Bonjour à tous !
Donc voilà j'arrive chez un pote pour lui nettoyer son pc.
il a norton son beau-père le paye avec club internet et il veut pas que je l'enlève tout de suite. -_-
Je voulais bien eviddemtent mettre antivir.
Bon je m'en sorirais jamais tout seul il rame et il est bourré de processus.
Premier log hij :
C:\WINDOWS\system32\rundll32.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WMAAD] C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Itch ford four knob] C:\Documents and Settings\All Users\Application Data\third lies itch ford\blah up.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [BM4bf600bf] Rundll32.exe "C:\WINDOWS\system32\nxdfxyyl.dll",s
O4 - HKLM\..\Run: [48c53323] rundll32.exe "C:\WINDOWS\system32\wpegotmt.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Transfert par Image Converter 3 - C:\PROGRAM FILES\SONY\IMAGE CONVERTER 3\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 11884 bytes
Merci les Helpers ! ! =)
xD
maxou
Le tuto de l'été,rafraichir son PC
bonsoir
(le log est incomplet, veille à poster les prochains rapports en entier 
)
infection Vundo
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
- Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
- Afin de lancer la recherche, clic sur"Rechercher".
- Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
AIDE : Tuto en images sur MBAM
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
Merci bcp, je garde le link de mon post et dès que je retourne chez mon pote je vous tient au courant, merci.
Le tuto de l'été,rafraichir son PC
Répondre à tetar159
ok
fais vite car il y aura d'autres choses à faire,
le plus simple serait qu'il s'inscrive ici
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
Mercredi prochain car ce week-end il est pas là donc voilà .... Merci mais lui il est vrmt nul ..
Le tuto de l'été,rafraichir son PC
Répondre à tetar159
Je suis là toute cette aprem, je viens de DL l'antispy de l'install et j'ai fait la MAJ, je vais mangé et je boot en mse et je suis les instructions.
Merci à tte
Le tuto de l'été,rafraichir son PC
Répondre à tetar159
Voilà le rapport :
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 793
Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Eléments examinés: 182195
Temps écoulé: 51 minute(s), 15 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 17
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 114
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\qoMfDVPF.dll (Adware.BHO) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3fbc26c-6ebf-408b-9a55-4458cc035c01} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3fbc26c-6ebf-408b-9a55-4458cc035c01} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f4946dd8-fe19-4120-955d-28a345235ae9} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f4946dd8-fe19-4120-955d-28a345235ae9} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Adware.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Adware.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qomfdvpf (Adware.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{eb9aaccb-3b25-41d5-83f5-58855b2138ba} (Trojan.vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eb9aaccb-3b25-41d5-83f5-58855b2138ba} (Trojan.vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\48c53323 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Adware.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM4bf600bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\tuvvtulk.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\tuvvtulk.dll -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\awtqpNDW.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WDNpqtwa.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WDNpqtwa.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXNFXnm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mnXFNXbc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mnXFNXbc.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnoMfFX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\XFfMonnn.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\XFfMonnn.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\osfcgyio.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oiygcfso.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnonNeD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DeNnonmp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DeNnonmp.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMeFYqR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\RqYFeMoq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\RqYFeMoq.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvUKayx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xyaKUvut.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xyaKUvut.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvvtUlK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\KlUtvvut.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\KlUtvvut.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxyaaYoM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MoYaayxx.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MoYaayxx.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMfDVPF.dll (Adware.BHO) -> Delete on reboot.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP134\A0018453.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP134\A0018455.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP134\A0018457.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP134\A0019421.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP134\A0019445.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP135\A0019516.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP135\A0019518.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP135\A0019662.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP135\A0019673.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP140\A0021922.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP141\A0021968.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP142\A0024028.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP142\A0024031.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP142\A0024993.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP143\A0025042.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP144\A0026059.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP145\A0026119.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP145\A0026121.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP145\A0026122.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP145\A0026124.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP145\A0026125.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP145\A0026126.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP145\A0026127.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP145\A0026128.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP145\A0026129.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP145\A0026133.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP145\A0026134.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP145\A0026135.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP145\A0026138.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP145\A0026141.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP145\A0026143.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP145\A0026147.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP145\A0026149.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP145\A0026152.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP149\A0026725.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP149\A0026727.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP151\A0026794.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP151\A0026795.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP151\A0026797.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP151\A0026798.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP151\A0026800.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP151\A0026801.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP151\A0026802.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP151\A0026806.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP151\A0026807.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP151\A0026808.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP151\A0026810.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP151\A0026813.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP151\A0026814.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP151\A0026815.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP151\A0026816.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP151\A0026818.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP151\A0026819.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP151\A0026820.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP151\A0026821.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP151\A0026822.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP151\A0026823.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP151\A0026824.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP151\A0026825.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP151\A0026828.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP151\A0026829.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP151\A0026834.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP151\A0026837.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP151\A0026839.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP151\A0026842.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP151\A0026843.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP151\A0026844.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP151\A0026846.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP151\A0026848.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP151\A0026849.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP151\A0026850.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP151\A0026852.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP151\A0026853.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP151\A0026854.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP151\A0026855.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP151\A0026857.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP155\A0028147.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP155\A0028176.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP161\A0030473.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP162\A0030515.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP162\A0031515.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gkhhbltj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\KCMDNIns.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rhejlyig.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hthbpahd.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pwborpir.dll (Trojan.vundo) -> Quarantined and deleted successfully.
