: rightonadz browser optimizer - {971C3384-F75E-4562-95B3-CBE7417529BC} - C:\WINDOWS\system32\gzmrotate.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InCD Helper (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe (file missing)
--
End of file - 6798 bytes
Désolé, mais il faut savoir attendre.
Télécharge combofix.exe (par sUBs) sur ton Bureau.
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
C'est quoi ce bazar? j'ai cliqué pour télécharger combofix, il arrive sur mon bureau, je l'éxécute, et avast me prévient qu'il contient un cheval de troie! je veux bien continuer à me faire aider mais il faut me dire si c'est normal ce genre de chose. j'ai quand même fait un rapport avec combo fix:
ComboFix 07-09-21.2 - "juillet" 2007-09-30 18:13:15.1 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.538 [GMT 2:00]
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\nsy5.dll
.
((((((((((((((((((((((((( Files Created from 2007-08-28 to 2007-09-30 )))))))))))))))))))))))))))))))
.
2007-09-30 18:10 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-29 20:43 <REP> d-------- C:\Program Files\Trend Micro
2007-09-29 20:38 <REP> d-------- C:\VundoFix Backups
2007-09-29 13:46 396,288 --a------ C:\HijackThis.exe
2007-09-26 12:48 40,733 --a------ C:\WINDOWS\system32\rightonadz-uninst.exe
2007-09-25 14:17 64,000 --a------ C:\WINDOWS\system32\gzmrotate.dll
2007-09-24 18:36 884 --a------ C:\WINDOWS\shlfolder.sys
2007-09-24 18:35 <REP> d-------- C:\Program Files\Adesign
2007-09-24 12:14 184,320 --a------ C:\WINDOWS\system32\l8H3jQmb.dll
2007-09-23 19:53 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-09-23 19:53 <REP> d-------- C:\Program Files\Windows Media Connect 2
2007-09-23 19:52 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-09-22 16:35 <REP> d-------- C:\WINDOWS\popup
2007-09-22 16:35 <REP> d-------- C:\WINDOWS\Groups
2007-09-22 09:28 184,320 --a------ C:\WINDOWS\system32\sVjdQE0x.dll
2007-09-17 19:17 <REP> d-------- C:\Program Files\eMule
2007-09-16 20:05 <REP> d-------- C:\Program Files\Adssite Advanced Toolbar
2007-09-16 20:05 <REP> d-------- C:\DOCUME~1\juillet\APPLIC~1\Adssite Advanced Toolbar
2007-09-16 19:59 79,832 --a------ C:\WINDOWS\system32\adssite-remove.exe
2007-09-16 19:59 40,315 --a------ C:\WINDOWS\system32\gzmrot-uninst.exe
2007-09-09 10:44 184,320 --a------ C:\WINDOWS\system32\d567WA8A.dll
2007-09-09 10:23 <REP> d-------- C:\Program Files\photos
2007-09-09 01:46 184,320 --a------ C:\WINDOWS\system32\qqn74MFf.dll
2007-09-08 16:50 <REP> d-------- C:\Program Files\TVAnts
2007-09-08 14:42 <REP> d-------- C:\DOCUME~1\juillet\APPLIC~1\vlc
2007-09-08 14:39 <REP> d-------- C:\Program Files\VideoLAN
2007-09-08 00:17 184,320 --a------ C:\WINDOWS\system32\vB52h0Eg.dll
2007-09-07 19:14 184,320 --a------ C:\WINDOWS\system32\i7v501gc.dll
2007-09-05 16:07 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2007-09-05 16:07 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
2007-09-05 16:07 <REP> d-------- C:\WINDOWS\system32\AlertModule
2007-09-05 15:25 <REP> dr------- C:\Program Files\Incomplete
2007-09-05 15:23 <REP> d-------- C:\DOCUME~1\juillet\Incomplete
2007-09-05 15:23 <REP> d-------- C:\DOCUME~1\juillet\APPLIC~1\LimeWire
2007-09-05 15:19 <REP> d-------- C:\Program Files\LimeWire
2007-09-04 23:07 <REP> d-------- C:\Program Files\SopCast
2007-09-04 23:07 <REP> d-------- C:\DOCUME~1\juillet\APPLIC~1\SopCast
2007-09-04 17:39 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-09-04 13:25 <REP> d-------- C:\WINDOWS\system32\LogFiles
2007-09-04 12:44 <REP> d-------- C:\DOCUME~1\juillet\APPLIC~1\TVU Networks
2007-09-04 12:43 <REP> d-------- C:\Program Files\TVUPlayer
2007-09-04 12:35 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
2007-09-04 12:33 <REP> d-------- C:\Program Files\Windows Live
2007-09-04 12:33 <REP> d-------- C:\Program Files\Messenger Plus! Live
2007-09-04 12:18 <REP> d-------- C:\DOCUME~1\juillet\Contacts
2007-09-04 12:15 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-09-04 12:15 <REP> d-------- C:\Program Files\MSN Messenger
2007-09-04 12:08 <REP> d-------- C:\Program Files\PokerStars
2007-09-04 11:53 94,208 --a------ C:\WINDOWS\system32\W32n50.dll
2007-09-04 11:53 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
2007-09-04 11:53 16,128 --------- C:\WINDOWS\system32\PCANDIS5.SYS
2007-09-04 11:51 <REP> d-------- C:\Program Files\Wanadoo
2007-09-04 11:11 <REP> d-------- C:\Program Files\Securitoo
2007-09-02 19:16 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-02 18:37 <REP> d-------- C:\Program Files\Alwil Software
2007-09-01 20:12 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-01 16:53 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-09-01 15:46 <REP> d-------- C:\Program Files\CCleaner
2007-09-01 12:46 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2007-09-01 12:22 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-01 11:59 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-09-01 11:59 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-01 11:59 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-09-01 11:59 1,874 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-01 00:26 <REP> d-------- C:\Program Files\Navilog1
2007-08-31 10:09 <REP> d-------- C:\DOCUME~1\juillet\APPLIC~1\Help
2007-08-28 12:41 <REP> d-------- C:\Program Files\EHM99
2007-08-28 12:40 9,984 --a------ C:\WINDOWS\system\DHOIPC.DLL
2007-08-28 12:40 78,272 --a------ C:\WINDOWS\system\WINSTORY.DLL
