Bonjour tt le monde
Voila 3 jours que c'est la misere j'arrive pas à me débarraser
de ce trojan ( TR\vundo.BY )
des alertes d'avira l'une derriere l'autre...
J'espere que quelqu'un pourra m'aider merci d'avance Carl
Voila mon rapport Hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:05:21, on 28/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange\systray\systrayapp.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [zihagarepo] Rundll32.exe "C:\WINDOWS\system32\noyapavi.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: http://www.orange.fr
O15 - Trusted Zone: *.canal-plus.com (HKLM)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://carlinch1.spaces.live.com/P [...] nPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com [...] _0_3_1.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\wogibodi.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 6665 bytes
Bonjour tout le monde
il n'y a vrt personne pour me donner un coup de main?
merci Carl
Bonjour,
Patience !
! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !
- Télécharge ComboFix (sUBs) sur ton Bureau.
- Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
- Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Répondre à Angeldark
Bonsoir Angeldark
désolé d'etre impatient je commencais a désespérer en plus c'est le branle bas de combat pour me connecter a internet bref..
Merci beaucoup en tout cas
Voila mon rapport combo:
ComboFix 08-11-28.03 - Administrateur 2008-11-29 19:18:18.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.611 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrateur\Application Data\inst.exe
c:\documents and settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
c:\windows\system32\bkadjwhr.dll
c:\windows\system32\cdtkoqby.dll
c:\windows\system32\goxfpp.dll
c:\windows\system32\hpodalgu.ini
c:\windows\system32\jkkLfCsQ.dll
c:\windows\system32\jwhzvk.dll
c:\windows\system32\mafuveyi.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\mrwovtin.dll
c:\windows\system32\nkayfs.dll
c:\windows\system32\nrjnjteb.dll
c:\windows\system32\QsCfLkkj.ini
c:\windows\system32\QsCfLkkj.ini2
c:\windows\system32\ugladoph.dll
c:\windows\system32\uyavyryw.dll
c:\windows\system32\wamurspo.dll
c:\windows\system32\wyryvayu.ini
c:\windows\system32\xwpxvink.dll
c:\windows\system32\ykeowv.dll
c:\windows\system32\ylcela.dll
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-28 au 2008-11-29 ))))))))))))))))))))))))))))))))))))
.
2008-11-28 20:24 . 2008-11-28 20:27 <REP> d-------- c:\documents and settings\L2MFIX
2008-11-28 20:24 . 2008-11-28 20:24 0 --a------ c:\windows\system32\lo2.txtt
2008-11-28 20:20 . 2008-11-28 20:20 <REP> d-------- c:\program files\l2mfix
2008-11-28 20:14 . 2008-11-28 20:14 <REP> d-------- c:\program files\CleanUp!
2008-11-28 20:03 . 2008-11-28 20:03 <REP> d-------- c:\windows\system32\bfubackups
2008-11-28 19:58 . 2008-11-29 12:13 <REP> d-------- C:\BFU
2008-11-28 16:27 . 2008-11-28 18:06 <REP> d-------- C:\!KillBox
2008-11-27 20:26 . 2008-11-29 18:48 <REP> d-------- C:\Bases
2008-11-25 18:49 . 2008-11-25 18:49 <REP> d-------- C:\VundoFix Backups
2008-11-24 19:48 . 2008-11-24 19:48 <REP> d-------- c:\program files\Defenza
2008-11-24 19:48 . 1996-08-20 20:37 15,840 --a------ c:\windows\system32\Machnm1.exe
2008-11-24 19:48 . 2005-09-25 16:37 5,632 --a------ c:\windows\system32\Machnm64.sys
2008-11-24 19:48 . 2008-11-24 19:48 3,120 --a------ c:\windows\system32\118290.54
2008-11-24 19:48 . 2008-11-24 19:48 3,120 --a------ c:\windows\118294.78
2008-11-24 19:48 . 2003-08-13 00:27 2,304 --a------ c:\windows\system32\Machnm32.sys
2008-11-24 19:04 . 2008-11-24 19:05 <REP> d-------- c:\program files\CDex_170b2
2008-11-23 00:17 . 2008-11-23 00:17 325 --a------ c:\windows\MusicStudio.INI
2008-11-23 00:00 . 2008-11-24 19:17 <REP> d-------- c:\documents and settings\All Users\Application Data\MAGIX
2008-11-23 00:00 . 2007-04-27 10:43 120,200 --a------ c:\windows\system32\DLLDEV32i.dll
2008-11-22 23:59 . 2008-11-24 19:20 <REP> d-------- c:\windows\system32\MAGIX
