Impossible à enlever Trojan horse TR/Vundo.Gen

wantmaster

4 Mars 2008 17:46:49

Bonjour, Je viens de me choper une saloperie de Trojan horse TR/Vundo.Gen que Antivir ma détecter.

Il n'arrive pas à supprimer le fichier C:\WINDOWS\system32\nnllm.dll

Je viens de refaire un scan en mode sans echec et il me le détecte pas. Surement un malaware. J'ai essayé de mettre en quarantaine le dll concerné mais il reviens toujours.

J'ai fais un spybot mais aussi à l'usine à gaz de ad-aware 2007 mais rien y fais il perciste.

Merci de bien vouloir m'aider :sweat:

Voici le rapport de Hitjackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:33:26, on 04/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

 
Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

D:\Avira\AntiVir PersonalEdition Classic\avguard.exe

D:\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

D:\Program Files\Raxco\PerfectDisk\PDSched.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

D:\Program Files\Notebook Hardware Control\nhc.exe

D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

D:\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Program Files\SuperCopier\SuperCopier.exe

D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe

C:\WINDOWS\System32\svchost.exe

D:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

E:\Travail\PortableApps\FirefoxPortable\App\firefox\firefox.exe

D:\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE

D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.google.fr/" target="_blank">http://www.google.fr/</a>

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a>

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a>

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = <a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a>

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: (no name) - {05673812-7650-4DDF-AEB1-0C0021AAE0C8} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {2BD91080-33F5-4386-B00E-1FCF6E04D65F} - C:\WINDOWS\system32\nnllm.dll

O2 - BHO: (no name) - {3AA83C2D-8C0B-4670-84C8-355518A2A664} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {67DD68CE-8163-418F-A001-05012A54525A} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {88FCBA94-DB29-4BA2-8186-1703480A5024} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {AB7A56BD-72B9-430A-BFAA-138653D4B533} - (no file)

O2 - BHO: (no name) - {C9706E13-38A1-4956-90C3-C172F890F752} - (no file)

O2 - BHO: (no name) - {DD7699E0-4D08-431E-A410-1A35085E12B5} - (no file)

O2 - BHO: (no name) - {EC916EB0-EEC9-412D-A384-8FEC9CA9A187} - (no file)

O2 - BHO: (no name) - {ED120D76-BF31-412C-A99B-783C6676E128} - C:\WINDOWS\system32\pmnmlkj.dll

O2 - BHO: (no name) - {EDE5193C-C56E-40E6-A3F2-266ED70FF719} - (no file)

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [NotebookHardwareControl] "D:\Program Files\Notebook Hardware Control\nhc.exe" -quiet

O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [08f58035] rundll32.exe "C:\WINDOWS\system32\cxjxikkd.dll",b

O4 - HKLM\..\Run: [avgnt] "D:\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [SuperCopier.exe] D:\Program Files\SuperCopier\SuperCopier.exe

O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=<a href="http://www.google.fr/" target="_blank">http://www.google.fr/</a>

O17 - HKLM\System\CCS\Services\Tcpip\..\{6B3D8131-984E-41AD-86D9-F3E949A88B77}: NameServer = 192.168.1.1

O20 - AppInit_DLLs:  

O20 - Winlogon Notify: pmnmlkj - C:\WINDOWS\SYSTEM32\pmnmlkj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe

O23 - Service: PDEngine - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDSched.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 
--

End of file - 7917 bytes

En se moment je refais un spybot en mode sans echec.