2007-08-28 12:40 49,152 --a------ C:\WINDOWS\system\FORMAT2.DLL
2007-08-28 12:40 244,240 --a------ C:\WINDOWS\system\BOOK.DLL
2007-08-28 12:39 188,960 --a------ C:\WINDOWS\system\WINGDE.DLL
2007-08-28 12:39 12,800 --a------ C:\WINDOWS\system\WING32.DLL
2007-08-28 12:38 92,208 --a------ C:\WINDOWS\system\WING.DLL
2007-08-27 22:10 <REP> d-------- C:\Program Files\Google
2007-08-27 22:10 <REP> d-------- C:\DOCUME~1\juillet\APPLIC~1\Google
2007-08-27 22:10 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-27 19:25 <REP> d---s---- C:\DOCUME~1\juillet\UserData
2007-08-25 23:33 <REP> d-------- C:\DOCUME~1\juillet\APPLIC~1\CyberLink
2007-08-25 23:32 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-08-25 22:40 <REP> d-------- C:\Program Files\World Basketball Manager
2007-08-25 11:14 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys
2007-08-25 11:14 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2007-08-24 13:42 <REP> d-------- C:\Program Files\Inventel
2007-08-24 11:07 302,592 --a------ C:\WINDOWS\unin040c.exe
2007-08-24 11:07 <REP> d-------- C:\DOCUME~1\juillet\WINDOWS
2007-08-23 19:56 144,896 --a--c--- C:\WINDOWS\system32\dllcache\epcfw2k.sys
2007-08-23 19:56 144,896 --a------ C:\WINDOWS\system32\drivers\epcfw2k.sys
2007-08-23 18:47 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-08-23 18:47 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-08-23 18:47 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-08-23 18:47 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-08-23 14:30 <REP> d-------- C:\WINDOWS\pss
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-06 12:05 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 12:05 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 12:03 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 12:02 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 12:00 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-06-13 15:22 1037312 --a------ C:\WINDOWS\explorer.exe
2004-10-01 16:00 40960 --a------ C:\Program Files\Uninstall_CDS.exe
--------- C:\Program Files\Hijackthis Version Française
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85589B5D-D53D-4237-A677-46B82EA275F3}]
2007-09-24 12:14 184320 --a------ C:\WINDOWS\system32\l8H3jQmb.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{971C3384-F75E-4562-95B3-CBE7417529BC}]
2007-09-25 14:17 64000 --a------ C:\WINDOWS\system32\gzmrotate.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 04:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 04:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 04:36]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 21:24]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
"hid_start"="C:\WINDOWS\system32\gzmrotate.dll" [2007-09-25 14:17]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
R3 epcfw2k;Pilote CF du port parallèle SCM;C:\WINDOWS\system32\DRIVERS\epcfw2k.sys
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-30 18:16:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-30 18:18:29 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-30 18:18
.
--- E O F ---
ComboFix 07-09-21.2 - "juillet" 2007-09-30 18:13:15.1 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.538 [GMT 2:00]
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\nsy5.dll
.
((((((((((((((((((((((((( Files Created from 2007-08-28 to 2007-09-30 )))))))))))))))))))))))))))))))
.
2007-09-30 18:10 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-29 20:43 <REP> d-------- C:\Program Files\Trend Micro
2007-09-29 20:38 <REP> d-------- C:\VundoFix Backups
2007-09-29 13:46 396,288 --a------ C:\HijackThis.exe
2007-09-26 12:48 40,733 --a------ C:\WINDOWS\system32\rightonadz-uninst.exe
2007-09-25 14:17 64,000 --a------ C:\WINDOWS\system32\gzmrotate.dll
2007-09-24 18:36 884 --a------ C:\WINDOWS\shlfolder.sys
2007-09-24 18:35 <REP> d-------- C:\Program Files\Adesign
2007-09-24 12:14 184,320 --a------ C:\WINDOWS\system32\l8H3jQmb.dll
2007-09-23 19:53 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-09-23 19:53 <REP> d-------- C:\Program Files\Windows Media Connect 2
2007-09-23 19:52 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-09-22 16:35 <REP> d-------- C:\WINDOWS\popup
2007-09-22 16:35 <REP> d-------- C:\WINDOWS\Groups
2007-09-22 09:28 184,320 --a------ C:\WINDOWS\system32\sVjdQE0x.dll
2007-09-17 19:17 <REP> d-------- C:\Program Files\eMule
2007-09-16 20:05 <REP> d-------- C:\Program Files\Adssite Advanced Toolbar
2007-09-16 20:05 <REP> d-------- C:\DOCUME~1\juillet\APPLIC~1\Adssite Advanced Toolbar
2007-09-16 19:59 79,832 --a------ C:\WINDOWS\system32\adssite-remove.exe
2007-09-16 19:59 40,315 --a------ C:\WINDOWS\system32\gzmrot-uninst.exe
2007-09-09 10:44 184,320 --a------ C:\WINDOWS\system32\d567WA8A.dll
2007-09-09 10:23 <REP> d-------- C:\Program Files\photos
2007-09-09 01:46 184,320 --a------ C:\WINDOWS\system32\qqn74MFf.dll
2007-09-08 16:50 <REP> d-------- C:\Program Files\TVAnts
2007-09-08 14:42 <REP> d-------- C:\DOCUME~1\juillet\APPLIC~1\vlc
2007-09-08 14:39 <REP> d-------- C:\Program Files\VideoLAN
2007-09-08 00:17 184,320 --a------ C:\WINDOWS\system32\vB52h0Eg.dll
2007-09-07 19:14 184,320 --a------ C:\WINDOWS\system32\i7v501gc.dll
2007-09-05 16:07 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2007-09-05 16:07 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
2007-09-05 16:07 <REP> d-------- C:\WINDOWS\system32\AlertModule
2007-09-05 15:25 <REP> dr------- C:\Program Files\Incomplete
