Problème virus (enfin je crois...)
salut
Je crois ke je suis infécté par un ou plusieurs virus voici l´analyse de Hijack :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:58:06, on 22/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNo
tifier.exe
C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\windows\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis-1.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8E92DC34-9B23-4227-A18C-8E55AE1738D7} - (no file)
O2 - BHO: (no name) - {9483527A-23C4-4705-85AC-B59D8C129B33} - C:\WINDOWS\system32\geedd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AEC46770-2165-479E-8EF2-3B7E8AFAFB31} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\2.1.615.5858\sw
g.dll
O2 - BHO: (no name) - {DE8EA246-FD5F-41C4-A22D-30268465A2AB} - (no file)
O2 - BHO: (no name) - {E9794BFD-23D5-46AB-8118-754330C7F7EF} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand201013011.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [1000b085] rundll32.exe "C:\WINDOWS\system32\xragxwtq.dll",b
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run:
[BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNo
tifier.exe
O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ´SERVICE LOCAL´)
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ´SERVICE RÉSEAU´)
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ´SYSTEM´)
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ´Default user´)
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra ´Tools´ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ´Tools´ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -
http://fichiers.touslesdrivers.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00B5C26.dat
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
End of file - 8650 bytes
Que dois-je faire ?
merci de m´aider ^^
Salut,
T´es infecté.
Télécharge GenProc de jean-chretien1 et narco4 sur ton bureau et dézippe-le:
http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip
Puis double-clique sur GenProc.bat et poste le contenu du rapport qui s´ouvre.
Rapport GenProc 0.72 [1] effectué le 22/11/2007 à 20:14:41,76 - SystemRoot = C:\WINDOWS
Dans CCleaner, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C´est tout.
- Etape 1/ Télécharge :
- VundoFix.exe (par Atribune)
http://www.atribune.org/ccount/click.php?id=4 sur ton Bureau
- combofix.exe (par [b]sUBs[/b])
http://download.bleepingccomputer.com/sUBs/ComboFix.exe sur ton Bureau
- ** Copie ce qui suit dans un fichier texte et redémarre en mode sans échec comme indiqué ici
https://www.microsoft.com/technet/prodtechnol/windowsserver2003/fr/library/ServerHelp/e14bf84d-d2f7-42c3-9fae-2af3db3f806c.mspx?mfr=true (choisis ta session courante "windows") *****
- Etape 2/
- Double-clique VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo
Lorsque le scan est complété, clique sur le bouton "Remove Vundo"
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué Yes, le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t´annonce que ton PC va redémarrer; clique OK
Note: Il est possible que VundoFix soit confronté à un fichier qu´il ne peut supprimer. Si tel est le cas, l´outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo
- Double clique [b]combofix.exe[/b].
Tape sur la touche Y (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra
- Etape 3/
Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c´est tout.
- Etape 4/
Redémarre normalement et poste :
- Un nouveau rapport HijackThis, toutes fenêtres et applications fermées
http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis.exe ;
- Le contenu du rapport situé dans C:\vundofix.txt ;
- Le contenu du rapport situé dans C:\Combofix.txt ;
Précise les difficultés que tu as eu (ce que tu n´as pas pu faire...) ainsi que l´évolution de la situation.
Pour Ccleaner:
http://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
Attends que wiwi te confirme l´exécution de la procédure.
Suis la procédure à la lettre.
voici le rapport de Hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:37:02, on 22/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and
Settings\windows\Bureau\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {7EF64645-1BEF-483F-88B6-30B22D77A3D4} - C:\WINDOWS\system32\geedd.dll (file missing)
O2 - BHO: (no name) - {8E92DC34-9B23-4227-A18C-8E55AE1738D7} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AEC46770-2165-479E-8EF2-3B7E8AFAFB31} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\2.1.615.5858\sw
g.dll
O2 - BHO: (no name) - {DE8EA246-FD5F-41C4-A22D-30268465A2AB} - (no file)
O2 - BHO: (no name) - {E9794BFD-23D5-46AB-8118-754330C7F7EF} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand201013011.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [1000b085] rundll32.exe "C:\WINDOWS\system32\xragxwtq.dll",b
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run:
[BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ´SERVICE LOCAL´)
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ´SERVICE RÉSEAU´)
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ´SYSTEM´)
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ´Default user´)
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra ´Tools´ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ´Tools´ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -
http://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_2_0_4_9.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
Celui de vundofix
VundoFix V6.6.2
Checking Java version...
Scan started at 21:10:35 22/11/2007
Listing files found while scanning....