Autres pages sur : impossible enlever trojan horse vundo gen

| Etre averti des réponses
| Alerter

Répondre à wantmaster

wantmaster

5 Mars 2008 12:24:33

Après le scan de spybot, toujours rien.
Personne ne vois coment faire?

| Alerter

Répondre à wantmaster

Angeldark

5 Mars 2008 12:36:24

Bonjour,

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

Double-clique VundoFix.exe afin de le lancer

Clique sur le bouton Scan for Vundo

Lorsque le scan est complété, clique sur le bouton Remove Vundo

Une invite te demandera si tu veux supprimer les fichiers, clique YES

Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers

Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK

Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

&

Télécharge[#ff0000] FindAWF[/#f]:
http://noahdfear.net/downloads/FindAWF.exe

Sauvegarde le fichier sur ton Bureau.
Double-clique sur l'icône FindAWF. Appuie sur une touche pour poursuivre le lancement de l'outil.

Si une alerte de sécurité apparait, autorise le programme à s'exécuter.
Comme indiqué, presse une touche pour continuer.
Choisis l'option suivante : Press 1 then Enter to scan for bak folders
Le scan peut prendre un peu de temps, donc soit patient.

Quand il a fini, un rapport Find AWF report est généré.
Poste ce rapport Find AWF report dans ta prochaine réponse.

| Alerter

Répondre à Angeldark

wantmaster

5 Mars 2008 16:04:05

Voici le rapport VundiFix.exe une autre version car le votre me dis:

Run-time error '339':

Component 'comdlg32.ocx' or one of its dependencies not correctly registered: a file is missing or invalid

Sinon sur la version VundoFix V6.5.4 voici le rapport:

VundoFix V6.5.4

 
Checking Java version...

 
Scan started at 16:56:12 05/03/2008

 
Listing files found while scanning....

 
No infected files were found.

 
 
Beginning removal...

Voici le rapport Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:59:40, on 05/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

 
Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

D:\Avira\AntiVir PersonalEdition Classic\avguard.exe

D:\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

D:\Program Files\Raxco\PerfectDisk\PDSched.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

D:\Program Files\Notebook Hardware Control\nhc.exe

D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

D:\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Program Files\SuperCopier\SuperCopier.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe

D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\WINDOWS\system32\wuauclt.exe

E:\Travail\PortableApps\FirefoxPortable\App\firefox\firefox.exe

D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.google.fr/" target="_blank">http://www.google.fr/</a>

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a>

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a>

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = <a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a>

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [NotebookHardwareControl] "D:\Program Files\Notebook Hardware Control\nhc.exe" -quiet

O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [08f58035] rundll32.exe "C:\WINDOWS\system32\cxjxikkd.dll",b

O4 - HKLM\..\Run: [avgnt] "D:\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [SuperCopier.exe] D:\Program Files\SuperCopier\SuperCopier.exe

O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=<a href="http://www.google.fr/" target="_blank">http://www.google.fr/</a>

O17 - HKLM\System\CCS\Services\Tcpip\..\{6B3D8131-984E-41AD-86D9-F3E949A88B77}: NameServer = 192.168.1.1

O20 - AppInit_DLLs:  

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe

O23 - Service: PDEngine - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDSched.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 
--

End of file - 6398 bytes

Voici Find AWF report:

Find AWF report by noahdfear ©2006

               Version 1.40

 
 
 
  bak folders found

  ~~~~~~~~~~~

 
 
 
  Duplicate files of bak directory contents

  ~~~~~~~~~~~~~~~~~~~~~~~

 
 
 
  end of report

| Alerter

Répondre à wantmaster

Angeldark

5 Mars 2008 17:38:48

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.

Double clique sur combofix.exe afin de le lancer.

Tape sur la touche 1 (Yes) pour démarrer le scan.

Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

| Alerter

Répondre à Angeldark

wantmaster

5 Mars 2008 19:54:43

Merci de ton aide

.

Voici le rapport de Combofix:

* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\mllnn.ini
C:\WINDOWS\system32\mllnn.ini2
C:\WINDOWS\system32\nnllm.dll
C:\WINDOWS\system32\nynflskg.ini
C:\WINDOWS\system32\pmnmlkj.dll
C:\WINDOWS\system32\stvwa.ini
C:\WINDOWS\system32\stvwa.ini2
C:\WINDOWS\system32\tgfvvaxk.dll
C:\WINDOWS\system32\wdanbtvu.ini
C:\WINDOWS\system32\xxyyaww.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-05 to 2008-03-05 ))))))))))))))))))))))))))))))))))))
.