2007-09-05 15:23 <REP> d-------- C:\DOCUME~1\juillet\Incomplete
2007-09-05 15:23 <REP> d-------- C:\DOCUME~1\juillet\APPLIC~1\LimeWire
2007-09-05 15:19 <REP> d-------- C:\Program Files\LimeWire
2007-09-04 23:07 <REP> d-------- C:\Program Files\SopCast
2007-09-04 23:07 <REP> d-------- C:\DOCUME~1\juillet\APPLIC~1\SopCast
2007-09-04 17:39 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-09-04 13:25 <REP> d-------- C:\WINDOWS\system32\LogFiles
2007-09-04 12:44 <REP> d-------- C:\DOCUME~1\juillet\APPLIC~1\TVU Networks
2007-09-04 12:43 <REP> d-------- C:\Program Files\TVUPlayer
2007-09-04 12:35 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
2007-09-04 12:33 <REP> d-------- C:\Program Files\Windows Live
2007-09-04 12:33 <REP> d-------- C:\Program Files\Messenger Plus! Live
2007-09-04 12:18 <REP> d-------- C:\DOCUME~1\juillet\Contacts
2007-09-04 12:15 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-09-04 12:15 <REP> d-------- C:\Program Files\MSN Messenger
2007-09-04 12:08 <REP> d-------- C:\Program Files\PokerStars
2007-09-04 11:53 94,208 --a------ C:\WINDOWS\system32\W32n50.dll
2007-09-04 11:53 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
2007-09-04 11:53 16,128 --------- C:\WINDOWS\system32\PCANDIS5.SYS
2007-09-04 11:51 <REP> d-------- C:\Program Files\Wanadoo
2007-09-04 11:11 <REP> d-------- C:\Program Files\Securitoo
2007-09-02 19:16 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-02 18:37 <REP> d-------- C:\Program Files\Alwil Software
2007-09-01 20:12 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-01 16:53 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-09-01 15:46 <REP> d-------- C:\Program Files\CCleaner
2007-09-01 12:46 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2007-09-01 12:22 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-01 11:59 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-09-01 11:59 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-01 11:59 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-09-01 11:59 1,874 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-01 00:26 <REP> d-------- C:\Program Files\Navilog1
2007-08-31 10:09 <REP> d-------- C:\DOCUME~1\juillet\APPLIC~1\Help
2007-08-28 12:41 <REP> d-------- C:\Program Files\EHM99
2007-08-28 12:40 9,984 --a------ C:\WINDOWS\system\DHOIPC.DLL
2007-08-28 12:40 78,272 --a------ C:\WINDOWS\system\WINSTORY.DLL
2007-08-28 12:40 49,152 --a------ C:\WINDOWS\system\FORMAT2.DLL
2007-08-28 12:40 244,240 --a------ C:\WINDOWS\system\BOOK.DLL
2007-08-28 12:39 188,960 --a------ C:\WINDOWS\system\WINGDE.DLL
2007-08-28 12:39 12,800 --a------ C:\WINDOWS\system\WING32.DLL
2007-08-28 12:38 92,208 --a------ C:\WINDOWS\system\WING.DLL
2007-08-27 22:10 <REP> d-------- C:\Program Files\Google
2007-08-27 22:10 <REP> d-------- C:\DOCUME~1\juillet\APPLIC~1\Google
2007-08-27 22:10 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-27 19:25 <REP> d---s---- C:\DOCUME~1\juillet\UserData
2007-08-25 23:33 <REP> d-------- C:\DOCUME~1\juillet\APPLIC~1\CyberLink
2007-08-25 23:32 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-08-25 22:40 <REP> d-------- C:\Program Files\World Basketball Manager
2007-08-25 11:14 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys
2007-08-25 11:14 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2007-08-24 13:42 <REP> d-------- C:\Program Files\Inventel
2007-08-24 11:07 302,592 --a------ C:\WINDOWS\unin040c.exe
2007-08-24 11:07 <REP> d-------- C:\DOCUME~1\juillet\WINDOWS
2007-08-23 19:56 144,896 --a--c--- C:\WINDOWS\system32\dllcache\epcfw2k.sys
2007-08-23 19:56 144,896 --a------ C:\WINDOWS\system32\drivers\epcfw2k.sys
2007-08-23 18:47 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-08-23 18:47 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-08-23 18:47 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-08-23 18:47 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-08-23 14:30 <REP> d-------- C:\WINDOWS\pss
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-06 12:05 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 12:05 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 12:03 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 12:02 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 12:00 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-06-13 15:22 1037312 --a------ C:\WINDOWS\explorer.exe
2004-10-01 16:00 40960 --a------ C:\Program Files\Uninstall_CDS.exe
--------- C:\Program Files\Hijackthis Version Française
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85589B5D-D53D-4237-A677-46B82EA275F3}]
2007-09-24 12:14 184320 --a------ C:\WINDOWS\system32\l8H3jQmb.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{971C3384-F75E-4562-95B3-CBE7417529BC}]
2007-09-25 14:17 64000 --a------ C:\WINDOWS\system32\gzmrotate.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 04:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 04:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 04:36]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 21:24]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
"hid_start"="C:\WINDOWS\system32\gzmrotate.dll" [2007-09-25 14:17]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
R3 epcfw2k;Pilote CF du port parallèle SCM;C:\WINDOWS\system32\DRIVERS\epcfw2k.sys
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-30 18:16:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-30 18:18:29 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-30 18:18
.
