Besoin d'aide : virus Virtumonde.FP appliqué C:\WINDOWS\system32\ddcyx
Dernière réponse : dans Sécurité
Bonjour à tous.
Depuis quelques jours mon antivirus (nod32) détecte un virus et n'arrive pas à l'isoler n'y à le neutraliser. Le rapport de Nod32 est :
Virus détecté en mémoire: application Win32/Adware.Virtumonde.FP. Infection de la mémoire système originaire du fichierC:\WINDOWS\system32\ddcyx.dll.
Si quelqu'un pourrait m'aider... plz
Depuis quelques jours mon antivirus (nod32) détecte un virus et n'arrive pas à l'isoler n'y à le neutraliser. Le rapport de Nod32 est :
Virus détecté en mémoire: application Win32/Adware.Virtumonde.FP. Infection de la mémoire système originaire du fichierC:\WINDOWS\system32\ddcyx.dll.
Si quelqu'un pourrait m'aider... plz
Autres pages sur : besoin aide virus virtumonde applique windows system32 ddcyx
Lassé par la pub ? Créez un compte
Bonjour,
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]
Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double clique sur combofix.exe afin de le lancer.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]
Voilà le contrendu :
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.647 [GMT 2:00]
Endroit: C:\Documents and Settings\Nico\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
* Resident AV is active
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Helper
C:\WINDOWS\BM03fead00.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cbxuuts.dll
C:\WINDOWS\system32\ddcyx.dll
C:\WINDOWS\system32\ddeeg.ini
C:\WINDOWS\system32\ddeeg.ini2
C:\WINDOWS\system32\fqxtbloh.dll
C:\WINDOWS\system32\gvuevmst.dll
C:\WINDOWS\system32\holbtxqf.ini
C:\WINDOWS\system32\holbtxqf.ini2
C:\WINDOWS\system32\jpiohtcm.dll
C:\WINDOWS\system32\klkkj.ini2
C:\WINDOWS\system32\mcluiayk.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\msjtrkks.ini
C:\WINDOWS\system32\oqstv.ini
C:\WINDOWS\system32\oqstv.ini2
C:\WINDOWS\system32\pmdimykw.ini
C:\WINDOWS\system32\pstwa.ini
C:\WINDOWS\system32\pstwa.ini2
C:\WINDOWS\system32\skkrtjsm.dll
C:\WINDOWS\system32\tmdknhry.dll
C:\WINDOWS\system32\tsmveuvg.ini
C:\WINDOWS\system32\ttutv.ini
C:\WINDOWS\system32\ttutv.ini2
C:\WINDOWS\system32\ungqdvle.dll
C:\WINDOWS\system32\wkymidmp.dll
C:\WINDOWS\system32\xycdd.ini
C:\WINDOWS\system32\xycdd.ini2
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-09 to 2008-04-09 ))))))))))))))))))))))))))))))))))))
.