2008-03-05 17:49 . 2004-08-19 16:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-03-05 16:48 . 2008-03-05 16:48 <REP> d-------- C:\VundoFix Backups
2008-03-04 02:09 . 2008-03-04 02:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-04 01:33 . 2008-03-04 01:49 1,304,182 ---hs---- C:\WINDOWS\system32\mluwidwo.ini
2008-03-03 20:35 . 2008-03-03 20:35 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-03-03 20:32 . 2008-03-03 20:32 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-03-03 19:20 . 2008-03-05 20:42 886,816 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-03 19:20 . 2008-03-05 20:41 14,552 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-03 19:16 . 2008-03-03 19:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-03-03 19:16 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-03-03 19:16 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-03-03 19:16 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-03-03 19:16 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-03-03 19:16 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-03-03 19:16 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-03-03 19:16 . 2008-03-03 19:18 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-03-03 19:14 . 2008-03-05 20:30 <REP> d-------- C:\WINDOWS\Internet Logs
2008-03-03 01:52 . 2008-03-03 11:04 <REP> d-------- C:\Documents and Settings\SALHI\Application Data\Comodo
2008-03-03 01:52 . 2008-03-03 11:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-03-03 01:29 . 2008-03-04 01:30 1,304,062 ---hs---- C:\WINDOWS\system32\dkkixjxc.ini
2008-03-02 01:46 . 2008-03-02 01:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-02 01:45 . 2008-03-02 01:45 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-02 00:30 . 2008-03-02 00:30 <REP> d-------- C:\Documents and Settings\SALHI\Application Data\Talkback
2008-03-02 00:30 . 2008-03-02 00:30 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-02 00:29 . 2008-03-02 00:29 <REP> d-------- C:\Documents and Settings\SALHI\Application Data\Thunderbird
2008-03-01 23:53 . 2008-03-01 23:53 <REP> d-------- C:\Program Files\Fichiers communs\Macromedia
2008-03-01 23:52 . 2008-03-01 23:52 <REP> d-------- C:\WINDOWS\Downloaded Installations
2008-02-29 12:32 . 2008-02-29 12:32 90 --a------ C:\WINDOWS\wininit.ini
2008-02-29 12:04 . 2008-02-29 12:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-29 03:02 . 2008-02-27 19:40 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r%u201Aseau
2008-02-29 03:02 . 2008-02-27 19:40 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-02-29 03:02 . 2008-02-27 19:45 <REP> d--h----- C:\Documents and Settings\Administrateur\Mod%u0160les
2008-02-29 03:02 . 2008-02-27 19:40 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-02-29 03:02 . 2008-02-27 19:40 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D%u201Amarrer
2008-02-29 03:02 . 2008-02-27 19:40 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-02-29 03:02 . 2008-02-27 19:40 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-02-29 02:27 . 2008-02-29 02:27 <REP> d-------- C:\WINDOWS\Sun
2008-02-28 11:54 . 2008-02-28 11:54 <REP> d---s---- C:\Documents and Settings\SALHI\UserData
2008-02-28 11:44 . 2008-02-28 11:44 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-02-28 11:44 . 2008-02-28 11:44 <REP> d-------- C:\Program Files\MSN Messenger
2008-02-28 11:44 . 2008-02-28 11:44 <REP> d-------- C:\Documents and Settings\SALHI\Contacts
2008-02-27 23:14 . 2008-02-27 23:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-02-27 23:01 . 2008-02-27 23:01 <REP> d-------- C:\Program Files\MSECache
2008-02-27 22:45 . 2008-03-05 20:42 12,288 --a------ C:\WINDOWS\system32\drivers\nhcDriver.sys
2008-02-27 21:10 . 2008-02-27 21:10 <REP> d-------- C:\Program Files\Fichiers communs\Raxco
2008-02-27 21:07 . 2008-02-27 21:07 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-02-27 21:05 . 2008-02-27 21:05 <REP> d-------- C:\Program Files\MSBuild
2008-02-27 21:05 . 2008-02-27 21:05 <REP> d-------- C:\Program Files\Microsoft Works
2008-02-27 21:05 . 2006-10-26 19:58 30,512 --a------ C:\WINDOWS\system32\mdimon.dll