--- E O F ---
Re,
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
![]()
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
File::
C:\WINDOWS\system32\l8H3jQmb.dll
C:\WINDOWS\system32\gzmrotate.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85589B5D-D53D-4237-A677-46B82EA275F3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{971C3384-F75E-4562-95B3-CBE7417529BC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hid_start"=-
C:\WINDOWS\system32\l8H3jQmb.dll
C:\WINDOWS\system32\gzmrotate.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85589B5D-D53D-4237-A677-46B82EA275F3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{971C3384-F75E-4562-95B3-CBE7417529BC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hid_start"=-
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
J'ai encore eu le même problème au démarrage de combofix... voici le rapport combofix:
ComboFix 07-09-21.2 - "juillet" 2007-09-30 19:22:56.2 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.621 [GMT 2:00]
Command switches used :: C:\Documents and Settings\juillet\Bureau\CFScript.txt
* Created a new restore point
FILE::
C:\WINDOWS\system32\l8H3jQmb.dll
C:\WINDOWS\system32\gzmrotate.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\gzmrotate.dll
C:\WINDOWS\system32\l8H3jQmb.dll
.
((((((((((((((((((((((((( Files Created from 2007-08-28 to 2007-09-30 )))))))))))))))))))))))))))))))
.
2007-09-30 18:10 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-29 20:43 <REP> d-------- C:\Program Files\Trend Micro
2007-09-29 20:38 <REP> d-------- C:\VundoFix Backups
2007-09-29 13:46 396,288 --a------ C:\HijackThis.exe
2007-09-26 12:48 40,733 --a------ C:\WINDOWS\system32\rightonadz-uninst.exe
2007-09-24 18:36 884 --a------ C:\WINDOWS\shlfolder.sys
2007-09-24 18:35 <REP> d-------- C:\Program Files\Adesign
2007-09-23 19:53 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-09-23 19:53 <REP> d-------- C:\Program Files\Windows Media Connect 2
2007-09-23 19:52 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-09-22 16:35 <REP> d-------- C:\WINDOWS\popup
2007-09-22 16:35 <REP> d-------- C:\WINDOWS\Groups
2007-09-22 09:28 184,320 --a------ C:\WINDOWS\system32\sVjdQE0x.dll
2007-09-17 19:17 <REP> d-------- C:\Program Files\eMule
2007-09-16 20:05 <REP> d-------- C:\Program Files\Adssite Advanced Toolbar
2007-09-16 20:05 <REP> d-------- C:\DOCUME~1\juillet\APPLIC~1\Adssite Advanced Toolbar
2007-09-16 19:59 79,832 --a------ C:\WINDOWS\system32\adssite-remove.exe
2007-09-16 19:59 40,315 --a------ C:\WINDOWS\system32\gzmrot-uninst.exe
2007-09-09 10:44 184,320 --a------ C:\WINDOWS\system32\d567WA8A.dll
2007-09-09 10:23 <REP> d-------- C:\Program Files\photos
2007-09-09 01:46 184,320 --a------ C:\WINDOWS\system32\qqn74MFf.dll
2007-09-08 16:50 <REP> d-------- C:\Program Files\TVAnts
2007-09-08 14:42 <REP> d-------- C:\DOCUME~1\juillet\APPLIC~1\vlc
2007-09-08 14:39 <REP> d-------- C:\Program Files\VideoLAN
2007-09-08 00:17 184,320 --a------ C:\WINDOWS\system32\vB52h0Eg.dll
2007-09-07 19:14 184,320 --a------ C:\WINDOWS\system32\i7v501gc.dll
2007-09-05 16:07 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2007-09-05 16:07 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
2007-09-05 16:07 <REP> d-------- C:\WINDOWS\system32\AlertModule
2007-09-05 15:25 <REP> dr------- C:\Program Files\Incomplete
2007-09-05 15:23 <REP> d-------- C:\DOCUME~1\juillet\Incomplete
2007-09-05 15:23 <REP> d-------- C:\DOCUME~1\juillet\APPLIC~1\LimeWire
2007-09-05 15:19 <REP> d-------- C:\Program Files\LimeWire
2007-09-04 23:07 <REP> d-------- C:\Program Files\SopCast
2007-09-04 23:07 <REP> d-------- C:\DOCUME~1\juillet\APPLIC~1\SopCast
2007-09-04 17:39 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-09-04 13:25 <REP> d-------- C:\WINDOWS\system32\LogFiles
2007-09-04 12:44 <REP> d-------- C:\DOCUME~1\juillet\APPLIC~1\TVU Networks
2007-09-04 12:43 <REP> d-------- C:\Program Files\TVUPlayer
2007-09-04 12:35 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
2007-09-04 12:33 <REP> d-------- C:\Program Files\Windows Live
2007-09-04 12:33 <REP> d-------- C:\Program Files\Messenger Plus! Live
2007-09-04 12:18 <REP> d-------- C:\DOCUME~1\juillet\Contacts
2007-09-04 12:15 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-09-04 12:15 <REP> d-------- C:\Program Files\MSN Messenger
2007-09-04 12:08 <REP> d-------- C:\Program Files\PokerStars
2007-09-04 11:53 94,208 --a------ C:\WINDOWS\system32\W32n50.dll
2007-09-04 11:53 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
2007-09-04 11:53 16,128 --------- C:\WINDOWS\system32\PCANDIS5.SYS
2007-09-04 11:51 <REP> d-------- C:\Program Files\Wanadoo