C:\windows\system32\__c004B0D7.dat
C:\windows\system32\__c006979.dat
C:\windows\system32\__c0069DF9.dat
C:\windows\system32\__c00B034E.dat
C:\windows\system32\avpnuabx.dll
C:\windows\system32\ayneiybt.dll
C:\windows\system32\bjunuykk.dll
C:\windows\system32\bwfyscsq.dll
C:\windows\system32\ddeeg.ini
C:\windows\system32\ddeeg.ini2
C:\windows\system32\dwvmnngs.dll
C:\windows\system32\gdnayxyv.dll
C:\windows\system32\geedd.dll
C:\windows\system32\kpdhvdrs.dll
C:\windows\system32\ksvhrwdx.dll
C:\windows\system32\lrvbchim.dll
C:\windows\system32\nqxefhxh.dll
C:\windows\system32\rbwpnjsg.dll
C:\windows\system32\smwuotmx.dll
C:\windows\system32\tnvyjoxj.dll
C:\windows\system32\xfyuyapc.dll
Beginning removal...
Attempting to delete C:\windows\system32\__c004B0D7.dat
C:\windows\system32\__c004B0D7.dat Has been deleted!
Attempting to delete C:\windows\system32\__c006979.dat
C:\windows\system32\__c006979.dat Has been deleted!
Attempting to delete C:\windows\system32\__c0069DF9.dat
C:\windows\system32\__c0069DF9.dat Has been deleted!
Attempting to delete C:\windows\system32\__c00B034E.dat
C:\windows\system32\__c00B034E.dat Has been deleted!
Attempting to delete C:\windows\system32\avpnuabx.dll
C:\windows\system32\avpnuabx.dll Has been deleted!
Attempting to delete C:\windows\system32\ayneiybt.dll
C:\windows\system32\ayneiybt.dll Has been deleted!
Attempting to delete C:\windows\system32\bjunuykk.dll
C:\windows\system32\bjunuykk.dll Has been deleted!
Attempting to delete C:\windows\system32\bwfyscsq.dll
C:\windows\system32\bwfyscsq.dll Has been deleted!
Attempting to delete C:\windows\system32\ddeeg.ini
C:\windows\system32\ddeeg.ini Has been deleted!
Attempting to delete C:\windows\system32\ddeeg.ini2
C:\windows\system32\ddeeg.ini2 Has been deleted!
Attempting to delete C:\windows\system32\dwvmnngs.dll
C:\windows\system32\dwvmnngs.dll Has been deleted!
Attempting to delete C:\windows\system32\gdnayxyv.dll
C:\windows\system32\gdnayxyv.dll Has been deleted!
Attempting to delete C:\windows\system32\geedd.dll
C:\windows\system32\geedd.dll Has been deleted!
Attempting to delete C:\windows\system32\kpdhvdrs.dll
C:\windows\system32\kpdhvdrs.dll Has been deleted!
Attempting to delete C:\windows\system32\ksvhrwdx.dll
C:\windows\system32\ksvhrwdx.dll Has been deleted!
Attempting to delete C:\windows\system32\lrvbchim.dll
C:\windows\system32\lrvbchim.dll Has been deleted!
Attempting to delete C:\windows\system32\nqxefhxh.dll
C:\windows\system32\nqxefhxh.dll Has been deleted!
Attempting to delete C:\windows\system32\rbwpnjsg.dll
C:\windows\system32\rbwpnjsg.dll Has been deleted!
Attempting to delete C:\windows\system32\smwuotmx.dll
C:\windows\system32\smwuotmx.dll Has been deleted!
Attempting to delete C:\windows\system32\tnvyjoxj.dll
C:\windows\system32\tnvyjoxj.dll Has been deleted!
Attempting to delete C:\windows\system32\xfyuyapc.dll
C:\windows\system32\xfyuyapc.dll Has been deleted!
Performing Repairs to the registry.
Done!
ComboFix 07-11-19.3 - windows 2007-11-22 21:27:18.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1636 [GMT 1:00]
Running from: C:\Documents and Settings\windows\Bureau\ComboFix.exe
.
/wow section - STAGE 30
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\Documents and Settings\Utilisateur\Favoris\Online Security Guide.lnk
C:\Documents and Settings\windows\Favoris\Online Security Guide.lnk
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services
)))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-22 to 2007-11-22 ))))))))))))))))))))))))))))))))))))
.