2008-02-27 21:00 . 2008-02-27 21:04 <REP> d-------- C:\WINDOWS\SHELLNEW
2008-02-27 21:00 . 2008-02-27 21:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-27 19:45 --------- d-----w C:\Program Files\Alwil Software
2008-02-27 19:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-27 19:35 --------- d-----w C:\Program Files\InterVideo
2008-02-27 19:34 1,716 --sha-r C:\WINDOWS\system32\drivers\HP_hp CPQ nc6000 (DD522AV)_YN_U_QFRB407_E_4_I0890_SHP_V8051 Version 1A.19_B68BDD Ver. F.14_T050623_WXP2_L40C_M2048_J80_7Intel_8Pentium M_91,79_1_N_P12177223_Z808624C6_K_A808624C5_U808624C2_G10024E50.MRK
2008-02-27 19:34 --------- d-----w C:\Program Files\Java
2008-02-27 19:34 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-02-27 19:33 --------- d-----w C:\Program Files\HPQ
2008-02-27 19:32 --------- d-----w C:\Program Files\Intel
2008-02-27 19:31 --------- d-----w C:\Program Files\HP
2008-02-27 19:28 --------- d-----w C:\Program Files\ATI Technologies
2008-02-27 19:27 --------- d-----w C:\Program Files\Synaptics
2008-02-27 19:26 --------- d-----w C:\Program Files\Broadcom
2008-02-27 19:24 --------- d-----w C:\Program Files\WIDCOMM
2008-02-27 19:23 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-02-27 19:23 --------- d-----w C:\Program Files\Analog Devices
2008-02-27 18:54 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-27 18:48 558,142 ----a-w C:\WINDOWS\java\Packages\OEYAB9NB.ZIP
2008-02-27 18:48 155,995 ----a-w C:\WINDOWS\java\Packages\42N7R5JV.ZIP
2008-02-27 18:45 --------- d-----w C:\Program Files\Services en ligne
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-13 18:27 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05673812-7650-4DDF-AEB1-0C0021AAE0C8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0FAAEB63-B537-41E4-B057-09D53645121F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2BD91080-33F5-4386-B00E-1FCF6E04D65F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30852797-0F09-42A0-8340-3E169A7A3C01}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3AA83C2D-8C0B-4670-84C8-355518A2A664}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67DD68CE-8163-418F-A001-05012A54525A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88FCBA94-DB29-4BA2-8186-1703480A5024}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8f4120fc-a753-4cb9-96e6-4c80ea5eab91}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB7A56BD-72B9-430A-BFAA-138653D4B533}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C9706E13-38A1-4956-90C3-C172F890F752}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD7699E0-4D08-431E-A410-1A35085E12B5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EC916EB0-EEC9-412D-A384-8FEC9CA9A187}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ED120D76-BF31-412C-A99B-783C6676E128}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EDE5193C-C56E-40E6-A3F2-266ED70FF719}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"SuperCopier.exe"="D:\Program Files\SuperCopier\SuperCopier.exe" [2003-04-24 23:03 683520]
"SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-30 18:01 88267 C:\WINDOWS\AGRSMMSG.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-07-15 21:09 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-07-15 21:08 618496]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 23:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 21:10 335872]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2003-07-15 17:55 274432]
"NotebookHardwareControl"="D:\Program Files\Notebook Hardware Control\nhc.exe" [2006-09-01 18:40 2228224]
"ZoneAlarm Client"="D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]
"08f58035"="C:\WINDOWS\system32\cxjxikkd.dll" [ ]
"avgnt"="D:\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-04 02:12 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnmlkj]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"E:\\emulemorph\\emule\\emule.exe"=
"C:\\Documents and Settings\\SALHI\\Bureau\\srv\\mnt\\usr\\local\\mysql\\bin\\mysqld.exe"=
"C:\\Documents and Settings\\SALHI\\Bureau\\srv\\mnt\\usr\\local\\apache2\\bin\\Apache.exe"=