Le tuto de l'été,rafraichir son PC
Répondre à tetar159
J'ai enfin viré Norton et j'ai mis AntiVir sauf que je l'ai désactivé parce que j'ai tout le temps les advertissement que mon pc est infecté par Vundo Agent etc ... Dc vundo n'a pas l'air d'être parti !
up
Le tuto de l'été,rafraichir son PC
Répondre à tetar159
re
je t'avais dit de faire vite...
pour antivir, on l'aurait mis en fin de désinfection, pas avant...
Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport
\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"
viens sur le forum et édition "coller"
ajoute un nouveau rapport Hijackthis.
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
RAPPORT COMBOFIX :
ComboFix 08-05-27.4 - amaury 2008-05-28 16:29:47.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.794 [GMT 2:00]
Endroit: C:\Documents and Settings\amaury\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM4bf600bf.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aqdwfcpj.ini
C:\WINDOWS\system32\axhbywhm.dll
C:\WINDOWS\system32\BcJRCeLm.ini
C:\WINDOWS\system32\BcJRCeLm.ini2
C:\WINDOWS\system32\BKSrqtwa.ini
C:\WINDOWS\system32\BKSrqtwa.ini2
C:\WINDOWS\system32\bkssentq.ini
C:\WINDOWS\system32\bldpfeef.ini
C:\WINDOWS\system32\cJSsrXyb.ini
C:\WINDOWS\system32\cJSsrXyb.ini2
C:\WINDOWS\system32\ckqbcmpa.dll
C:\WINDOWS\system32\CMoqYGgh.ini
C:\WINDOWS\system32\CMoqYGgh.ini2
C:\WINDOWS\system32\dlhyppax.dll
C:\WINDOWS\system32\dnxirjwi.dll
C:\WINDOWS\system32\dospskvv.ini
C:\WINDOWS\system32\dqvmidfm.ini
C:\WINDOWS\system32\duybwsne.ini
C:\WINDOWS\system32\EMmSAJjl.ini
C:\WINDOWS\system32\EMmSAJjl.ini2
C:\WINDOWS\system32\fhrlesqu.ini
C:\WINDOWS\system32\fkkbinll.dll
C:\WINDOWS\system32\fLnTCJlm.ini
C:\WINDOWS\system32\fLnTCJlm.ini2
C:\WINDOWS\system32\hgGxXqOI.dll
C:\WINDOWS\system32\hjbhnhge.ini
C:\WINDOWS\system32\hndrsblt.ini
C:\WINDOWS\system32\iexrnpcm.dll
C:\WINDOWS\system32\iipvfise.ini
C:\WINDOWS\system32\ikhqoamt.dll
C:\WINDOWS\system32\IOqXxGgh.ini
C:\WINDOWS\system32\IOqXxGgh.ini2
C:\WINDOWS\system32\iwinthyi.exe
C:\WINDOWS\system32\jetutujr.ini
C:\WINDOWS\system32\jfwfranm.dll
C:\WINDOWS\system32\jjhclxkn.ini
C:\WINDOWS\system32\jkgjoemg.ini
C:\WINDOWS\system32\JPXFPqss.ini
C:\WINDOWS\system32\JPXFPqss.ini2
C:\WINDOWS\system32\jxwgowmg.ini
C:\WINDOWS\system32\jyjhodce.dll
C:\WINDOWS\system32\kjcvxnqe.dll
C:\WINDOWS\system32\kjkxaiqp.dll
C:\WINDOWS\system32\kQqBHkkj.ini
C:\WINDOWS\system32\kQqBHkkj.ini2
C:\WINDOWS\system32\kuyqqaan.exe
C:\WINDOWS\system32\kvilsluv.ini