2008-04-06 18:11 . 2008-04-06 18:11 202,752 --a------ C:\WINDOWS\cndr32a.dll
2008-04-06 18:11 . 2008-04-07 23:04 48 --a------ C:\smp.bat
2008-04-02 15:08 . 2008-04-02 15:08 1,598,885 ---hs---- C:\WINDOWS\system32\rxlholpc.ini
2008-03-31 19:18 . 2008-03-31 21:30 1,597,234 ---hs---- C:\WINDOWS\system32\thvwdevp.ini
2008-03-30 19:57 . 2008-03-30 19:57 1,583,637 ---hs---- C:\WINDOWS\system32\veebisci.ini
2008-03-30 18:08 . 2008-03-30 18:14 1,583,697 ---hs---- C:\WINDOWS\system32\denucunx.ini
2008-03-30 14:24 . 2006-07-23 14:34 194,073 --a------ C:\WINDOWS\patcher.exe
2008-03-30 14:19 . 2008-03-30 14:19 1,583,637 ---hs---- C:\WINDOWS\system32\nyujocnb.ini
2008-03-29 14:33 . 2008-03-29 14:33 1,583,637 ---hs---- C:\WINDOWS\system32\fnrhiqhp.ini
2008-03-28 18:21 . 2008-03-28 18:21 1,584,019 ---hs---- C:\WINDOWS\system32\cckphbwq.ini
2008-03-28 17:12 . 2008-03-28 17:13 1,583,959 ---hs---- C:\WINDOWS\system32\vtgnjiim.ini
2008-03-27 20:36 . 2008-03-27 19:58 1,583,550 --ahs---- C:\WINDOWS\system32\bhkgiwli.ini
2008-03-27 19:58 . 2008-03-27 20:36 1,583,169 ---hs---- C:\WINDOWS\system32\casarmce.ini
2008-03-27 19:49 . 2008-03-27 19:50 <REP> d-------- C:\Program Files\Windows Live
2008-03-27 19:49 . 2008-03-27 19:49 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-27 19:48 . 2008-03-27 19:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-24 18:02 . 2008-03-24 18:02 <REP> d-------- C:\Program Files\PowerQuest
2008-03-21 17:59 . 2008-03-21 17:59 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-03-21 17:59 . 2008-03-21 17:59 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-03-21 17:59 . 2008-03-21 17:59 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-03-21 13:33 . 2008-03-21 15:01 32,764 --a------ C:\WINDOWS\17PHolmes2000351.exe
2008-03-21 13:32 . 2008-03-30 20:00 53,692 --a------ C:\Program Files\serial.dat
2008-03-21 13:29 . 2006-10-07 21:44 424,136 --a------ C:\WINDOWS\system32\wunauclt.exe
2008-03-21 13:29 . 2006-10-07 21:44 424,136 --a------ C:\Program Files\wunauclt.exe
2008-03-19 19:28 . 2008-03-19 19:28 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-19 19:28 . 2008-03-19 19:28 <REP> d-------- C:\Documents and Settings\Nico\Application Data\SUPERAntiSpyware.com
2008-03-19 19:28 . 2008-03-19 19:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-19 14:10 . 2008-03-19 14:16 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-19 14:09 . 2008-03-19 20:20 <REP> d-------- C:\Program Files\NetProject
2008-03-19 13:33 . 2008-03-19 13:33 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
2008-03-12 21:25 . 2008-03-12 21:25 57,344 --a------ C:\WINDOWS\dr.exe
2008-03-10 21:29 . 2008-04-08 17:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-10 21:29 . 2008-03-10 21:29 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-09 19:37 . 2008-03-09 19:37 <REP> d-------- C:\Program Files\DAEMON Tools
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 12:02 --------- d-----w C:\Documents and Settings\Nico\Application Data\OpenOffice.org2
2008-04-09 11:48 --------- d-----w C:\Program Files\Wanadoo
2008-04-03 19:05 --------- d-----w C:\Documents and Settings\Nico\Application Data\uTorrent
2008-03-24 19:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-21 16:07 --------- d-----w C:\Program Files\ESET
2008-03-19 17:27 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-18 12:23 --------- d-----w C:\Program Files\AviSynth 2.5
2008-03-15 14:57 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-03-14 18:47 --------- d-----w C:\Program Files\Java
2008-03-09 13:08 639,224 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-03-08 07:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-02-26 17:19 --------- d-----w C:\Program Files\DomPlayer
2006-10-07 20:54 390,023 --sha-r C:\Program Files\wunauclt.tbe
2006-08-27 15:38 1,015,973 --sha-r C:\Program Files\serial.zip
2006-08-27 15:38 1,015,973 --sha-r C:\Program Files\serial.tde
2006-08-27 15:19 56,239 ----a-w C:\Program Files\svchosts.tbe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [ ]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 19:23 102400]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [ ]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 13:06 196608]
"DomPlayer Service"="C:\Program Files\DomPlayer\wakeservice.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 17:03 1481968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-03-09 16:29 7561216]
"nwiz"="nwiz.exe" [2006-03-09 16:29 1519616 C:\WINDOWS\system32\nwiz.exe]
"WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [2007-10-27 13:06 24576]