R0 Defrag32b;Defrag32Boot;C:\WINDOWS\system32\drivers\Defrag32b.sys [2004-10-23 09:01]
R2 Defrag32;Defrag32;C:\WINDOWS\system32\drivers\Defrag32.sys [2004-10-23 09:01]
R2 PDSched;PDScheduler;"D:\Program Files\Raxco\PerfectDisk\PDSched.exe" [2005-01-04 15:59]
R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2003-07-29 02:49]
R3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [2003-07-24 16:50]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eae1f3f0-e580-11dc-8ba3-00127958341a}]
\Shell\AutoRun\command - H:\TrueCrypt\TrueCrypt.exe /q background /e /m rm /v "cryptage"
\Shell\dismount\command - H:\TrueCrypt\TrueCrypt.exe /q /d
\Shell\start\command - H:\TrueCrypt\TrueCrypt.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-05 20:42:56
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-05 20:44:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-05 19:44:13

| Alerter

Répondre à wantmaster

wantmaster

6 Mars 2008 12:25:31

Je fais quoi ensuite Angeldark???
Si c'est trop long, autant que je formate le tout??

| Alerter

Répondre à wantmaster

Angeldark

6 Mars 2008 12:35:00

Re,

La prochaine fois, mets les rapports dans les balises [*fixed] (sans *)

[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

File::
C:\WINDOWS\system32\mluwidwo.ini
C:\WINDOWS\system32\cxjxikkd.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05673812-7650-4DDF-AEB1-0C0021AAE0C8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0FAAEB63-B537-41E4-B057-09D53645121F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2BD91080-33F5-4386-B00E-1FCF6E04D65F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30852797-0F09-42A0-8340-3E169A7A3C01}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3AA83C2D-8C0B-4670-84C8-355518A2A664}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67DD68CE-8163-418F-A001-05012A54525A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88FCBA94-DB29-4BA2-8186-1703480A5024}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8f4120fc-a753-4cb9-96e6-4c80ea5eab91}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB7A56BD-72B9-430A-BFAA-138653D4B533}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C9706E13-38A1-4956-90C3-C172F890F752}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD7699E0-4D08-431E-A410-1A35085E12B5}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EC916EB0-EEC9-412D-A384-8FEC9CA9A187}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ED120D76-BF31-412C-A99B-783C6676E128}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EDE5193C-C56E-40E6-A3F2-266ED70FF719}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"08f58035"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-

Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]

| Alerter

Répondre à Angeldark

wantmaster

6 Mars 2008 13:31:21

Voici le rapport Combofix.exe:

ComboFix 08-03-05.1 - SALHI 2008-03-06 14:26:19.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1615 [GMT 1:00]
Endroit: C:\Documents and Settings\SALHI\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\SALHI\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\WINDOWS\system32\cxjxikkd.dll
C:\WINDOWS\system32\mluwidwo.ini
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\mluwidwo.ini

.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-06 to 2008-03-06 ))))))))))))))))))))))))))))))))))))
.