C:\WINDOWS\system32\kvlnhwfl.ini
C:\WINDOWS\system32\kxktlwvh.exe
C:\WINDOWS\system32\lefwuddo.dll
C:\WINDOWS\system32\lnmmnqru.ini
C:\WINDOWS\system32\lnmmnqru.ini2
C:\WINDOWS\system32\LVvwEfhk.ini
C:\WINDOWS\system32\LVvwEfhk.ini2
C:\WINDOWS\system32\lyrfhkqb.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mVCMlRqr.ini
C:\WINDOWS\system32\mVCMlRqr.ini2
C:\WINDOWS\system32\MVEKlkkj.ini
C:\WINDOWS\system32\MVEKlkkj.ini2
C:\WINDOWS\system32\mykgmfse.ini
C:\WINDOWS\system32\nmUtAJlm.ini
C:\WINDOWS\system32\nmUtAJlm.ini2
C:\WINDOWS\system32\npamrgkg.ini
C:\WINDOWS\system32\nxdfxyyl.dll
C:\WINDOWS\system32\nydqqytm.ini
C:\WINDOWS\system32\ocmuwfkj.dll
C:\WINDOWS\system32\olbqegbh.exe
C:\WINDOWS\system32\omyuqxhs.exe
C:\WINDOWS\system32\opqnfxuo.ini
C:\WINDOWS\system32\orphhiof.dll
C:\WINDOWS\system32\ourbdqbt.dll
C:\WINDOWS\system32\pafamloc.dll
C:\WINDOWS\system32\pqqsxewx.ini
C:\WINDOWS\system32\qaprxibs.ini
C:\WINDOWS\system32\qjfhyqfy.ini
C:\WINDOWS\system32\qriwftwc.dll
C:\WINDOWS\system32\QsYyyccf.ini
C:\WINDOWS\system32\QsYyyccf.ini2
C:\WINDOWS\system32\qWxGQXyb.ini
C:\WINDOWS\system32\qWxGQXyb.ini2
C:\WINDOWS\system32\rroxtxxx.exe
C:\WINDOWS\system32\rwebbcev.ini
C:\WINDOWS\system32\rXxFNqru.ini
C:\WINDOWS\system32\rXxFNqru.ini2
C:\WINDOWS\system32\saujhdgi.ini
C:\WINDOWS\system32\sghuxeve.dll
C:\WINDOWS\system32\SuFhRqru.ini
C:\WINDOWS\system32\SuFhRqru.ini2
C:\WINDOWS\system32\svnwbfmv.ini
C:\WINDOWS\system32\TCeOUvut.ini
C:\WINDOWS\system32\TCeOUvut.ini2
C:\WINDOWS\system32\tgmqrvrx.dll
C:\WINDOWS\system32\tmtogepw.ini
C:\WINDOWS\system32\tngklhaf.ini
C:\WINDOWS\system32\ulkemqlf.ini
C:\WINDOWS\system32\uvbatxft.dll
C:\WINDOWS\system32\uvothjdt.ini
C:\WINDOWS\system32\uxbLmUtv.ini
C:\WINDOWS\system32\uxbLmUtv.ini2
C:\WINDOWS\system32\virvdacs.exe
C:\WINDOWS\system32\vodwpwrn.ini
C:\WINDOWS\system32\vsruogmv.dll
C:\WINDOWS\system32\VxbHjjjl.ini
C:\WINDOWS\system32\VxbHjjjl.ini2
C:\WINDOWS\system32\wabunlqk.ini
C:\WINDOWS\system32\waGQstwa.ini
C:\WINDOWS\system32\waGQstwa.ini2
C:\WINDOWS\system32\wcsifieq.dll
C:\WINDOWS\system32\wcxiyxxg.exe
C:\WINDOWS\system32\wDeOoUtv.ini
C:\WINDOWS\system32\wDeOoUtv.ini2
C:\WINDOWS\system32\wGOrrBeg.ini
C:\WINDOWS\system32\wGOrrBeg.ini2
C:\WINDOWS\system32\wkiifibh.ini
C:\WINDOWS\system32\xappyhld.ini
C:\WINDOWS\system32\xkpyeqjm.dll
C:\WINDOWS\system32\xxdbaqds.ini
C:\WINDOWS\system32\ynfddgno.ini
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-28 to 2008-05-28 ))))))))))))))))))))))))))))))))))))
.