2008-11-22 23:59 . 2008-04-15 16:14 700,416 --a------ c:\windows\system32\mgxoschk.dll
2008-11-22 23:59 . 2008-11-23 00:01 5,937 --a------ c:\windows\mgxoschk.ini
2008-11-22 08:37 . 2008-11-22 21:18 <REP> d-------- c:\documents and settings\Administrateur\Application Data\dvdcss
2008-11-22 08:31 . 2008-11-22 09:08 <REP> d-------- c:\documents and settings\Administrateur\Application Data\vlc
2008-11-22 08:30 . 2008-11-22 08:30 <REP> d-------- c:\program files\VideoLAN
2008-11-16 19:57 . 2008-11-16 19:58 <REP> d-------- c:\windows\system32\Adobe
2008-11-13 19:48 . 2008-11-13 19:48 <REP> d-------- c:\documents and settings\karl\Mes documents
2008-11-13 19:48 . 2008-11-13 19:48 <REP> d-------- c:\documents and settings\karl
2008-11-13 19:40 . 2008-11-13 19:40 <REP> d-------- c:\documents and settings\All Users\Application Data\Pinnacle
2008-11-12 18:02 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 17:57 . 2008-09-04 18:16 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-08 09:26 . 2008-11-08 09:28 <REP> d-------- c:\program files\Yahoo!
2008-11-01 20:56 . 2008-11-01 20:56 <REP> d-------- c:\program files\Canal
2008-11-01 20:53 . 2008-11-01 20:53 <REP> d-------- c:\program files\Fichiers communs\Adobe AIR
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-29 10:59 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-29 10:57 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-28 19:07 --------- d-----w c:\documents and settings\All Users\Application Data\AntiVir PersonalEdition Classic
2008-11-28 18:55 --------- d-----w c:\program files\eMule
2008-11-24 18:48 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-24 18:47 --------- d-----w c:\program files\Fichiers communs\InstallShield
2008-11-17 18:31 --------- d-----w c:\program files\Google
2008-11-13 17:53 --------- d-----w c:\program files\ma-config.com
2008-11-13 17:53 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2008-11-02 10:55 --------- d-----w c:\program files\SuperCopier2
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-17 15:20 --------- d-----w c:\program files\Native Instruments
2008-10-17 15:20 --------- d-----w c:\program files\Fichiers communs\Digidesign
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:35 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-04 13:00 --------- d-----w c:\program files\CDBurnerXP
2008-10-04 13:00 --------- d-----w c:\documents and settings\Administrateur\Application Data\Canneverbe_Limited
2008-10-04 12:59 --------- d-----w c:\program files\CDBurnerXP Pro 3
2008-10-03 17:12 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-09-15 15:26 1,846,528 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-10 01:15 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-10 01:15 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
2008-09-05 22:30 952,360 ------w c:\windows\system32\dllcache\WgaTray.exe
2008-09-05 22:30 267,304 ------w c:\windows\system32\dllcache\wgaLogon.dll
2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-02-14 09:14 47,360 ----a-w c:\documents and settings\Administrateur\Application Data\pcouffin.sys
2008-04-14 02:33 617,472 --sha-w c:\windows\system32\comctl32.dll
2008-04-14 02:33 1,028,096 --sha-w c:\windows\system32\mfc42.dll
2004-08-05 09:00 57,344 --sha-w c:\windows\system32\mfc42loc.dll
1995-09-20 14:16 35,088 --sha-w c:\windows\system32\msjint32.dll
1995-09-20 14:13 977,680 --sha-w c:\windows\system32\msjt3032.dll
1995-09-20 14:16 23,824 --sha-w c:\windows\system32\msjter32.dll
2008-04-14 02:33 413,696 --sha-w c:\windows\system32\msvcp60.dll
2008-04-14 02:33 343,040 --sha-w c:\windows\system32\msvcrt.dll
2001-08-24 00:47 253,952 --sha-w c:\windows\system32\msvcrt20.dll
2008-04-14 02:33 30,749 --sha-w c:\windows\system32\vbajet32.dll
1995-09-24 09:02 243,472 --sha-w c:\windows\system32\vbar2232.dll
1998-05-18 01:06 368,912 --sha-w c:\windows\system32\vbar332.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"LXSUPMON"="c:\windows\system32\LXSUPMON.EXE" [2002-03-08 900096]
"SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]