2008-03-05 22:05 . 2008-03-05 22:05 <REP> d-------- C:\Documents and Settings\SALHI\Application Data\InterVideo
2008-03-05 17:49 . 2004-08-19 16:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-03-05 16:48 . 2008-03-05 16:48 <REP> d-------- C:\VundoFix Backups
2008-03-04 02:09 . 2008-03-04 02:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-03 20:35 . 2008-03-03 20:35 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-03-03 20:32 . 2008-03-03 20:32 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-03-03 19:20 . 2008-03-06 14:27 1,034,272 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-03 19:20 . 2008-03-05 20:41 14,552 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-03 19:16 . 2008-03-03 19:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-03-03 19:16 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-03-03 19:16 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-03-03 19:16 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-03-03 19:16 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-03-03 19:16 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-03-03 19:16 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-03-03 19:16 . 2008-03-03 19:18 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-03-03 19:14 . 2008-03-06 14:23 <REP> d-------- C:\WINDOWS\Internet Logs
2008-03-03 01:52 . 2008-03-03 11:04 <REP> d-------- C:\Documents and Settings\SALHI\Application Data\Comodo
2008-03-03 01:52 . 2008-03-03 11:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-03-03 01:29 . 2008-03-04 01:30 1,304,062 ---hs---- C:\WINDOWS\system32\dkkixjxc.ini
2008-03-02 01:46 . 2008-03-02 01:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-02 01:45 . 2008-03-02 01:45 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-02 00:30 . 2008-03-02 00:30 <REP> d-------- C:\Documents and Settings\SALHI\Application Data\Talkback
2008-03-02 00:30 . 2008-03-02 00:30 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-02 00:29 . 2008-03-02 00:29 <REP> d-------- C:\Documents and Settings\SALHI\Application Data\Thunderbird
2008-03-01 23:53 . 2008-03-01 23:53 <REP> d-------- C:\Program Files\Fichiers communs\Macromedia
2008-03-01 23:52 . 2008-03-01 23:52 <REP> d-------- C:\WINDOWS\Downloaded Installations
2008-02-29 12:32 . 2008-02-29 12:32 90 --a------ C:\WINDOWS\wininit.ini
2008-02-29 12:04 . 2008-02-29 12:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-29 03:02 . 2008-02-27 19:40 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-02-29 03:02 . 2008-02-27 19:40 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-02-29 03:02 . 2008-02-27 19:45 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-02-29 03:02 . 2008-02-27 19:40 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-02-29 03:02 . 2008-02-27 19:40 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-02-29 03:02 . 2008-02-27 19:40 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-02-29 03:02 . 2008-02-27 19:40 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-02-29 02:27 . 2008-02-29 02:27 <REP> d-------- C:\WINDOWS\Sun
2008-02-28 11:54 . 2008-02-28 11:54 <REP> d--hs---- C:\Documents and Settings\SALHI\UserData
2008-02-28 11:44 . 2008-02-28 11:44 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-02-28 11:44 . 2008-02-28 11:44 <REP> d-------- C:\Program Files\MSN Messenger
2008-02-28 11:44 . 2008-02-28 11:44 <REP> d-------- C:\Documents and Settings\SALHI\Contacts