2008-05-28 15:38 . 2008-05-28 15:55 <REP> d-------- C:\VundoFix Backups
2008-05-28 15:14 . 2008-05-28 15:14 <REP> d-------- C:\Program Files\Avira
2008-05-28 15:14 . 2008-05-28 15:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-28 13:42 . 2008-05-28 13:42 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-05-28 12:34 . 2008-05-28 12:34 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-28 12:34 . 2008-05-28 12:34 <REP> d-------- C:\Documents and Settings\amaury\Application Data\Malwarebytes
2008-05-28 12:34 . 2008-05-28 12:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-28 12:34 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-28 12:34 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-28 12:22 . 2008-05-28 16:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-28 12:22 . 2008-05-28 12:22 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-22 12:39 . 2008-05-22 12:39 0 --a------ C:\WINDOWS\system32\wabunlqk.tmp
2008-05-21 13:58 . 2008-05-21 13:58 1,160 --a------ C:\WINDOWS\mozver.dat
2008-05-21 13:56 . 2008-05-21 13:56 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-21 13:34 . 2008-05-21 13:34 <REP> d-------- C:\Program Files\Trend Micro
2008-05-21 13:34 . 2008-05-21 13:34 <REP> d-------- C:\Program Files\CCleaner
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-28 14:35 --------- d-----w C:\Documents and Settings\amaury\Application Data\AdobeUM
2008-05-28 13:11 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-05-28 13:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-28 10:33 --------- d-----w C:\Program Files\Common Files
2008-05-23 17:03 --------- d-----w C:\Program Files\eMule
2008-04-28 18:13 --------- d-----w C:\Documents and Settings\amaury\Application Data\Gram View 4
2008-04-25 16:35 --------- d-----w C:\Program Files\Google
2008-04-25 16:35 --------- d-----w C:\Program Files\Club-Internet
2008-04-23 17:13 --------- d-----w C:\Program Files\VideoLAN
2008-04-23 17:12 --------- d-----w C:\Program Files\Java
2008-04-23 17:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-20 07:39 --------- d-----w C:\Documents and Settings\olivier\Application Data\Gram View 4
2008-04-02 11:36 --------- d-----w C:\Program Files\Gram View 4
2008-04-02 11:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\third lies itch ford
2008-04-02 11:35 --------- d-----w C:\Program Files\MSN Messenger
2008-04-02 11:35 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-30 08:39 26,800 ----a-w C:\WINDOWS\system32\qoMfDVPF.dll.vir
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2860096B-2FF3-4513-B114-92293EA1E62E}]
C:\WINDOWS\system32\ljjjHbxV.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ED89B8-7439-49BD-B5DC-7B7ED10D3E6B}]
C:\WINDOWS\system32\urqRhFuS.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6340D0E0-8411-4F2F-B577-0A1A9BAF12BF}]
C:\WINDOWS\system32\rqRlMCVm.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C7AD6D8-F646-41C2-9F59-8E06119E263C}]
C:\WINDOWS\system32\geBrrOGw.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{846FDF02-20AA-4FE5-BEF3-825C63F994A7}]
C:\WINDOWS\system32\urqnmmnl.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91F31C6B-746A-482F-A4D2-A46996EEE9E6}]
C:\WINDOWS\system32\ljJASmME.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9FD6801C-7476-498C-9785-0D827F52C8B5}]
C:\WINDOWS\system32\khfEwvVL.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AFE050BD-DE42-47BA-B787-FEBB1D6E1560}]
C:\WINDOWS\system32\vtUmLbxu.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8E056BD-0AF2-45B6-9019-80A9A64D9C6F}]
C:\WINDOWS\system32\fccyyYsQ.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F2C6A78A-1054-4E04-8120-AA1AE3A81129}]
C:\WINDOWS\system32\ssqPFXPJ.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FBAA178C-5D69-4CBF-BC22-A85A1F4DF381}]
C:\WINDOWS\system32\urqNFxXr.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 22:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 08:18 307200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01 67584]
"LaunchApp"="Alaunch" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-12 00:19 7626752]
"nwiz"="nwiz.exe" [2006-07-12 00:19 1519616 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 02:48 16208384 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 04:04 2879488 C:\WINDOWS\SkyTel.exe]
"ntiMUI"="c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 22:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 22:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 22:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 22:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 22:00 455168]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-12 00:19 86016]