2007-09-04 11:11 <REP> d-------- C:\Program Files\Securitoo
2007-09-02 19:16 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-02 18:37 <REP> d-------- C:\Program Files\Alwil Software
2007-09-01 20:12 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-01 16:53 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-09-01 15:46 <REP> d-------- C:\Program Files\CCleaner
2007-09-01 12:46 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2007-09-01 12:22 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-01 11:59 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-09-01 11:59 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-01 11:59 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-09-01 11:59 1,874 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-01 00:26 <REP> d-------- C:\Program Files\Navilog1
2007-08-31 10:09 <REP> d-------- C:\DOCUME~1\juillet\APPLIC~1\Help
2007-08-28 12:41 <REP> d-------- C:\Program Files\EHM99
2007-08-28 12:40 9,984 --a------ C:\WINDOWS\system\DHOIPC.DLL
2007-08-28 12:40 78,272 --a------ C:\WINDOWS\system\WINSTORY.DLL
2007-08-28 12:40 49,152 --a------ C:\WINDOWS\system\FORMAT2.DLL
2007-08-28 12:40 244,240 --a------ C:\WINDOWS\system\BOOK.DLL
2007-08-28 12:39 188,960 --a------ C:\WINDOWS\system\WINGDE.DLL
2007-08-28 12:39 12,800 --a------ C:\WINDOWS\system\WING32.DLL
2007-08-28 12:38 92,208 --a------ C:\WINDOWS\system\WING.DLL
2007-08-27 22:10 <REP> d-------- C:\Program Files\Google
2007-08-27 22:10 <REP> d-------- C:\DOCUME~1\juillet\APPLIC~1\Google
2007-08-27 22:10 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-27 19:25 <REP> d---s---- C:\DOCUME~1\juillet\UserData
2007-08-25 23:33 <REP> d-------- C:\DOCUME~1\juillet\APPLIC~1\CyberLink
2007-08-25 23:32 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-08-25 22:40 <REP> d-------- C:\Program Files\World Basketball Manager
2007-08-25 11:14 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys
2007-08-25 11:14 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2007-08-24 13:42 <REP> d-------- C:\Program Files\Inventel
2007-08-24 11:07 302,592 --a------ C:\WINDOWS\unin040c.exe
2007-08-24 11:07 <REP> d-------- C:\DOCUME~1\juillet\WINDOWS
2007-08-23 19:56 144,896 --a--c--- C:\WINDOWS\system32\dllcache\epcfw2k.sys
2007-08-23 19:56 144,896 --a------ C:\WINDOWS\system32\drivers\epcfw2k.sys
2007-08-23 18:47 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-08-23 18:47 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-08-23 18:47 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-08-23 18:47 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-08-23 14:30 <REP> d-------- C:\WINDOWS\pss
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-06 12:05 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 12:05 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 12:03 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 12:02 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 12:00 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-06-13 15:22 1037312 --a------ C:\WINDOWS\explorer.exe
2004-10-01 16:00 40960 --a------ C:\Program Files\Uninstall_CDS.exe
--------- C:\Program Files\Hijackthis Version Française
.
((((((((((((((((((((((((((((( snapshot_2007-09-30_181745.78 )))))))))))))))))))))))))))))))))))))))))
.
----atw 16,384 2007-09-30 17:25:53 C:\WINDOWS\Temp\Perflib_Perfdata_4c4.dat
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50]
R3 epcfw2k;Pilote CF du port parallèle SCM;C:\WINDOWS\system32\DRIVERS\epcfw2k.sys
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-30 19:26:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-30 19:27:55 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-30 19:27
C:\ComboFix2.txt ... 2007-09-30 18:18
.
--- E O F ---
Suivi de celui d'hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:29:46, on 30/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InCD Helper (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe (file missing)
--
End of file - 5078 bytes
Voilà, et maintenant? (est-ce que ça serait possible d'avoir des indications quant au virus de cmobofix dans la prochaine réponse? merci)
ComboFix 07-09-21.2 - "juillet" 2007-09-30 19:22:56.2 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.621 [GMT 2:00]
Command switches used :: C:\Documents and Settings\juillet\Bureau\CFScript.txt
* Created a new restore point
FILE::
C:\WINDOWS\system32\l8H3jQmb.dll
C:\WINDOWS\system32\gzmrotate.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\gzmrotate.dll
C:\WINDOWS\system32\l8H3jQmb.dll
.
((((((((((((((((((((((((( Files Created from 2007-08-28 to 2007-09-30 )))))))))))))))))))))))))))))))
.