2008-02-27 23:14 . 2008-02-27 23:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-02-27 23:01 . 2008-02-27 23:01 <REP> d-------- C:\Program Files\MSECache
2008-02-27 22:45 . 2008-03-05 20:42 12,288 --a------ C:\WINDOWS\system32\drivers\nhcDriver.sys
2008-02-27 21:10 . 2008-02-27 21:10 <REP> d-------- C:\Program Files\Fichiers communs\Raxco
2008-02-27 21:07 . 2008-02-27 21:07 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-02-27 21:05 . 2008-02-27 21:05 <REP> d-------- C:\Program Files\MSBuild
2008-02-27 21:05 . 2008-02-27 21:05 <REP> d-------- C:\Program Files\Microsoft Works
2008-02-27 21:05 . 2006-10-26 19:58 30,512 --a------ C:\WINDOWS\system32\mdimon.dll
2008-02-27 21:00 . 2008-02-27 21:04 <REP> d-------- C:\WINDOWS\SHELLNEW
2008-02-27 21:00 . 2008-02-27 21:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-27 19:45 --------- d-----w C:\Program Files\Alwil Software
2008-02-27 19:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-27 19:35 --------- d-----w C:\Program Files\InterVideo
2008-02-27 19:34 1,716 --sha-r C:\WINDOWS\system32\drivers\HP_hp CPQ nc6000 (DD522AV)_YN_U_QFRB407_E_4_I0890_SHP_V8051 Version 1A.19_B68BDD Ver. F.14_T050623_WXP2_L40C_M2048_J80_7Intel_8Pentium M_91,79_1_N_P12177223_Z808624C6_K_A808624C5_U808624C2_G10024E50.MRK
2008-02-27 19:34 --------- d-----w C:\Program Files\Java
2008-02-27 19:34 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-02-27 19:33 --------- d-----w C:\Program Files\HPQ
2008-02-27 19:32 --------- d-----w C:\Program Files\Intel
2008-02-27 19:31 --------- d-----w C:\Program Files\HP
2008-02-27 19:28 --------- d-----w C:\Program Files\ATI Technologies
2008-02-27 19:27 --------- d-----w C:\Program Files\Synaptics
2008-02-27 19:26 --------- d-----w C:\Program Files\Broadcom
2008-02-27 19:24 --------- d-----w C:\Program Files\WIDCOMM
2008-02-27 19:23 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-02-27 19:23 --------- d-----w C:\Program Files\Analog Devices
2008-02-27 18:54 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-27 18:48 558,142 ----a-w C:\WINDOWS\java\Packages\OEYAB9NB.ZIP
2008-02-27 18:48 155,995 ----a-w C:\WINDOWS\java\Packages\42N7R5JV.ZIP
2008-02-27 18:45 --------- d-----w C:\Program Files\Services en ligne
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-13 18:27 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"SuperCopier.exe"="D:\Program Files\SuperCopier\SuperCopier.exe" [2003-04-24 23:03 683520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-30 18:01 88267 C:\WINDOWS\AGRSMMSG.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-07-15 21:09 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-07-15 21:08 618496]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 23:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 21:10 335872]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2003-07-15 17:55 274432]
"NotebookHardwareControl"="D:\Program Files\Notebook Hardware Control\nhc.exe" [2006-09-01 18:40 2228224]
"ZoneAlarm Client"="D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]
"avgnt"="D:\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-04 02:12 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2003-09-12 11:42:00 503869]
Lancement rapide d'Adobe Reader.lnk - D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"E:\\emulemorph\\emule\\emule.exe"=
"C:\\Documents and Settings\\SALHI\\Bureau\\srv\\mnt\\usr\\local\\mysql\\bin\\mysqld.exe"=
"C:\\Documents and Settings\\SALHI\\Bureau\\srv\\mnt\\usr\\local\\apache2\\bin\\Apache.exe"=