"ORAHSSSessionManager"="c:\program files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wogibodi.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Outil de notification Live Search.lnk]
path=c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Outil de notification Live Search.lnk
backup=c:\windows\pss\Outil de notification Live Search.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2008-07-19 06:53 266497 c:\program files\AntiVir PersonalEdition Classic\avgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Canal Widget]
--a------ 2008-10-23 15:12 103992 c:\program files\Canal\Canal Widget\Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvLsnr]
--a------ 2003-05-08 15:34 69632 c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
--a------ 2004-02-04 14:33 294912 c:\program files\Lexmark Fax Solutions\fm3032.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDAS]
--a------ 2006-12-15 10:47 1359872 c:\program files\Defenza\pcd-as.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetRefresh]
--a------ 2003-11-20 21:01 525824 c:\program files\Compaq\SetRefresh\SetRefresh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
--a------ 2003-05-05 08:57 143360 c:\program files\Analog Devices\SoundMAX\SMTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--------- 2008-09-16 11:16 1833296 c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srmclean]
--a------ 2001-07-24 22:34 36864 c:\cpqs\scom\srmclean.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 c:\program files\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]
--a------ 2006-07-07 17:45 1052672 c:\program files\SuperCopier2\SuperCopier2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 15:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Bases\\kavupd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Documents and Settings\\Administrateur\\Bureau\\procexp.exe"=
"c:\\WINDOWS\\system32\\ping.exe"=
"c:\\WINDOWS\\system32\\find.exe"=
R2 CanalPlus.VOD;CanalPlus.VOD;"c:\program files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe" [2008-10-23 61440]
S3 PCASp50;PCASp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50.sys [2005-11-19 20096]
S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;c:\windows\system32\DRIVERS\WlanUZXP.sys [2005-07-13 260608]
.
Contenu du dossier 'Tâches planifiées'
2008-11-28 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{6F836CB8-53ED-40DB-909A-A610FC0E7EA6} - (no file)
BHO-{9262af37-692f-4b20-8699-b27035a36e5f} - c:\windows\system32\mafuveyi.dll
BHO-{D4AF2276-5ADF-41BD-BC4D-C4497124C9F0} - (no file)
BHO-{EE704A19-F4AE-4415-9A34-AC739EE1118E} - c:\windows\system32\jkkLfCsQ.dll
HKLM-Run-zihagarepo - c:\windows\system32\noyapavi.dll
ShellExecuteHooks-{AFAF8314-45C9-4EC5-9317-A9C24E01D0AC} - c:\windows\system32\ssqNDvwW.dll
Notify-imskdic32 - imskdic32.dll
Notify-ssqNDvwW - ssqNDvwW.dll
MSConfigStartUp-a8aca0ec - c:\windows\system32\uyavyryw.dll
MSConfigStartUp-zihagarepo - c:\windows\system32\noyapavi.dll
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: *.canal-plus.com
O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_3_1.cab
c:\windows\Downloaded Program Files\hardwaredetection.inf
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-29 19:22:35
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Orange\Launcher\Launcher.exe
c:\program files\Fichiers communs\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
c:\program files\Orange\Connectivity\ConnectivityManager.exe
c:\program files\Orange\Connectivity\corecom\CoreCom.exe
c:\program files\Orange\Connectivity\corecom\OraConfigRecover.exe
c:\program files\Fichiers communs\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
.
**************************************************************************
.
Heure de fin: 2008-11-29 19:28:22 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-29 18:28:19
Avant-CF: 43 943 329 792 octets libres
Après-CF: 43,884,470,272 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
265 --- E O F --- 2008-11-16 19:21:19
Reposte un rapport Hijackthis.