"MessagerStarter Wanadoo"="C:\PROGRA~1\MESSAG~1\StartMessager.exe" [2007-10-27 13:06 32768]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2007-10-27 13:07 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2007-10-27 13:07 53248]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 16:42 1404928]
"QuickTime Task"="E:\utils\QuickTime\qttask.exe" [2007-10-19 20:16 286720]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 12:52 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 13:31 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 13:24 217088]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"adiras"="adiras.exe" []
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-03-09 16:29 86016]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
"I downloaded pirated Software from P2P"="Warhammer 40K Dawn of War Dark Crusade" []
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-21 17:59 949376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 17:09 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{9d19a1a9-3cdf-4f15-a5ca-ea3905febded}"= C:\WINDOWS\system32\wcscqa.dll [ ]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxuuts]
cbxuuts.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"E:\\utils\\eMule\\emule.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"E:\\Games\\JEUX\\Dawn Of War\\W40kWA.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25:TCP"= 25:TCP:192.168.0.0/255.255.255.0:Enabled:eliz
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\AutoPlay.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5af0d51-d7ed-11dc-9c53-4d6564696130}]
\Shell\AutoRun\command - powerpnt.exe /S "IXOvoeux2008.ppt"
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-03-20 10:33:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-21 19:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-03-21 13:00:36 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\user32.exe
"2008-03-28 19:00:00 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-03-28 16:51:32 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-03-28 16:51:32 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-03-28 19:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-03-28 16:55:45 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-03-28 16:55:45 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-03-30 12:24:53 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-03-30 18:00:00 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-03-30 12:24:55 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-03-21 11:29:27 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-03-21 14:28:11 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-03-21 19:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-03-21 13:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-03-21 11:31:58 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-03-21 11:32:49 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\dr.exe
"2008-03-21 11:32:49 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\user32.exe
"2008-03-21 13:00:36 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\dr.exe
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 14:02:55
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-09 14:04:51 - machine was rebooted [Nico]
ComboFix-quarantined-files.txt 2008-04-09 12:04:35
Pre-Run: 1,553,567,744 octets libres
Post-Run: 1,862,176,768 octets libres
.
2008-03-11 21:49:22 --- E O F ---
Citation :
ComboFix 08-04-08.9 - Nico 2008-04-09 13:57:05.1 - NTFSx86Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.647 [GMT 2:00]
Endroit: C:\Documents and Settings\Nico\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
* Resident AV is active
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Helper
C:\WINDOWS\BM03fead00.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cbxuuts.dll
C:\WINDOWS\system32\ddcyx.dll
C:\WINDOWS\system32\ddeeg.ini
C:\WINDOWS\system32\ddeeg.ini2
C:\WINDOWS\system32\fqxtbloh.dll
C:\WINDOWS\system32\gvuevmst.dll
C:\WINDOWS\system32\holbtxqf.ini
C:\WINDOWS\system32\holbtxqf.ini2
C:\WINDOWS\system32\jpiohtcm.dll
C:\WINDOWS\system32\klkkj.ini2
C:\WINDOWS\system32\mcluiayk.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\msjtrkks.ini
C:\WINDOWS\system32\oqstv.ini
C:\WINDOWS\system32\oqstv.ini2
C:\WINDOWS\system32\pmdimykw.ini
C:\WINDOWS\system32\pstwa.ini
C:\WINDOWS\system32\pstwa.ini2
C:\WINDOWS\system32\skkrtjsm.dll
C:\WINDOWS\system32\tmdknhry.dll
C:\WINDOWS\system32\tsmveuvg.ini
C:\WINDOWS\system32\ttutv.ini
C:\WINDOWS\system32\ttutv.ini2
C:\WINDOWS\system32\ungqdvle.dll
C:\WINDOWS\system32\wkymidmp.dll
C:\WINDOWS\system32\xycdd.ini
C:\WINDOWS\system32\xycdd.ini2
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-09 to 2008-04-09 ))))))))))))))))))))))))))))))))))))
.