R0 Defrag32b;Defrag32Boot;C:\WINDOWS\system32\drivers\Defrag32b.sys [2004-10-23 09:01]
R2 Defrag32;Defrag32;C:\WINDOWS\system32\drivers\Defrag32.sys [2004-10-23 09:01]
R2 PDSched;PDScheduler;"D:\Program Files\Raxco\PerfectDisk\PDSched.exe" [2005-01-04 15:59]
R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2003-07-29 02:49]
R3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [2003-07-24 16:50]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eae1f3f0-e580-11dc-8ba3-00127958341a}]
\Shell\AutoRun\command - H:\TrueCrypt\TrueCrypt.exe /q background /e /m rm /v "cryptage"
\Shell\dismount\command - H:\TrueCrypt\TrueCrypt.exe /q /d
\Shell\start\command - H:\TrueCrypt\TrueCrypt.exe

*Newly Created Service* - UDFS
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-06 14:27:27
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-06 14:27:54
ComboFix-quarantined-files.txt 2008-03-06 13:27:51
ComboFix2.txt 2008-03-05 19:44:17

Voici le rapport hitjakthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:31:09, on 06/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
D:\Program Files\Notebook Hardware Control\nhc.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\SuperCopier\SuperCopier.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
D:\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
E:\Travail\PortableApps\FirefoxPortable\App\firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {05673812-7650-4DDF-AEB1-0C0021AAE0C8} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0FAAEB63-B537-41E4-B057-09D53645121F} - (no file)
O2 - BHO: (no name) - {2BD91080-33F5-4386-B00E-1FCF6E04D65F} - (no file)
O2 - BHO: (no name) - {30852797-0F09-42A0-8340-3E169A7A3C01} - (no file)
O2 - BHO: (no name) - {3AA83C2D-8C0B-4670-84C8-355518A2A664} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {67DD68CE-8163-418F-A001-05012A54525A} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {88FCBA94-DB29-4BA2-8186-1703480A5024} - (no file)
O2 - BHO: (no name) - {8f4120fc-a753-4cb9-96e6-4c80ea5eab91} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AB7A56BD-72B9-430A-BFAA-138653D4B533} - (no file)
O2 - BHO: (no name) - {C9706E13-38A1-4956-90C3-C172F890F752} - (no file)
O2 - BHO: (no name) - {DD7699E0-4D08-431E-A410-1A35085E12B5} - (no file)
O2 - BHO: (no name) - {EC916EB0-EEC9-412D-A384-8FEC9CA9A187} - (no file)
O2 - BHO: (no name) - {ED120D76-BF31-412C-A99B-783C6676E128} - (no file)
O2 - BHO: (no name) - {EDE5193C-C56E-40E6-A3F2-266ED70FF719} - (no file)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [NotebookHardwareControl] "D:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "D:\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier.exe] D:\Program Files\SuperCopier\SuperCopier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B3D8131-984E-41AD-86D9-F3E949A88B77}: NameServer = 192.168.1.1
O20 - Winlogon Notify: pmnmlkj - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: PDEngine - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7771 bytes

| Alerter

Répondre à wantmaster

Angeldark

6 Mars 2008 17:10:13

Re,

Fix les lignes dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES

O2 - BHO: (no name) - {05673812-7650-4DDF-AEB1-0C0021AAE0C8} - (no file)
O2 - BHO: (no name) - {0FAAEB63-B537-41E4-B057-09D53645121F} - (no file)
O2 - BHO: (no name) - {2BD91080-33F5-4386-B00E-1FCF6E04D65F} - (no file)
O2 - BHO: (no name) - {30852797-0F09-42A0-8340-3E169A7A3C01} - (no file)
O2 - BHO: (no name) - {3AA83C2D-8C0B-4670-84C8-355518A2A664} - (no file)
O2 - BHO: (no name) - {67DD68CE-8163-418F-A001-05012A54525A} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {88FCBA94-DB29-4BA2-8186-1703480A5024} - (no file)
O2 - BHO: (no name) - {8f4120fc-a753-4cb9-96e6-4c80ea5eab91} - (no file)
O2 - BHO: (no name) - {AB7A56BD-72B9-430A-BFAA-138653D4B533} - (no file)
O2 - BHO: (no name) - {C9706E13-38A1-4956-90C3-C172F890F752} - (no file)
O2 - BHO: (no name) - {DD7699E0-4D08-431E-A410-1A35085E12B5} - (no file)
O2 - BHO: (no name) - {EC916EB0-EEC9-412D-A384-8FEC9CA9A187} - (no file)
O2 - BHO: (no name) - {ED120D76-BF31-412C-A99B-783C6676E128} - (no file)
O2 - BHO: (no name) - {EDE5193C-C56E-40E6-A3F2-266ED70FF719} - (no file)

| Alerter

Répondre à Angeldark

Tom's guide dans le monde