"Acer Empowering Technology Monitor"="C:\WINDOWS\system32\SysMonitor.exe" [2006-04-18 19:54 49152]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 15:00 345088]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40 413696]
"StandardInstall"="" []
"EPSON Stylus CX3200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-07-01 05:05 74752]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]
"WMAAD"="C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe" [2007-02-16 19:41 110592]
"Itch ford four knob"="C:\Documents and Settings\All Users\Application Data\third lies itch ford\blah up.exe" [2008-05-28 16:37 5504000]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 22:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\Program Files\Fichiers communs\Sony Shared\VideoLib\sonydv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys [2006-04-07 20:17]
R3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys [2006-03-08 17:10]
S3 ICScsiSV;Image Converter SCSI Service;C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [2007-01-26 12:39]
S3 IcVzMonLauncher;IcVzMonLauncher;"C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe" [2007-01-26 12:38]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe [2007-01-26 12:38]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 11:38]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-10-15 14:12:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-26 18:00:16 C:\WINDOWS\Tasks\Norton Internet Security Online - Analyse système complète - olivier.job"
LoG HiJ :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:43, on 2008-05-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2860096B-2FF3-4513-B114-92293EA1E62E} - C:\WINDOWS\system32\ljjjHbxV.dll (file missing)
O2 - BHO: (no name) - {31ED89B8-7439-49BD-B5DC-7B7ED10D3E6B} - C:\WINDOWS\system32\urqRhFuS.dll (file missing)
O2 - BHO: (no name) - {6340D0E0-8411-4F2F-B577-0A1A9BAF12BF} - C:\WINDOWS\system32\rqRlMCVm.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7C7AD6D8-F646-41C2-9F59-8E06119E263C} - C:\WINDOWS\system32\geBrrOGw.dll (file missing)
O2 - BHO: (no name) - {846FDF02-20AA-4FE5-BEF3-825C63F994A7} - C:\WINDOWS\system32\urqnmmnl.dll (file missing)
O2 - BHO: (no name) - {91F31C6B-746A-482F-A4D2-A46996EEE9E6} - C:\WINDOWS\system32\ljJASmME.dll (file missing)
O2 - BHO: (no name) - {9FD6801C-7476-498C-9785-0D827F52C8B5} - C:\WINDOWS\system32\khfEwvVL.dll (file missing)
O2 - BHO: (no name) - {AFE050BD-DE42-47BA-B787-FEBB1D6E1560} - C:\WINDOWS\system32\vtUmLbxu.dll (file missing)
O2 - BHO: (no name) - {E8E056BD-0AF2-45B6-9019-80A9A64D9C6F} - C:\WINDOWS\system32\fccyyYsQ.dll (file missing)
O2 - BHO: (no name) - {F2C6A78A-1054-4E04-8120-AA1AE3A81129} - C:\WINDOWS\system32\ssqPFXPJ.dll (file missing)
O2 - BHO: (no name) - {FBAA178C-5D69-4CBF-BC22-A85A1F4DF381} - C:\WINDOWS\system32\urqNFxXr.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WMAAD] C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe
O4 - HKLM\..\Run: [Itch ford four knob] C:\Documents and Settings\All Users\Application Data\third lies itch ford\blah up.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Transfert par Image Converter 3 - C:\PROGRAM FILES\SONY\IMAGE CONVERTER 3\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
--
End of file - 11468 bytes
Le tuto de l'été,rafraichir son PC
Répondre à tetar159
re
Copie (Ctrl+C) le texte ci-dessous :
File::
|
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
Sauvegarde ce fichier sous le nom de CFScript.txt
Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
- Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
- Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
- Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
- Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
Salut à midi je vais chez mon pote pour finir le boulot, tu seras là vers midi et dans l'aprem ?
Le tuto de l'été,rafraichir son PC
Répondre à tetar159
Salutn le pc s'est redémarré je sais pas si c'est normal, mais je pense que oui voilà le rapport :
ComboFix 08-05-27.4 - amaury 2008-05-31 12:47:58.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.792 [GMT 2:00]
Endroit: C:\Documents and Settings\amaury\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\amaury\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
FILE ::
C:\WINDOWS\system32\qoMfDVPF.dll.vir
C:\WINDOWS\system32\wabunlqk.tmp
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\third lies itch ford