2008-04-06 18:11 . 2008-04-06 18:11 202,752 --a------ C:\WINDOWS\cndr32a.dll
2008-04-06 18:11 . 2008-04-07 23:04 48 --a------ C:\smp.bat
2008-04-02 15:08 . 2008-04-02 15:08 1,598,885 ---hs---- C:\WINDOWS\system32\rxlholpc.ini
2008-03-31 19:18 . 2008-03-31 21:30 1,597,234 ---hs---- C:\WINDOWS\system32\thvwdevp.ini
2008-03-30 19:57 . 2008-03-30 19:57 1,583,637 ---hs---- C:\WINDOWS\system32\veebisci.ini
2008-03-30 18:08 . 2008-03-30 18:14 1,583,697 ---hs---- C:\WINDOWS\system32\denucunx.ini
2008-03-30 14:24 . 2006-07-23 14:34 194,073 --a------ C:\WINDOWS\patcher.exe
2008-03-30 14:19 . 2008-03-30 14:19 1,583,637 ---hs---- C:\WINDOWS\system32\nyujocnb.ini
2008-03-29 14:33 . 2008-03-29 14:33 1,583,637 ---hs---- C:\WINDOWS\system32\fnrhiqhp.ini
2008-03-28 18:21 . 2008-03-28 18:21 1,584,019 ---hs---- C:\WINDOWS\system32\cckphbwq.ini
2008-03-28 17:12 . 2008-03-28 17:13 1,583,959 ---hs---- C:\WINDOWS\system32\vtgnjiim.ini
2008-03-27 20:36 . 2008-03-27 19:58 1,583,550 --ahs---- C:\WINDOWS\system32\bhkgiwli.ini
2008-03-27 19:58 . 2008-03-27 20:36 1,583,169 ---hs---- C:\WINDOWS\system32\casarmce.ini
2008-03-27 19:49 . 2008-03-27 19:50 <REP> d-------- C:\Program Files\Windows Live
2008-03-27 19:49 . 2008-03-27 19:49 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-27 19:48 . 2008-03-27 19:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-24 18:02 . 2008-03-24 18:02 <REP> d-------- C:\Program Files\PowerQuest
2008-03-21 17:59 . 2008-03-21 17:59 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-03-21 17:59 . 2008-03-21 17:59 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-03-21 17:59 . 2008-03-21 17:59 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-03-21 13:33 . 2008-03-21 15:01 32,764 --a------ C:\WINDOWS\17PHolmes2000351.exe
2008-03-21 13:32 . 2008-03-30 20:00 53,692 --a------ C:\Program Files\serial.dat
2008-03-21 13:29 . 2006-10-07 21:44 424,136 --a------ C:\WINDOWS\system32\wunauclt.exe
2008-03-21 13:29 . 2006-10-07 21:44 424,136 --a------ C:\Program Files\wunauclt.exe
2008-03-19 19:28 . 2008-03-19 19:28 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-19 19:28 . 2008-03-19 19:28 <REP> d-------- C:\Documents and Settings\Nico\Application Data\SUPERAntiSpyware.com
2008-03-19 19:28 . 2008-03-19 19:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-19 14:10 . 2008-03-19 14:16 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-19 14:09 . 2008-03-19 20:20 <REP> d-------- C:\Program Files\NetProject
2008-03-19 13:33 . 2008-03-19 13:33 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
2008-03-12 21:25 . 2008-03-12 21:25 57,344 --a------ C:\WINDOWS\dr.exe
2008-03-10 21:29 . 2008-04-08 17:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-10 21:29 . 2008-03-10 21:29 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-09 19:37 . 2008-03-09 19:37 <REP> d-------- C:\Program Files\DAEMON Tools
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 12:02 --------- d-----w C:\Documents and Settings\Nico\Application Data\OpenOffice.org2
2008-04-09 11:48 --------- d-----w C:\Program Files\Wanadoo
2008-04-03 19:05 --------- d-----w C:\Documents and Settings\Nico\Application Data\uTorrent
2008-03-24 19:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-21 16:07 --------- d-----w C:\Program Files\ESET
2008-03-19 17:27 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-18 12:23 --------- d-----w C:\Program Files\AviSynth 2.5
2008-03-15 14:57 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-03-14 18:47 --------- d-----w C:\Program Files\Java
2008-03-09 13:08 639,224 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-03-08 07:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-02-26 17:19 --------- d-----w C:\Program Files\DomPlayer
2006-10-07 20:54 390,023 --sha-r C:\Program Files\wunauclt.tbe
2006-08-27 15:38 1,015,973 --sha-r C:\Program Files\serial.zip
2006-08-27 15:38 1,015,973 --sha-r C:\Program Files\serial.tde
2006-08-27 15:19 56,239 ----a-w C:\Program Files\svchosts.tbe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [ ]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 19:23 102400]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [ ]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 13:06 196608]
"DomPlayer Service"="C:\Program Files\DomPlayer\wakeservice.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 17:03 1481968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-03-09 16:29 7561216]
"nwiz"="nwiz.exe" [2006-03-09 16:29 1519616 C:\WINDOWS\system32\nwiz.exe]
"WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [2007-10-27 13:06 24576]
"MessagerStarter Wanadoo"="C:\PROGRA~1\MESSAG~1\StartMessager.exe" [2007-10-27 13:06 32768]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2007-10-27 13:07 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2007-10-27 13:07 53248]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 16:42 1404928]