Répondre à Angeldark
Le nouveau rapport:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:39:51, on 30/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: http://www.orange.fr
O15 - Trusted Zone: *.canal-plus.com (HKLM)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://carlinch1.spaces.live.com/P [...] nPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com [...] _0_3_1.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\wogibodi.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 7105 bytes
Analyse le fichier suivant chez VirusTotal puis poste le rapport :
C:\WINDOWS\system32\wogibodi.dll
Répondre à Angeldark
Salut Angeldark
Alors le fichier:"C:\WINDOWS\system32\wogibodi.dll" est introuvable par contre j'ai C:\WINDOWS\system32\wogibodi.VIR donc j'ai scanné celui la voila le rapport :
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.12.2.0 2008.12.01 -
AntiVir 7.9.0.36 2008.12.01 TR/Vundo.MY
Authentium 5.1.0.4 2008.12.01 -
Avast 4.8.1281.0 2008.12.01 -
AVG 8.0.0.199 2008.12.01 Generic12.QGX
BitDefender 7.2 2008.12.01 -
CAT-QuickHeal 10.00 2008.12.01 -
ClamAV 0.94.1 2008.12.01 -
DrWeb 4.44.0.09170 2008.12.01 -
eSafe 7.0.17.0 2008.11.30 Suspicious File
eTrust-Vet 31.6.6234 2008.11.28 -
Ewido 4.0 2008.12.01 -
F-Prot 4.4.4.56 2008.12.01 -
F-Secure 8.0.14332.0 2008.12.01 Trojan:W32/Vundo.BU
Fortinet 3.117.0.0 2008.12.01 -
GData 19 2008.12.01 -
Ikarus T3.1.1.45.0 2008.12.01 -
K7AntiVirus 7.10.539 2008.12.01 -
Kaspersky 7.0.0.125 2008.12.01 -
McAfee 5450 2008.11.30 -
McAfee+Artemis 5450 2008.11.30 -
Microsoft 1.4104 2008.12.01 Trojan:Win32/Vundo.JD.dll
NOD32 3654 2008.12.01 a variant of Win32/Adware.Virtumonde.NDI
Norman 5.80.02 2008.12.01 -
Panda 9.0.0.4 2008.12.01 -
PCTools 4.4.2.0 2008.12.01 -
Prevx1 V2 2008.12.01 -
Rising 21.06.02.00 2008.12.01 Trojan.Win32.VUNDO.bus
SecureWeb-Gateway 6.7.6 2008.12.01 Trojan.Vundo.MY
Sophos 4.36.0 2008.12.01 Troj/Virtum-Gen
Sunbelt 3.1.1832.2 2008.12.01 -
Symantec 10 2008.12.01 -
TheHacker 6.3.1.1.169 2008.11.29 -
TrendMicro 8.700.0.1004 2008.12.01 -
VBA32 3.12.8.9 2008.12.01 -
ViRobot 2008.12.1.1494 2008.12.01 -
VirusBuster 4.5.11.0 2008.12.01 -
Information additionnelle
File size: 60416 bytes
MD5...: 2e3f66747c4b13f961e7cd72670f663d
SHA1..: 8fae5a531bdfc7d270662850b7122aa77912b34a
SHA256: 781fa4b430b5be50958e610d9ce7142fae0e755c98f04ffa4fe901aa5c1de94d
SHA512: 74c19ffa6031c469f58b330995da36db6ff1175c63e5af6b1d65b0f971dd5c38
6cec9055f8cb0cb504f4922e6f8166426b48954e73c7ae15d716931897e6750a
ssdeep: 1536:ZGu1IBBurzsU/nqnpXbdug6alqy+h4THjwwsIWqF5:Te8mpXbdu1b6THia5
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x100010e7
timedatestamp.....: 0x0 (Thu Jan 01 00:00:00 1970)
machinetype.......: 0x14c (I386)
( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
text 0x1000 0x49f3 0x4a00 7.90 140559c7567a4de2487e77b71812642c
.rdata 0x6000 0x2dbb 0x2e00 7.82 887077c51deecb5b1562f406895bf66a
.data 0x9000 0x5fa3 0x6000 7.99 c6f0fb9657f075fd9aec96a93706e470
.idata 0xf000 0x399 0x400 0.00 0f343b0931126a20f133d67c2b018a3b
.rsrc 0x10000 0x400 0x400 3.40 8f0949d8ab1f0156905e439a59cf8a00
.reloc 0x11000 0xcfa4 0x800 0.89 a0ee42caf0f87e71e40548c75d25b102
( 4 imports )
> user32.dll: ToAscii, EndPaint, EndDeferWindowPos, DestroyWindow, DestroyMenu, DestroyCursor, CreatePopupMenu, CreateDesktopW, CloseWindow
> KERNEL32.dll: GetProcessHeap, HeapValidate, HeapDestroy, GetACP, ExitProcess, EnterCriticalSection, TerminateProcess, WriteFile, SetStdHandle
> advapi32.dll: RegOpenKeyExA, RegEnumValueA, RegCloseKey
> comdlg32.dll: GetOpenFileNameW, GetFileTitleW
( 0 exports )
Re,
! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
File::
|
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
Sauvegarde ce fichier sous le nom de "CFScript.txt" (les guillemets sont importantes).
Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme dans l'image ci-dessous :
Cela va relancer ComboFix. Après redémarrage, poste le contenu du rapport (C:\combofix.txt*) accompagné d'un rapport HijackThis.
NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.
* le nom de la partition peut changer
Répondre à Angeldark
voila le rapport Combofix:
ComboFix 08-11-28.03 - Administrateur 2008-12-02 19:09:13.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.630 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
FILE ::
c:\windows\system32\wogibodi.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-02 au 2008-12-02 ))))))))))))))))))))))))))))))))))))
.
2008-11-29 21:12 . 2008-11-29 21:12 <REP> d-------- c:\program files\MSXML 4.0
2008-11-28 20:24 . 2008-11-28 20:27 <REP> d-------- c:\documents and settings\L2MFIX
2008-11-28 20:24 . 2008-11-28 20:24 0 --a------ c:\windows\system32\lo2.txtt
2008-11-28 20:20 . 2008-11-28 20:20 <REP> d-------- c:\program files\l2mfix
2008-11-28 20:14 . 2008-11-28 20:14 <REP> d-------- c:\program files\CleanUp!
2008-11-28 20:03 . 2008-11-28 20:03 <REP> d-------- c:\windows\system32\bfubackups
2008-11-28 19:58 . 2008-11-29 12:13 <REP> d-------- C:\BFU
2008-11-28 16:27 . 2008-11-28 18:06 <REP> d-------- C:\!KillBox
2008-11-27 20:26 . 2008-11-29 18:48 <REP> d-------- C:\Bases
2008-11-25 18:49 . 2008-11-25 18:49 <REP> d-------- C:\VundoFix Backups
2008-11-24 19:48 . 2008-11-24 19:48 <REP> d-------- c:\program files\Defenza
2008-11-24 19:48 . 1996-08-20 20:37 15,840 --a------ c:\windows\system32\Machnm1.exe
2008-11-24 19:48 . 2005-09-25 16:37 5,632 --a------ c:\windows\system32\Machnm64.sys
2008-11-24 19:48 . 2008-11-24 19:48 3,120 --a------ c:\windows\system32\118290.54
2008-11-24 19:48 . 2008-11-24 19:48 3,120 --a------ c:\windows\118294.78
2008-11-24 19:48 . 2003-08-13 00:27 2,304 --a------ c:\windows\system32\Machnm32.sys
2008-11-24 19:04 . 2008-11-24 19:05 <REP> d-------- c:\program files\CDex_170b2
2008-11-23 00:17 . 2008-11-23 00:17 325 --a------ c:\windows\MusicStudio.INI
2008-11-23 00:00 . 2008-11-24 19:17 <REP> d-------- c:\documents and settings\All Users\Application Data\MAGIX
2008-11-23 00:00 . 2007-04-27 10:43 120,200 --a------ c:\windows\system32\DLLDEV32i.dll
2008-11-22 23:59 . 2008-11-24 19:20 <REP> d-------- c:\windows\system32\MAGIX
2008-11-22 23:59 . 2008-04-15 16:14 700,416 --a------ c:\windows\system32\mgxoschk.dll
2008-11-22 23:59 . 2008-11-23 00:01 5,937 --a------ c:\windows\mgxoschk.ini
2008-11-22 08:37 . 2008-11-22 21:18 <REP> d-------- c:\documents and settings\Administrateur\Application Data\dvdcss
2008-11-22 08:31 . 2008-11-22 09:08 <REP> d-------- c:\documents and settings\Administrateur\Application Data\vlc
2008-11-22 08:30 . 2008-11-22 08:30 <REP> d-------- c:\program files\VideoLAN
2008-11-16 19:57 . 2008-11-16 19:58 <REP> d-------- c:\windows\system32\Adobe
2008-11-13 19:48 . 2008-11-13 19:48 <REP> d-------- c:\documents and settings\karl\Mes documents
2008-11-13 19:48 . 2008-11-13 19:48 <REP> d-------- c:\documents and settings\karl