C:\Documents and Settings\All Users\Application Data\third lies itch ford\junk load.exe
C:\Documents and Settings\amaury\Application Data\Gram View 4
C:\Documents and Settings\amaury\Application Data\Gram View 4\0
C:\Documents and Settings\olivier\Application Data\Gram View 4
C:\Documents and Settings\olivier\Application Data\Gram View 4\uploadsettingsfacehole.exe
C:\Program Files\Gram View 4
C:\VundoFix Backups
C:\WINDOWS\system32\qoMfDVPF.dll.vir
C:\WINDOWS\system32\wabunlqk.tmp
.
---- Previous Run -------
.
C:\WINDOWS\BM4bf600bf.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aqdwfcpj.ini
C:\WINDOWS\system32\axhbywhm.dll
C:\WINDOWS\system32\BcJRCeLm.ini
C:\WINDOWS\system32\BcJRCeLm.ini2
C:\WINDOWS\system32\BKSrqtwa.ini
C:\WINDOWS\system32\BKSrqtwa.ini2
C:\WINDOWS\system32\bkssentq.ini
C:\WINDOWS\system32\bldpfeef.ini
C:\WINDOWS\system32\cJSsrXyb.ini
C:\WINDOWS\system32\cJSsrXyb.ini2
C:\WINDOWS\system32\ckqbcmpa.dll
C:\WINDOWS\system32\CMoqYGgh.ini
C:\WINDOWS\system32\CMoqYGgh.ini2
C:\WINDOWS\system32\dlhyppax.dll
C:\WINDOWS\system32\dnxirjwi.dll
C:\WINDOWS\system32\dospskvv.ini
C:\WINDOWS\system32\dqvmidfm.ini
C:\WINDOWS\system32\duybwsne.ini
C:\WINDOWS\system32\EMmSAJjl.ini
C:\WINDOWS\system32\EMmSAJjl.ini2
C:\WINDOWS\system32\fhrlesqu.ini
C:\WINDOWS\system32\fkkbinll.dll
C:\WINDOWS\system32\fLnTCJlm.ini
C:\WINDOWS\system32\fLnTCJlm.ini2
C:\WINDOWS\system32\hgGxXqOI.dll
C:\WINDOWS\system32\hjbhnhge.ini
C:\WINDOWS\system32\hndrsblt.ini
C:\WINDOWS\system32\iexrnpcm.dll
C:\WINDOWS\system32\iipvfise.ini
C:\WINDOWS\system32\ikhqoamt.dll
C:\WINDOWS\system32\IOqXxGgh.ini
C:\WINDOWS\system32\IOqXxGgh.ini2
C:\WINDOWS\system32\iwinthyi.exe
C:\WINDOWS\system32\jetutujr.ini
C:\WINDOWS\system32\jfwfranm.dll
C:\WINDOWS\system32\jjhclxkn.ini
C:\WINDOWS\system32\jkgjoemg.ini
C:\WINDOWS\system32\JPXFPqss.ini
C:\WINDOWS\system32\JPXFPqss.ini2
C:\WINDOWS\system32\jxwgowmg.ini
C:\WINDOWS\system32\jyjhodce.dll
C:\WINDOWS\system32\kjcvxnqe.dll
C:\WINDOWS\system32\kjkxaiqp.dll
C:\WINDOWS\system32\kQqBHkkj.ini
C:\WINDOWS\system32\kQqBHkkj.ini2
C:\WINDOWS\system32\kuyqqaan.exe
C:\WINDOWS\system32\kvilsluv.ini
C:\WINDOWS\system32\kvlnhwfl.ini
C:\WINDOWS\system32\kxktlwvh.exe
C:\WINDOWS\system32\lefwuddo.dll
C:\WINDOWS\system32\lnmmnqru.ini
C:\WINDOWS\system32\lnmmnqru.ini2
C:\WINDOWS\system32\LVvwEfhk.ini
C:\WINDOWS\system32\LVvwEfhk.ini2
C:\WINDOWS\system32\lyrfhkqb.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mVCMlRqr.ini
C:\WINDOWS\system32\mVCMlRqr.ini2
C:\WINDOWS\system32\MVEKlkkj.ini
C:\WINDOWS\system32\MVEKlkkj.ini2
C:\WINDOWS\system32\mykgmfse.ini
C:\WINDOWS\system32\nmUtAJlm.ini
C:\WINDOWS\system32\nmUtAJlm.ini2
C:\WINDOWS\system32\npamrgkg.ini
C:\WINDOWS\system32\nxdfxyyl.dll
C:\WINDOWS\system32\nydqqytm.ini
C:\WINDOWS\system32\ocmuwfkj.dll
C:\WINDOWS\system32\olbqegbh.exe
C:\WINDOWS\system32\omyuqxhs.exe
C:\WINDOWS\system32\opqnfxuo.ini
C:\WINDOWS\system32\orphhiof.dll
C:\WINDOWS\system32\ourbdqbt.dll
C:\WINDOWS\system32\pafamloc.dll
C:\WINDOWS\system32\pqqsxewx.ini
C:\WINDOWS\system32\qaprxibs.ini
C:\WINDOWS\system32\qjfhyqfy.ini
C:\WINDOWS\system32\qriwftwc.dll
C:\WINDOWS\system32\QsYyyccf.ini
C:\WINDOWS\system32\QsYyyccf.ini2
C:\WINDOWS\system32\qWxGQXyb.ini
C:\WINDOWS\system32\qWxGQXyb.ini2
C:\WINDOWS\system32\rroxtxxx.exe
C:\WINDOWS\system32\rwebbcev.ini
C:\WINDOWS\system32\rXxFNqru.ini
C:\WINDOWS\system32\rXxFNqru.ini2
C:\WINDOWS\system32\saujhdgi.ini
C:\WINDOWS\system32\sghuxeve.dll
C:\WINDOWS\system32\SuFhRqru.ini
C:\WINDOWS\system32\SuFhRqru.ini2
C:\WINDOWS\system32\svnwbfmv.ini
C:\WINDOWS\system32\TCeOUvut.ini
C:\WINDOWS\system32\TCeOUvut.ini2
C:\WINDOWS\system32\tgmqrvrx.dll
C:\WINDOWS\system32\tmtogepw.ini
C:\WINDOWS\system32\tngklhaf.ini
C:\WINDOWS\system32\ulkemqlf.ini
C:\WINDOWS\system32\uvbatxft.dll
C:\WINDOWS\system32\uvothjdt.ini
C:\WINDOWS\system32\uxbLmUtv.ini
C:\WINDOWS\system32\uxbLmUtv.ini2
C:\WINDOWS\system32\virvdacs.exe
C:\WINDOWS\system32\vodwpwrn.ini
C:\WINDOWS\system32\vsruogmv.dll
C:\WINDOWS\system32\VxbHjjjl.ini
C:\WINDOWS\system32\VxbHjjjl.ini2
C:\WINDOWS\system32\wabunlqk.ini
C:\WINDOWS\system32\waGQstwa.ini
C:\WINDOWS\system32\waGQstwa.ini2
C:\WINDOWS\system32\wcsifieq.dll
C:\WINDOWS\system32\wcxiyxxg.exe
C:\WINDOWS\system32\wDeOoUtv.ini
C:\WINDOWS\system32\wDeOoUtv.ini2
C:\WINDOWS\system32\wGOrrBeg.ini
C:\WINDOWS\system32\wGOrrBeg.ini2
C:\WINDOWS\system32\wkiifibh.ini
C:\WINDOWS\system32\xappyhld.ini
C:\WINDOWS\system32\xkpyeqjm.dll
C:\WINDOWS\system32\xxdbaqds.ini
C:\WINDOWS\system32\ynfddgno.ini
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-28 to 2008-05-31 ))))))))))))))))))))))))))))))))))))
.