"QuickTime Task"="E:\utils\QuickTime\qttask.exe" [2007-10-19 20:16 286720]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 12:52 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 13:31 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 13:24 217088]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"adiras"="adiras.exe" []
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-03-09 16:29 86016]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
"I downloaded pirated Software from P2P"="Warhammer 40K Dawn of War Dark Crusade" []
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-21 17:59 949376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 17:09 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{9d19a1a9-3cdf-4f15-a5ca-ea3905febded}"= C:\WINDOWS\system32\wcscqa.dll [ ]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxuuts]
cbxuuts.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"E:\\utils\\eMule\\emule.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"E:\\Games\\JEUX\\Dawn Of War\\W40kWA.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25:TCP"= 25:TCP:192.168.0.0/255.255.255.0:Enabled:eliz
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\AutoPlay.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5af0d51-d7ed-11dc-9c53-4d6564696130}]
\Shell\AutoRun\command - powerpnt.exe /S "IXOvoeux2008.ppt"
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-03-20 10:33:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-21 19:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-03-21 13:00:36 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\user32.exe
"2008-03-28 19:00:00 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-03-28 16:51:32 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-03-28 16:51:32 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-03-28 19:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-03-28 16:55:45 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-03-28 16:55:45 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-03-30 12:24:53 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-03-30 18:00:00 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-03-30 12:24:55 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-03-21 11:29:27 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-03-21 14:28:11 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-03-21 19:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-03-21 13:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-03-21 11:31:58 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-03-21 11:32:49 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\dr.exe
"2008-03-21 11:32:49 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\user32.exe
"2008-03-21 13:00:36 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\dr.exe
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 14:02:55
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-09 14:04:51 - machine was rebooted [Nico]
ComboFix-quarantined-files.txt 2008-04-09 12:04:35
Pre-Run: 1,553,567,744 octets libres
Post-Run: 1,862,176,768 octets libres
.
2008-03-11 21:49:22 --- E O F ---
On va continuer notre nettoyage ![:)]( ":)")
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Désolé pour ma réponse tardive, mais grosse fête obligeai. ![:ange:]( ":ange:")
Voilà la rapport de MlwareByte's :
Malwarebytes' Anti-Malware 1.11
Version de la base de données: 603
Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 112348
Temps écoulé: 3 hour(s), 8 minute(s), 49 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 16
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 12
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{48d78be5-cfb9-4b66-9ac4-96d4cf21de06} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{74d46bba-5638-473a-83b6-97e7804a7411} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cndr32a.video (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{38e4618f-e3e4-42e9-925f-6b02c798bd94} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{38e4618f-e3e4-42e9-925f-6b02c798bd94} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9d19a1a9-3cdf-4f15-a5ca-ea3905febded} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{9d19a1a9-3cdf-4f15-a5ca-ea3905febded} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\cndr32a.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ungqdvle.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8FE1429-16DD-435C-8764-53ABBA085DFD}\RP85\A0018818.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8FE1429-16DD-435C-8764-53ABBA085DFD}\RP86\A0018887.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8FE1429-16DD-435C-8764-53ABBA085DFD}\RP93\A0021296.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\sbun.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\scu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\waun.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\17PHolmes2000351.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nico\Favoris\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
PS : Je sais pas si ça peut influencer les manœuvres mais mon pc à effectuée une mise à jour automatique.