2007-11-22 21:00 <REP> d-------- C:\VundoFix Backups
2007-11-22 19:12 <REP> d-------- C:\Program Files\Avira
2007-11-22 19:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-22 19:11 <REP> d-------- C:\Program Files\Java
2007-11-22
19:11 69,632 --a------ C:\WINDOWS\system32\javacpl
.cpl
2007-11-22 19:10 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-11-22 18:57 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-11-22 18:31 <REP> d-------- C:\Program Files\GeoGebra
2007-11-21
21:25 714 ---hs---- C:\WINDOWS\system32\qtwxgarx.i
ni
2007-11-21
21:16 10,816 --------- C:\WINDOWS\system32\__c00B5
C26.VIR
2007-11-21
21:06 71,232 --a------ C:\WINDOWS\system32\vkoyrfg
e.exe
2007-11-21
17:45 31,616 --a------ C:\WINDOWS\system32\drivers
\usbccgp.sys
2007-11-21
17:45 31,616 --a--c--- C:\WINDOWS\system32\dllcach
e\usbccgp.sys
2007-11-21
17:45 25,856 --a------ C:\WINDOWS\system32\drivers
\usbprint.sys
2007-11-21
17:45 25,856 --a--c--- C:\WINDOWS\system32\dllcach
e\usbprint.sys
2007-11-20
21:26 84,544 --a------ C:\WINDOWS\system32\delgwjy
x.dll
2007-11-20
21:20 85,056 --a------ C:\WINDOWS\system32\uvjbtvf
c.dll
2007-11-20
21:09 71,232 --a------ C:\WINDOWS\system32\twkiuvc
r.exe
2007-11-20 18:56 <REP> d-------- C:\Program Files\The All-Seeing Eye
2007-11-20 09:00 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2007-11-19
21:06 71,232 --a------ C:\WINDOWS\system32\wnbktro
y.exe
2007-11-19 18:31 <REP> d-------- C:\Program Files\DAEMON Tools Pro
2007-11-19 18:15 <REP> d-------- C:\Documents and Settings\windows\Application Data\DAEMON Tools Pro
2007-11-19 18:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2007-11-19 18:04 131,072 --a------ C:\Progr_.dll
2007-11-18 23:21 <REP> d-------- C:\Program Files\Setup Files
2007-11-18 23:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-11-18 21:51 <REP> d-------- C:\Program Files\Activision
2007-11-18
21:10 79,424 --a------ C:\WINDOWS\system32\tteqghg
s.dll
2007-11-18
21:05 3,727,720 --a------ C:\WINDOWS\system32\d3dx
9_35.dll
2007-11-18
21:05 1,358,192 --a------ C:\WINDOWS\system32\D3DC
ompiler_35.dll
2007-11-18
21:05 278,984 --a------ C:\WINDOWS\system32\driver
s\atksgt.sys
2007-11-18
21:05 25,416 --a------ C:\WINDOWS\system32\drivers
\lirsgt.sys
2007-11-18 20:56 <REP> d-------- C:\Program Files\The Witcher
2007-11-18
20:38 3,497,832 --a------ C:\WINDOWS\system32\d3dx
9_34.dll
2007-11-18
20:38 1,124,720 --a------ C:\WINDOWS\system32\D3DC
ompiler_34.dll
2007-11-18
20:38 18,280 --a------ C:\WINDOWS\system32\x3daudi
o1_2.dll
2007-11-18
19:46 22,328 --a------ C:\WINDOWS\system32\drivers
\PnkBstrK.sys
2007-11-18 19:46 22,328 --a------ C:\Documents and Settings\windows\Application Data\PnkBstrK.sys
2007-11-18 18:48 <REP> d--hs---- C:\WINDOWS\ftpcache
2007-11-17
21:18 678,340 ---hs---- C:\WINDOWS\system32\luvrpw
hy.ini
2007-11-17
21:18 85,056 --a------ C:\WINDOWS\system32\yhwprvu
l.dll
2007-11-17
21:06 71,232 --a------ C:\WINDOWS\system32\aqbtaqw
w.exe
2007-11-17 17:59 <REP> d---s---- C:\Documents and Settings\windows\UserData
2007-11-17 00:46 <REP> d-------- C:\Program Files\Steam
2007-11-17 00:42 <REP> d-------- C:\Program Files\BoontyGames
2007-11-17 00:42 <REP> d-------- C:\Program Files\Boonty
2007-11-16 23:25 <REP> d-------- C:\Program Files\Hamachi
2007-11-16 23:16 <REP> d-------- C:\Documents and Settings\windows\Application Data\Hamachi
2007-11-16
23:15 25,280 --a------ C:\WINDOWS\system32\drivers
\hamachi.sys
2007-11-16 21:23 <REP> d-------- C:\Program Files\Arovax AntiSpyware
2007-11-16 21:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Arovax
2007-11-16 21:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-16
21:06 71,232 --a------ C:\WINDOWS\system32\qgkvnpq
p.exe
2007-11-16 20:36 <REP> d-------- C:\Program Files\WarRock
2007-11-16 18:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-16 16:55 <REP> d-------- C:\Documents and Settings\windows\Application Data\OpenOffice.org2
2007-11-16 16:45 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
2007-11-16 16:42 <REP> d-------- C:\Program Files\Copernic Desktop Search 2
2007-11-16 16:36 <REP> d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
2007-11-16 16:36 <REP> d-------- C:\Documents and Settings\windows\Application Data\Audacity
2007-11-16
16:18 131 --a------ C:\WINDOWS\system32\drivers\fw
drv.err
2007-11-16 00:00 <REP> d-------- C:\Program Files\Yahoo!