2008-05-28 17:36 . 2008-05-28 17:37 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-05-28 15:14 . 2008-05-28 15:14 <REP> d-------- C:\Program Files\Avira
2008-05-28 15:14 . 2008-05-28 15:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-28 13:42 . 2008-05-28 13:42 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-05-28 12:34 . 2008-05-28 12:34 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-28 12:34 . 2008-05-28 12:34 <REP> d-------- C:\Documents and Settings\amaury\Application Data\Malwarebytes
2008-05-28 12:34 . 2008-05-28 12:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-28 12:34 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-28 12:34 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-28 12:22 . 2008-05-31 12:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-28 12:22 . 2008-05-28 12:22 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-21 13:58 . 2008-05-21 13:58 1,160 --a------ C:\WINDOWS\mozver.dat
2008-05-21 13:56 . 2008-05-21 13:56 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-21 13:34 . 2008-05-21 13:34 <REP> d-------- C:\Program Files\Trend Micro
2008-05-21 13:34 . 2008-05-21 13:34 <REP> d-------- C:\Program Files\CCleaner
2008-04-20 09:19 . 2008-04-23 18:45 1,178 ---hs---- C:\WINDOWS\system32\wyhppigr.ini
2008-04-19 09:06 . 2008-04-19 09:38 766 ---hs---- C:\WINDOWS\system32\iishoprs.ini
2008-04-18 21:38 . 2008-04-19 08:57 474 ---hs---- C:\WINDOWS\system32\sfuwhsbo.ini
2008-04-16 21:26 . 2008-04-18 21:23 354 ---hs---- C:\WINDOWS\system32\ndltxukd.ini
2008-04-16 18:56 . 2008-04-16 18:56 1,074 ---hs---- C:\WINDOWS\system32\obsysiuc.ini
2008-04-15 20:31 . 2008-04-16 18:44 1,014 ---hs---- C:\WINDOWS\system32\sxajinhe.ini
2008-04-14 22:07 . 2008-04-15 20:27 834 ---hs---- C:\WINDOWS\system32\xsdpmswu.ini
2008-04-14 22:02 . 2008-04-14 22:02 714 ---hs---- C:\WINDOWS\system32\lkbxqmcu.ini
2008-04-14 21:42 . 2008-04-15 19:25 1,006 ---hs---- C:\WINDOWS\system32\ymtfxlxd.ini
2008-04-14 21:42 . 2008-04-14 21:42 534 ---hs---- C:\WINDOWS\system32\vwbeysmw.ini
2008-04-14 21:22 . 2008-04-14 21:40 474 ---hs---- C:\WINDOWS\system32\jwmtshfc.ini
2008-04-12 17:53 . 2008-04-14 21:56 654 ---hs---- C:\WINDOWS\system32\txcvsjpk.ini
2008-04-12 16:24 . 2008-04-12 17:03 534 ---hs---- C:\WINDOWS\system32\hqrneaco.ini
2008-04-12 09:10 . 2008-04-12 16:15 414 ---hs---- C:\WINDOWS\system32\npbudsrl.ini
2008-04-12 08:58 . 2008-04-12 08:58 294 ---hs---- C:\WINDOWS\system32\aqsgvdei.ini
2008-04-11 22:15 . 2008-04-11 22:16 654 ---hs---- C:\WINDOWS\system32\ilhcxmng.ini
2008-04-11 22:13 . 2008-04-11 22:14 474 ---hs---- C:\WINDOWS\system32\swwqijvs.ini
2008-04-11 22:09 . 2008-04-11 22:12 354 ---hs---- C:\WINDOWS\system32\ejyockwp.ini
2008-04-07 21:13 . 2008-04-07 21:13 534 ---hs---- C:\WINDOWS\system32\nnfdlnlm.ini
2008-04-07 20:38 . 2008-04-07 21:12 474 ---hs---- C:\WINDOWS\system32\rdosaxeb.ini
2008-04-06 22:06 . 2008-04-06 22:07 1,014 ---hs---- C:\WINDOWS\system32\ejarblhs.ini
2008-04-06 22:01 . 2008-04-06 22:05 834 ---hs---- C:\WINDOWS\system32\oymagbgk.ini
2008-04-06 21:42 . 2008-04-06 21:57 594 ---hs---- C:\WINDOWS\system32\huyrwdxf.ini
2008-04-06 21:40 . 2008-04-06 21:42 414 ---hs---- C:\WINDOWS\system32\ouperbjf.ini
2008-04-06 21:40 . 2008-04-06 21:40 294 ---hs---- C:\WINDOWS\system32\xdxgvdno.ini
2008-04-05 17:09 . 2008-04-05 17:10 998 ---hs---- C:\WINDOWS\system32\vwenltts.ini
2008-04-05 14:46 . 2008-04-05 17:00 938 ---hs---- C:\WINDOWS\system32\mhyumnod.ini
2008-04-05 10:44 . 2008-04-05 14:37 414 ---hs---- C:\WINDOWS\system32\rvcjagmv.ini
2008-04-05 10:33 . 2008-04-05 10:33 294 ---hs---- C:\WINDOWS\system32\qhngcwpm.ini
2008-04-03 21:24 . 2008-04-05 10:28 954 ---hs---- C:\WINDOWS\system32\esjjvgfy.ini
2008-04-03 21:09 . 2008-04-03 21:10 834 ---hs---- C:\WINDOWS\system32\rdgtvykt.ini
2008-04-03 20:59 . 2008-04-03 21:01 534 ---hs---- C:\WINDOWS\system32\hxncqgsy.ini