Merci tout de même Mr, l'Ange Sombre !
Voilà la rapport de MlwareByte's :
Citation :
Malwarebytes' Anti-Malware 1.11
Version de la base de données: 603
Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 112348
Temps écoulé: 3 hour(s), 8 minute(s), 49 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 16
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 12
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{48d78be5-cfb9-4b66-9ac4-96d4cf21de06} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{74d46bba-5638-473a-83b6-97e7804a7411} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cndr32a.video (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{38e4618f-e3e4-42e9-925f-6b02c798bd94} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{38e4618f-e3e4-42e9-925f-6b02c798bd94} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9d19a1a9-3cdf-4f15-a5ca-ea3905febded} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{9d19a1a9-3cdf-4f15-a5ca-ea3905febded} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\cndr32a.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ungqdvle.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8FE1429-16DD-435C-8764-53ABBA085DFD}\RP85\A0018818.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8FE1429-16DD-435C-8764-53ABBA085DFD}\RP86\A0018887.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8FE1429-16DD-435C-8764-53ABBA085DFD}\RP93\A0021296.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\sbun.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\scu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\waun.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\17PHolmes2000351.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nico\Favoris\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
PS : Je sais pas si ça peut influencer les manœuvres mais mon pc à effectuée une mise à jour automatique.
Merci tout de même Mr, l'Ange Sombre !
Ah je crois avoir trouvé ![:whistle:]( ":whistle:")
... C'est la bonne version ?
Scan saved at 09:40:01, on 11/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\utils\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P] Warhammer 40K Dawn of War Dark Crusade
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [DomPlayer Service] C:\Program Files\DomPlayer\wakeservice.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6F1C64B-A629-4FE8-A0B9-9B43CA25AB9F}: NameServer = 81.253.149.1 80.10.246.3
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: cbxuuts - cbxuuts.dll (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 6718 bytes
... C'est la bonne version ?Citation :
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 09:40:01, on 11/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\utils\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P] Warhammer 40K Dawn of War Dark Crusade
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [DomPlayer Service] C:\Program Files\DomPlayer\wakeservice.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6F1C64B-A629-4FE8-A0B9-9B43CA25AB9F}: NameServer = 81.253.149.1 80.10.246.3
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: cbxuuts - cbxuuts.dll (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 6718 bytes
Re,
Ton pc se comporte mieux ?
Fix les lignes dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES
Supprime :
C:\Program Files\DomPlayer
Ton pc se comporte mieux ?
Fix les lignes dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P] Warhammer 40K Dawn of War Dark Crusade
O4 - HKCU\..\Run: [DomPlayer Service] C:\Program Files\DomPlayer\wakeservice.exe
O20 - Winlogon Notify: cbxuuts - cbxuuts.dll (file missing)
O4 - HKCU\..\Run: [DomPlayer Service] C:\Program Files\DomPlayer\wakeservice.exe
O20 - Winlogon Notify: cbxuuts - cbxuuts.dll (file missing)
Supprime :
C:\Program Files\DomPlayer
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumC windows system32 installer
- ForumC windows system32 .
- ForumC windows system32 dllhost.exe
- ForumC windows system32 fsusbexdisk.sys
- ForumC windows system32 rundll32.exe application introuvable
- ForumC windows system32 msdt.exe
- ForumC windows system32 lsass.exe
- ForumC windows system32 fservice.exe
- ForumC windows system32 srvany.exe
- ForumC windows system32 muzapp.exe
- Voir plus