2007-09-30 18:10 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-29 20:43 <REP> d-------- C:\Program Files\Trend Micro
2007-09-29 20:38 <REP> d-------- C:\VundoFix Backups
2007-09-29 13:46 396,288 --a------ C:\HijackThis.exe
2007-09-26 12:48 40,733 --a------ C:\WINDOWS\system32\rightonadz-uninst.exe
2007-09-24 18:36 884 --a------ C:\WINDOWS\shlfolder.sys
2007-09-24 18:35 <REP> d-------- C:\Program Files\Adesign
2007-09-23 19:53 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-09-23 19:53 <REP> d-------- C:\Program Files\Windows Media Connect 2
2007-09-23 19:52 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-09-22 16:35 <REP> d-------- C:\WINDOWS\popup
2007-09-22 16:35 <REP> d-------- C:\WINDOWS\Groups
2007-09-22 09:28 184,320 --a------ C:\WINDOWS\system32\sVjdQE0x.dll
2007-09-17 19:17 <REP> d-------- C:\Program Files\eMule
2007-09-16 20:05 <REP> d-------- C:\Program Files\Adssite Advanced Toolbar
2007-09-16 20:05 <REP> d-------- C:\DOCUME~1\juillet\APPLIC~1\Adssite Advanced Toolbar
2007-09-16 19:59 79,832 --a------ C:\WINDOWS\system32\adssite-remove.exe
2007-09-16 19:59 40,315 --a------ C:\WINDOWS\system32\gzmrot-uninst.exe
2007-09-09 10:44 184,320 --a------ C:\WINDOWS\system32\d567WA8A.dll
2007-09-09 10:23 <REP> d-------- C:\Program Files\photos
2007-09-09 01:46 184,320 --a------ C:\WINDOWS\system32\qqn74MFf.dll
2007-09-08 16:50 <REP> d-------- C:\Program Files\TVAnts
2007-09-08 14:42 <REP> d-------- C:\DOCUME~1\juillet\APPLIC~1\vlc
2007-09-08 14:39 <REP> d-------- C:\Program Files\VideoLAN
2007-09-08 00:17 184,320 --a------ C:\WINDOWS\system32\vB52h0Eg.dll
2007-09-07 19:14 184,320 --a------ C:\WINDOWS\system32\i7v501gc.dll
2007-09-05 16:07 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2007-09-05 16:07 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
2007-09-05 16:07 <REP> d-------- C:\WINDOWS\system32\AlertModule
2007-09-05 15:25 <REP> dr------- C:\Program Files\Incomplete
2007-09-05 15:23 <REP> d-------- C:\DOCUME~1\juillet\Incomplete
2007-09-05 15:23 <REP> d-------- C:\DOCUME~1\juillet\APPLIC~1\LimeWire
2007-09-05 15:19 <REP> d-------- C:\Program Files\LimeWire
2007-09-04 23:07 <REP> d-------- C:\Program Files\SopCast
2007-09-04 23:07 <REP> d-------- C:\DOCUME~1\juillet\APPLIC~1\SopCast
2007-09-04 17:39 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-09-04 13:25 <REP> d-------- C:\WINDOWS\system32\LogFiles
2007-09-04 12:44 <REP> d-------- C:\DOCUME~1\juillet\APPLIC~1\TVU Networks
2007-09-04 12:43 <REP> d-------- C:\Program Files\TVUPlayer
2007-09-04 12:35 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
2007-09-04 12:33 <REP> d-------- C:\Program Files\Windows Live
2007-09-04 12:33 <REP> d-------- C:\Program Files\Messenger Plus! Live
2007-09-04 12:18 <REP> d-------- C:\DOCUME~1\juillet\Contacts
2007-09-04 12:15 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-09-04 12:15 <REP> d-------- C:\Program Files\MSN Messenger
2007-09-04 12:08 <REP> d-------- C:\Program Files\PokerStars
2007-09-04 11:53 94,208 --a------ C:\WINDOWS\system32\W32n50.dll
2007-09-04 11:53 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
2007-09-04 11:53 16,128 --------- C:\WINDOWS\system32\PCANDIS5.SYS
2007-09-04 11:51 <REP> d-------- C:\Program Files\Wanadoo
2007-09-04 11:11 <REP> d-------- C:\Program Files\Securitoo
2007-09-02 19:16 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-02 18:37 <REP> d-------- C:\Program Files\Alwil Software
2007-09-01 20:12 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-01 16:53 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-09-01 15:46 <REP> d-------- C:\Program Files\CCleaner
2007-09-01 12:46 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2007-09-01 12:22 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-01 11:59 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-09-01 11:59 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-01 11:59 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-09-01 11:59 1,874 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-01 00:26 <REP> d-------- C:\Program Files\Navilog1
2007-08-31 10:09 <REP> d-------- C:\DOCUME~1\juillet\APPLIC~1\Help
2007-08-28 12:41 <REP> d-------- C:\Program Files\EHM99
2007-08-28 12:40 9,984 --a------ C:\WINDOWS\system\DHOIPC.DLL
2007-08-28 12:40 78,272 --a------ C:\WINDOWS\system\WINSTORY.DLL
2007-08-28 12:40 49,152 --a------ C:\WINDOWS\system\FORMAT2.DLL
2007-08-28 12:40 244,240 --a------ C:\WINDOWS\system\BOOK.DLL
2007-08-28 12:39 188,960 --a------ C:\WINDOWS\system\WINGDE.DLL
2007-08-28 12:39 12,800 --a------ C:\WINDOWS\system\WING32.DLL
2007-08-28 12:38 92,208 --a------ C:\WINDOWS\system\WING.DLL
2007-08-27 22:10 <REP> d-------- C:\Program Files\Google
2007-08-27 22:10 <REP> d-------- C:\DOCUME~1\juillet\APPLIC~1\Google
2007-08-27 22:10 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-27 19:25 <REP> d---s---- C:\DOCUME~1\juillet\UserData
2007-08-25 23:33 <REP> d-------- C:\DOCUME~1\juillet\APPLIC~1\CyberLink
2007-08-25 23:32 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-08-25 22:40 <REP> d-------- C:\Program Files\World Basketball Manager
2007-08-25 11:14 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys
2007-08-25 11:14 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2007-08-24 13:42 <REP> d-------- C:\Program Files\Inventel
2007-08-24 11:07 302,592 --a------ C:\WINDOWS\unin040c.exe
2007-08-24 11:07 <REP> d-------- C:\DOCUME~1\juillet\WINDOWS
2007-08-23 19:56 144,896 --a--c--- C:\WINDOWS\system32\dllcache\epcfw2k.sys
2007-08-23 19:56 144,896 --a------ C:\WINDOWS\system32\drivers\epcfw2k.sys
2007-08-23 18:47 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-08-23 18:47 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-08-23 18:47 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-08-23 18:47 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-08-23 14:30 <REP> d-------- C:\WINDOWS\pss
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-06 12:05 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 12:05 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 12:03 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 12:02 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 12:00 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-06-13 15:22 1037312 --a------ C:\WINDOWS\explorer.exe
2004-10-01 16:00 40960 --a------ C:\Program Files\Uninstall_CDS.exe
--------- C:\Program Files\Hijackthis Version Française
.