2008-04-02 18:42 . 2008-04-03 21:03 774 ---hs---- C:\WINDOWS\system32\jdvkkmqf.ini
2008-04-02 17:20 . 2008-04-02 18:36 594 ---hs---- C:\WINDOWS\system32\pmykxpbv.ini
2008-04-02 14:02 . 2008-04-02 17:13 414 ---hs---- C:\WINDOWS\system32\bphmoimc.ini
2008-04-02 13:32 . 2008-04-02 13:32 294 ---hs---- C:\WINDOWS\system32\exomgqyq.ini
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-31 10:54 --------- d-----w C:\Documents and Settings\amaury\Application Data\AdobeUM
2008-05-28 13:11 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-05-28 13:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-28 10:33 --------- d-----w C:\Program Files\Common Files
2008-05-23 17:03 --------- d-----w C:\Program Files\eMule
2008-04-25 16:35 --------- d-----w C:\Program Files\Google
2008-04-25 16:35 --------- d-----w C:\Program Files\Club-Internet
2008-04-23 17:13 --------- d-----w C:\Program Files\VideoLAN
2008-04-23 17:12 --------- d-----w C:\Program Files\Java
2008-04-23 17:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-02 11:35 --------- d-----w C:\Program Files\MSN Messenger
2008-04-02 11:35 --------- d-----w C:\Program Files\Messenger Plus! Live
.
MERCI
Le tuto de l'été,rafraichir son PC
Répondre à tetar159
re
poste ton rapport en entier stp
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
Il est entier
Enfin je sais pas ! Mais du coup là je suis chez moi x)
Message édité par tetar159 le 31-05-2008 à 18:24:19
Le tuto de l'été,rafraichir son PC
Répondre à tetar159
nan, il n'est pas entier...
C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"
viens sur le forum et édition "coller"
ajoute un nouveau rapport Hijackthis.
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
MOn pote m'a envoyé le rapport Combofix.txt y'a plus rien ... apart ça :
ComboFix 08-05-27.4 - amaury 2008-05-31 14:44:03.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.780 [GMT 2:00]
Endroit: C:\Documents and Settings\amaury\Bureau\ComboFix.exe
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
log hij :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:50, on 2008-06-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WMAAD] C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Transfert par Image Converter 3 - C:\PROGRAM FILES\SONY\IMAGE CONVERTER 3\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6 [...] vSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6 [...] /cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
--
End of file - 9258 bytes
Le tuto de l'été,rafraichir son PC
Répondre à tetar159
bonsoir
| Citation : MOn pote m'a envoyé le rapport Combofix.txt y'a plus rien ... apart ça : |
dis lui de s'inscrire sur le forum, donne lui ce lien de discussion
8 jours après, on perd notre temps
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
C'est mon meilleur pote je fais tout par téléphone, il est vraiment pas doué en informatique ...
Le nouveau rapport donne quoi ?
Le tuto de l'été,rafraichir son PC
Répondre à tetar159
bonsoir
on perd du temps, j'ai l'habitude des gens qui ont des difficultés avec leur pc... je pourrais lui expliquer sans problèmes.
c'est le rapport ComboFix que je veux...
il y a déjà plein de fichiers à enlever,
| Citation : 2008-04-20 09:19 . 2008-04-23 18:45 1,178 ---hs---- C:\WINDOWS\system32\wyhppigr.ini
|
(restes de son infection vundo)
mais j'ai besoin d'un rapport complet pour continuer correctement...
fais lui supprimer
C:\qoobox
C:\combofix
puis qu'il retélécharge l'outil et il recommence...
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
Je sais qu'on pert du temps, écoute je vais lui dire de s'inscrire.
Cependant, pendant le temps ou je suis pas chez lui, je lui ai laissé pour consignes de ne pas allummer son pc.
Ok pour combo.
Le tuto de l'été,rafraichir son PC
Répondre à tetar159
re
ok
j'attends
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
Il y a 1876 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