2008-11-13 19:40 . 2008-11-13 19:40 <REP> d-------- c:\documents and settings\All Users\Application Data\Pinnacle
2008-11-12 18:02 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 17:57 . 2008-09-04 18:16 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-08 09:26 . 2008-11-08 09:28 <REP> d-------- c:\program files\Yahoo!
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-02 17:50 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-01 19:07 --------- d-----w c:\documents and settings\All Users\Application Data\AntiVir PersonalEdition Classic
2008-11-29 10:59 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-28 18:55 --------- d-----w c:\program files\eMule
2008-11-24 18:48 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-24 18:47 --------- d-----w c:\program files\Fichiers communs\InstallShield
2008-11-17 18:31 --------- d-----w c:\program files\Google
2008-11-13 17:53 --------- d-----w c:\program files\ma-config.com
2008-11-13 17:53 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2008-11-02 10:55 --------- d-----w c:\program files\SuperCopier2
2008-11-01 19:56 --------- d-----w c:\program files\Canal
2008-11-01 19:53 --------- d-----w c:\program files\Fichiers communs\Adobe AIR
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-17 15:20 --------- d-----w c:\program files\Native Instruments
2008-10-17 15:20 --------- d-----w c:\program files\Fichiers communs\Digidesign
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:35 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-04 13:00 --------- d-----w c:\program files\CDBurnerXP
2008-10-04 13:00 --------- d-----w c:\documents and settings\Administrateur\Application Data\Canneverbe_Limited
2008-10-04 12:59 --------- d-----w c:\program files\CDBurnerXP Pro 3
2008-10-03 17:12 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-09-15 15:26 1,846,528 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-10 01:15 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-10 01:15 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
2008-09-05 22:30 952,360 ------w c:\windows\system32\dllcache\WgaTray.exe
2008-09-05 22:30 267,304 ------w c:\windows\system32\dllcache\wgaLogon.dll
2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-02-14 09:14 47,360 ----a-w c:\documents and settings\Administrateur\Application Data\pcouffin.sys
2008-04-14 02:33 617,472 --sha-w c:\windows\system32\comctl32.dll
2008-04-14 02:33 1,028,096 --sha-w c:\windows\system32\mfc42.dll
2004-08-05 09:00 57,344 --sha-w c:\windows\system32\mfc42loc.dll
1995-09-20 14:16 35,088 --sha-w c:\windows\system32\msjint32.dll
1995-09-20 14:13 977,680 --sha-w c:\windows\system32\msjt3032.dll
1995-09-20 14:16 23,824 --sha-w c:\windows\system32\msjter32.dll
2008-04-14 02:33 413,696 --sha-w c:\windows\system32\msvcp60.dll
2008-04-14 02:33 343,040 --sha-w c:\windows\system32\msvcrt.dll
2001-08-24 00:47 253,952 --sha-w c:\windows\system32\msvcrt20.dll
2008-04-14 02:33 30,749 --sha-w c:\windows\system32\vbajet32.dll
1995-09-24 09:02 243,472 --sha-w c:\windows\system32\vbar2232.dll
1998-05-18 01:06 368,912 --sha-w c:\windows\system32\vbar332.dll
.