2007-11-16 00:00 <REP> d-------- C:\Program Files\CCleaner
2007-11-15 23:45 <REP> d-------- C:\Program Files\Sunbelt Software
2007-11-15 23:29 <REP> d-------- C:\WINDOWS\Sun
2007-11-15 23:29 <REP> d-------- C:\Program Files\SystemRequirementsLab
2007-11-15 23:29 <REP> d-------- C:\Documents and Settings\windows\Application Data\SystemRequirementsLab
2007-11-15
23:28 5,532 --a------ C:\WINDOWS\system32\jupdate-
1.6.0_03-b05.log
2007-11-15
22:55 38,912 --a------ C:\WINDOWS\system32\jkkjjhe
.dll
2007-11-15 21:00 <REP> d---s---- C:\Documents and Settings\Utilisateur\UserData
2007-11-15 18:26 <REP> d-------- C:\Documents and Settings\Utilisateur\Contacts
2007-11-15 18:19 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Talkback
2007-11-15
03:03 128,816 --a------ C:\WINDOWS\system32\TZLog.
log
2007-11-15 03:01 <REP> d-------- C:\Program Files\MSXML 4.0
2007-11-14 21:51 <REP> d-------- C:\Program Files\uTorrent
2007-11-14 21:51 <REP> d-------- C:\Documents and Settings\windows\Application Data\uTorrent
2007-11-14 21:25 <REP> d-------- C:\Program Files\Teamspeak2_RC2
2007-11-14 21:25 <REP> d-------- C:\Documents and Settings\windows\Application Data\teamspeak2
2007-11-14
21:25 34,064 --a------ C:\WINDOWS\system32\lhacm.a
cm
2007-11-14 21:00 <REP> d-------- C:\Program Files\7-Zip
2007-11-14 20:46 <REP> d-------- C:\Documents and Settings\windows\Contacts
2007-11-14 20:45 <REP> d-------- C:\Program Files\MSN Messenger
2007-11-14 20:35 <REP> d-------- C:\Program Files\ma-config.com
2007-11-14 20:35 <REP> d-------- C:\Documents and Settings\windows\Application Data\ma-config.com
2007-11-14 20:25 1,395 --a------ C:\WINDOWS\mozver.dat
2007-11-14 20:18 <REP> d-------- C:\Documents and Settings\windows\Application Data\Talkback
2007-11-14 20:18 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-14 19:29 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-14
19:28 2,560 --------- C:\WINDOWS\system32\drivers\
cdralw2k.sys
2007-11-14
19:28 2,432 --------- C:\WINDOWS\system32\drivers\
cdr4_xp.sys
2007-11-14 19:27 <REP> d-------- C:\Program Files\Picasa2
2007-11-14 19:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-14
16:20 23,152 --a------ C:\WINDOWS\system32\drivers
\aswRdr.sys
2007-11-14 16:19 <REP> d-------- C:\Program Files\Alwil Software
2007-11-14
16:19 1,060,864 --a------ C:\WINDOWS\system32\MFC7
1.dll
2007-11-14
16:19 801,144 --a------ C:\WINDOWS\system32\aswBoo
t.exe
2007-11-11 14:22 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\U3
2007-11-11 11:37 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\vlc
2007-11-10
11:41 5,327 --a------ C:\WINDOWS\BricoPackFoldersD
elete.cmd
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-18 23:21 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-11-18 19:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-15 06:55 --------- d-----w C:\Documents and Settings\windows\Application Data\Ahead
2007-11-09 21:40 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-11-09 20:47 --------- d-----w C:\Program Files\Realtek
2007-11-09 16:55 --------- d-----w C:\Program Files\CyberLink
2007-11-09 16:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2007-11-09 16:36 --------- d-----w C:\Program Files\Fichiers communs\LightScribe
2007-11-09 16:34 --------- d-----w C:\Program Files\Nero
2007-11-09 16:23 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-11-09 16:20 --------- d-----w C:\Program Files\Intel
2007-11-09 16:09 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-09 16:08 --------- d-----w C:\Program Files\Services en ligne
2007-11-09 16:07 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
.