((((((((((((((((((((((((((((( snapshot_2007-09-30_181745.78 )))))))))))))))))))))))))))))))))))))))))
.
----atw 16,384 2007-09-30 17:25:53 C:\WINDOWS\Temp\Perflib_Perfdata_4c4.dat
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50]
R3 epcfw2k;Pilote CF du port parallèle SCM;C:\WINDOWS\system32\DRIVERS\epcfw2k.sys
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-30 19:26:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-30 19:27:55 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-30 19:27
C:\ComboFix2.txt ... 2007-09-30 18:18
.
--- E O F ---
Suivi de celui d'hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:29:46, on 30/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InCD Helper (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe (file missing)
--
End of file - 5078 bytes
Voilà, et maintenant? (est-ce que ça serait possible d'avoir des indications quant au virus de cmobofix dans la prochaine réponse? merci)
Re,
Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir
Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic
Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir
Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic
voilà, j'ai désinstaller avast! et j'ai installé antivir.. voici le scan d'antivir:
AntiVir PersonalEdition Classic
Report file date: dimanche 30 septembre 2007 22:59
Scanning for 860459 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: JUILLET-7901BA7
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 20:59:13
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 20:59:13
ANTIVIR2.VDF : 7.0.0.32 315904 Bytes 28/09/2007 20:59:13
ANTIVIR3.VDF : 7.0.0.34 34816 Bytes 30/09/2007 20:59:13
AVEWIN32.DLL : 7.6.0.18 2810368 Bytes 30/09/2007 20:59:14
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: dimanche 30 septembre 2007 23:00
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'WISPTIS.EXE' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Watch.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'ALERTM~1.EXE' - '1' Module(s) have been scanned
Scan process 'PollingModule.exe' - '1' Module(s) have been scanned
Scan process 'Inactivity.exe' - '1' Module(s) have been scanned
Scan process 'Toaster.exe' - '1' Module(s) have been scanned
Scan process 'ComComp.exe' - '1' Module(s) have been scanned
Scan process 'GestionnaireInternet.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
33 processes with 33 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '16' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\juillet\Mes documents\Trucs\Preparation_Messenger.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '47650f28.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\l8H3jQmb.dll.vir
[DETECTION] Is the Trojan horse TR/BHO.Agent.mio
[INFO] The file was moved to '47481712.qua'!
C:\System Volume Information\_restore{1D841DC1-CA9C-4734-B342-018622C336D4}\RP14\A0003612.dll
[DETECTION] Is the Trojan horse TR/BHO.IEBar.A
[INFO] The file was moved to '4730171b.qua'!
C:\System Volume Information\_restore{1D841DC1-CA9C-4734-B342-018622C336D4}\RP2\A0000036.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Patched.AF
[INFO] The file was moved to '4730172e.qua'!
C:\System Volume Information\_restore{1D841DC1-CA9C-4734-B342-018622C336D4}\RP20\A0003969.dll
[DETECTION] Contains detection pattern of the dropper DR/Agent.141853.A
[INFO] The file was moved to '47301736.qua'!
C:\System Volume Information\_restore{1D841DC1-CA9C-4734-B342-018622C336D4}\RP20\A0003971.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47301737.qua'!
C:\System Volume Information\_restore{1D841DC1-CA9C-4734-B342-018622C336D4}\RP23\A0005106.dll
[DETECTION] Is the Trojan horse TR/BHO.Agent.mio
[INFO] The file was moved to '47301740.qua'!
C:\System Volume Information\_restore{1D841DC1-CA9C-4734-B342-018622C336D4}\RP3\A0002123.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '4730174d.qua'!
C:\WINDOWS\system32\d567WA8A.dll
[DETECTION] Is the Trojan horse TR/BHO.Agent.mio
[INFO] The file was moved to '47361868.qua'!
C:\WINDOWS\system32\i7v501gc.dll
[DETECTION] Is the Trojan horse TR/BHO.Agent.mio
[INFO] The file was moved to '47761874.qua'!
C:\WINDOWS\system32\qqn74MFf.dll
[DETECTION] Is the Trojan horse TR/BHO.Agent.mio
[INFO] The file was moved to '476e18c2.qua'!
C:\WINDOWS\system32\sVjdQE0x.dll
[DETECTION] Is the Trojan horse TR/BHO.Agent.mio
[INFO] The file was moved to '476a18af.qua'!