((((((((((((((((((((((((((((( snapshot@2008-11-29_19.27.32.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-29 20:12:06 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2008-09-30 15:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 15:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"LXSUPMON"="c:\windows\system32\LXSUPMON.EXE" [2002-03-08 900096]
"SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]
"ORAHSSSessionManager"="c:\program files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400]
"avgnt"="c:\program files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 266497]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\imskdic32]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqNDvwW]
[BU]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Outil de notification Live Search.lnk]
path=c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Outil de notification Live Search.lnk
backup=c:\windows\pss\Outil de notification Live Search.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Canal Widget]
--a------ 2008-10-23 15:12 103992 c:\program files\Canal\Canal Widget\Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvLsnr]
--a------ 2003-05-08 15:34 69632 c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
--a------ 2004-02-04 14:33 294912 c:\program files\Lexmark Fax Solutions\fm3032.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDAS]
--a------ 2006-12-15 10:47 1359872 c:\program files\Defenza\pcd-as.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetRefresh]
--a------ 2003-11-20 21:01 525824 c:\program files\Compaq\SetRefresh\SetRefresh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
--a------ 2003-05-05 08:57 143360 c:\program files\Analog Devices\SoundMAX\SMTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--------- 2008-09-16 11:16 1833296 c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srmclean]
--a------ 2001-07-24 22:34 36864 c:\cpqs\scom\srmclean.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 c:\program files\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]
--a------ 2006-07-07 17:45 1052672 c:\program files\SuperCopier2\SuperCopier2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 15:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Bases\\kavupd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Documents and Settings\\Administrateur\\Bureau\\procexp.exe"=
"c:\\WINDOWS\\system32\\ping.exe"=
"c:\\WINDOWS\\system32\\find.exe"=
R2 CanalPlus.VOD;CanalPlus.VOD;"c:\program files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe" [2008-10-23 61440]
S3 PCASp50;PCASp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50.sys [2005-11-19 20096]
S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;c:\windows\system32\DRIVERS\WlanUZXP.sys [2005-07-13 260608]
.
Contenu du dossier 'Tâches planifiées'
2008-11-28 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{6F836CB8-53ED-40DB-909A-A610FC0E7EA6} - (no file)
BHO-{9262af37-692f-4b20-8699-b27035a36e5f} - (no file)
BHO-{D4AF2276-5ADF-41BD-BC4D-C4497124C9F0} - (no file)
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-02 19:11:08
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-12-02 19:12:24
ComboFix-quarantined-files.txt 2008-12-02 18:12:03
ComboFix2.txt 2008-12-02 17:58:38
ComboFix3.txt 2008-11-29 18:28:24
Avant-CF: 44 226 715 648 octets libres
Après-CF: 44,215,767,040 octets libres
207 --- E O F --- 2008-11-29 20:12:07
....Et voila le rapport hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:16:45, on 02/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: (no name) - {6F836CB8-53ED-40DB-909A-A610FC0E7EA6} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9262af37-692f-4b20-8699-b27035a36e5f} - (no file)
O2 - BHO: (no name) - {D4AF2276-5ADF-41BD-BC4D-C4497124C9F0} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: http://www.orange.fr
O15 - Trusted Zone: *.canal-plus.com (HKLM)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://carlinch1.spaces.live.com/P [...] nPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com [...] _0_3_1.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O20 - Winlogon Notify: imskdic32 - C:\WINDOWS\
O20 - Winlogon Notify: ssqNDvwW - C:\WINDOWS\
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 6678 bytes
Re,
Fix les lignes dans le cadre ci-dessous avec HijackThis : AIDE EN IMAGES
O2 - BHO: (no name) - {6F836CB8-53ED-40DB-909A-A610FC0E7EA6} - (no file)
|
Répondre à Angeldark
salut
Voila c fait
Déja je n'ai plus de message d'alerte( antivirus & spybot) et plus de page de pub intempestives
J'attends de tes nouvelles
Merci Carl
Je pense que c'est ok.
Répondre à Angeldark
Et bien merci Angeldark
Longue vie a info du net
Dois je mettre Resolu?
Yep c'est mieux 
Répondre à Angeldark
Il y a 1766 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