((((((((((((((((((((((((((((((((( Point de chargement Reg
)))))))))))))))))))))))))))))))))))))))))))))))))
.
.
- Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7EF64645-1BEF-483F-88B6-30B22D77A3D4}]
C:\WINDOWS\system32\geedd.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E92DC34-9B23-4227-A18C-8E55AE1738D7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AEC46770-2165-479E-8EF2-3B7E8AFAFB31}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DE8EA246-FD5F-41C4-A22D-30268465A2AB}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E9794BFD-23D5-46AB-8118-754330C7F7EF}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curr
entVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"
="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" []
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 23:05]
"Copernic Desktop Search 2"="C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" [2007-08-01 19:26]
"Steam"="C:\Program Files\Steam\Steam.exe" [2007-11-17 00:46]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur
rentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-05 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-04-19 23:05 C:\WINDOWS\system32\nwiz.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 07:49 C:\WINDOWS\RTHDCPL.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-05 13:00 C:\WINDOWS\system32\rundll32.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"1000b085"="C:\WINDOWS\system32\xragxwtq.dll" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-22 19:17]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cu
rrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contr
ol\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\geedd.dll
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3
hSONYPVh;hSONYPVh;\??\C:\DOCUME~1\windows\LOCALS~1
\Temp\hSONYPVh.sys
.
- ***********************************************
- *********************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-11-22 21:29:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
- ***********************************************
- *********************
.
Completion time: 2007-11-22 21:30:01 - machine was rebooted
.
--- E O F ---
Merci beaucoup
Maintenant je fais quoi ?
Je garde quoi et je supprime quoi ?
T´as passé un coup de CCleaner ? Si non, fais-le.
Reposte un rapport HijackThis.
ouai Ccleaner c´est fais !
mais je dois recocher la case pour enlever les trucs de windows de plus de 48h ?
Non, fais un rapport HijackThis.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:48:25, on 22/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and
Settings\windows\Bureau\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {7EF64645-1BEF-483F-88B6-30B22D77A3D4} - C:\WINDOWS\system32\geedd.dll (file missing)
O2 - BHO: (no name) - {8E92DC34-9B23-4227-A18C-8E55AE1738D7} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AEC46770-2165-479E-8EF2-3B7E8AFAFB31} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\2.1.615.5858\sw
g.dll
O2 - BHO: (no name) - {DE8EA246-FD5F-41C4-A22D-30268465A2AB} - (no file)
O2 - BHO: (no name) - {E9794BFD-23D5-46AB-8118-754330C7F7EF} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand201013011.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [1000b085] rundll32.exe "C:\WINDOWS\system32\xragxwtq.dll",b
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run:
[BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ´SERVICE LOCAL´)
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ´SERVICE RÉSEAU´)
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ´SYSTEM´)
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ´Default user´)
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra ´Tools´ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ´Tools´ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -
http://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_2_0_4_9.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 7035 bytes
Encore des infections.
- élécharge clean.zip :
http://www.malekal.com/download/clean.zip.
- Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
- Double-clique sur clean
- Poste ensuite le rapport
- Télécharge clean.zip :
http://www.malekal.com/download/clean.zip
Option 1 excuse.
J´y arrive pas à chaque fois il m´indique une erreur
Error exit delayed from previous errors
A quel moment ?
A chaque fois dans le truc C:/WINDOWS Antivir apparait soi disant qu´il a trouvé un virus et si je clik sur Delete ouautre chose cette fenêtre se ferme et "Error exit delayed from previous errors" apparait dans la fenêtre noire C:/WINDOWS
- Aide à l'achat Mac
- Création de sites web
- Création de Jeux
- Linux
- Programmation
- Internet
- Steam Deck
- Macintosh
- Hardware