C:\WINDOWS\system32\vB52h0Eg.dll
[DETECTION] Is the Trojan horse TR/BHO.Agent.mio
[INFO] The file was moved to '473518a0.qua'!
End of the scan: dimanche 30 septembre 2007 23:44
Used time: 44:02 min
The scan has been done completely.
2164 Scanning directories
151231 Files were scanned
11 viruses and/or unwanted programs were found
2 Files were classified as suspicious:
0 files were deleted
0 files were repaired
13 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
151220 Files not concerned
628 Archives were scanned
1 Warnings
0 Notes
AntiVir PersonalEdition Classic
Report file date: dimanche 30 septembre 2007 22:59
Scanning for 860459 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: JUILLET-7901BA7
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 20:59:13
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 20:59:13
ANTIVIR2.VDF : 7.0.0.32 315904 Bytes 28/09/2007 20:59:13
ANTIVIR3.VDF : 7.0.0.34 34816 Bytes 30/09/2007 20:59:13
AVEWIN32.DLL : 7.6.0.18 2810368 Bytes 30/09/2007 20:59:14
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: dimanche 30 septembre 2007 23:00
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'WISPTIS.EXE' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Watch.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'ALERTM~1.EXE' - '1' Module(s) have been scanned
Scan process 'PollingModule.exe' - '1' Module(s) have been scanned
Scan process 'Inactivity.exe' - '1' Module(s) have been scanned
Scan process 'Toaster.exe' - '1' Module(s) have been scanned
Scan process 'ComComp.exe' - '1' Module(s) have been scanned
Scan process 'GestionnaireInternet.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
33 processes with 33 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '16' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\juillet\Mes documents\Trucs\Preparation_Messenger.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '47650f28.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\l8H3jQmb.dll.vir
[DETECTION] Is the Trojan horse TR/BHO.Agent.mio
[INFO] The file was moved to '47481712.qua'!
C:\System Volume Information\_restore{1D841DC1-CA9C-4734-B342-018622C336D4}\RP14\A0003612.dll
[DETECTION] Is the Trojan horse TR/BHO.IEBar.A
[INFO] The file was moved to '4730171b.qua'!
C:\System Volume Information\_restore{1D841DC1-CA9C-4734-B342-018622C336D4}\RP2\A0000036.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Patched.AF
[INFO] The file was moved to '4730172e.qua'!
C:\System Volume Information\_restore{1D841DC1-CA9C-4734-B342-018622C336D4}\RP20\A0003969.dll
[DETECTION] Contains detection pattern of the dropper DR/Agent.141853.A
[INFO] The file was moved to '47301736.qua'!
C:\System Volume Information\_restore{1D841DC1-CA9C-4734-B342-018622C336D4}\RP20\A0003971.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47301737.qua'!
C:\System Volume Information\_restore{1D841DC1-CA9C-4734-B342-018622C336D4}\RP23\A0005106.dll
[DETECTION] Is the Trojan horse TR/BHO.Agent.mio
[INFO] The file was moved to '47301740.qua'!
C:\System Volume Information\_restore{1D841DC1-CA9C-4734-B342-018622C336D4}\RP3\A0002123.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '4730174d.qua'!
C:\WINDOWS\system32\d567WA8A.dll
[DETECTION] Is the Trojan horse TR/BHO.Agent.mio
[INFO] The file was moved to '47361868.qua'!
C:\WINDOWS\system32\i7v501gc.dll
[DETECTION] Is the Trojan horse TR/BHO.Agent.mio
[INFO] The file was moved to '47761874.qua'!
C:\WINDOWS\system32\qqn74MFf.dll
[DETECTION] Is the Trojan horse TR/BHO.Agent.mio
[INFO] The file was moved to '476e18c2.qua'!
C:\WINDOWS\system32\sVjdQE0x.dll
[DETECTION] Is the Trojan horse TR/BHO.Agent.mio
[INFO] The file was moved to '476a18af.qua'!
C:\WINDOWS\system32\vB52h0Eg.dll
[DETECTION] Is the Trojan horse TR/BHO.Agent.mio
[INFO] The file was moved to '473518a0.qua'!
End of the scan: dimanche 30 septembre 2007 23:44
Used time: 44:02 min
The scan has been done completely.
2164 Scanning directories
151231 Files were scanned
11 viruses and/or unwanted programs were found
2 Files were classified as suspicious:
0 files were deleted
0 files were repaired
13 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
151220 Files not concerned
628 Archives were scanned
1 Warnings
0 Notes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:04:34, on 03/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://r.orange.fr/r/WGlistemsg
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InCD Helper (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe (file missing)
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
--
End of file - 5365 bytes
Voilà, et maintenant? (je n'ai plus aucune pubs qui s'affichent... doncça c'est bien![:)]( ":)")
)
Scan saved at 14:04:34, on 03/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://r.orange.fr/r/WGlistemsg
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InCD Helper (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe (file missing)
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
--
End of file - 5365 bytes
Voilà, et maintenant? (je n'ai plus aucune pubs qui s'affichent... doncça c'est bien
)Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumBesoin d'aide virus zafi.b
- ForumVirus sasser besoin d'aide
- ForumBesoin d'aide virus rootkit.agent
- ForumVirus probable besoin d'aide
- ForumBesoin d'aide attaque virus.
- ForumVirus trz.tmp. besoin d'aide
- ForumBesoin d'aide pour un eventuel virus
- ForumPop up ou virus ads
- ForumVirus ads
- ForumVirus ads regiedepub
- Voir plus
