Aller au contenu

misterbobo

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    17

  • Inscription

  • Dernière visite

misterbobo's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. misterbobo
    Non depuis l'effacement de drvjoj.dll, je n'ai pu l'icone ni les notification de virusscan. En tout cas merci beaucoup pour le temps passé... Je vais dire à tous mes potes que Bruce Lee n'est pas mort et qu'il est juste planqué derrière un pc à aider les internautes maladroit à se débarasser de leurs vérolles.... Bonne route Bruce !!!
  2. misterbobo
    Ca commence à sentir bon... ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Friday, November 10, 2006 11:07:47 PM Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 10/11/2006 Enregistrements dans la base antivirus Kaspersky : 224426 ------------------------------------------------------------------------------- Paramètres d'analyse: Analyser avec la base antivirus suivante: standard Analyser les archives: vrai Analyser les bases de messagerie: vrai Cible de l'analyse - Poste de travail: A:\ C:\ D:\ E:\ F:\ Statistiques de l'analyse: Total d'objets analysés: 18506 Nombre de virus trouvés: 0 Nombre d'objets infectés: 0 / 0 Nombre d'objets suspects: 0 Durée de l'analyse: 00:28:35 Nom de l'objet infecté / Nom du virus / Dernière action C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd000.log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\OASLogs\OAS.log L'objet est verrouillé ignoré C:\Documents and Settings\Les Favard\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Les Favard\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\Les Favard\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\Les Favard\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Les Favard\Local Settings\Historique\History.IE5\MSHist012006111020061111\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Les Favard\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Les Favard\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\Les Favard\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré F:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré Analyse terminée.
  3. misterbobo
    Logfile of HijackThis v1.99.1 Scan saved at 22:32:53, on 10/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
  4. misterbobo
    ca donne ca : File: drvjoj.dll Status: POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: this file was only flagged as malware by heuristic detection(s). This might be a false positive. Therefore, results of this scan will not be stored in the database) MD5 f466f3e5975b5488606a957b0d1250fb Packers detected: PE_PATCH.PECOMPACT, PECBUNDLE, PECOMPACT Scanner results AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found BACKDOOR.Trojan (probable variant) F-Prot Antivirus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing VirusBuster Found nothing VBA32 Found nothing
  5. misterbobo
    voilà : Logfile of HijackThis v1.99.1 Scan saved at 20:37:32, on 10/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvjoj.dll,startup O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
  6. misterbobo
    A Priori rien de neuf.... [11/10/2006, 19:30:47] - VirtumundoBeGone v1.5 ( "F:\Util\VirtumundoBeGone.exe" ) [11/10/2006, 19:30:52] - Detected System Information: [11/10/2006, 19:30:52] - Windows Version: 5.1.2600, Service Pack 2 [11/10/2006, 19:30:52] - Current Username: Les Favard (Admin) [11/10/2006, 19:30:52] - Windows is in NORMAL mode. [11/10/2006, 19:30:52] - Searching for Browser Helper Objects: [11/10/2006, 19:30:52] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [11/10/2006, 19:30:52] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [11/10/2006, 19:30:52] - BHO 3: {F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2} () [11/10/2006, 19:30:52] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/10/2006, 19:30:52] - Checking for HKLM\...\Winlogon\Notify\ddcyxyv [11/10/2006, 19:30:52] - Found: HKLM\...\Winlogon\Notify\ddcyxyv - This is probably Virtumundo. [11/10/2006, 19:30:52] - Assigning {F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2} MSEvents Object [11/10/2006, 19:30:52] - BHO list has been changed! Starting over... [11/10/2006, 19:30:52] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [11/10/2006, 19:30:52] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [11/10/2006, 19:30:52] - BHO 3: {F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2} (MSEvents Object) [11/10/2006, 19:30:52] - ALERT: Found MSEvents Object! [11/10/2006, 19:30:52] - Finished Searching Browser Helper Objects [11/10/2006, 19:30:52] - *** Detected MSEvents Object [11/10/2006, 19:30:53] - Trying to remove MSEvents Object... [11/10/2006, 19:30:54] - Terminating Process: IEXPLORE.EXE [11/10/2006, 19:30:54] - Terminating Process: RUNDLL32.EXE [11/10/2006, 19:30:54] - Disabling Automatic Shell Restart [11/10/2006, 19:30:54] - Terminating Process: EXPLORER.EXE [11/10/2006, 19:30:54] - Suspending the NT Session Manager System Service [11/10/2006, 19:30:54] - Terminating Windows NT Logon/Logoff Manager [11/10/2006, 19:30:55] - Re-enabling Automatic Shell Restart [11/10/2006, 19:30:55] - File to disable: C:\WINDOWS\system32\ddcyxyv.dll [11/10/2006, 19:30:55] - Renaming C:\WINDOWS\system32\ddcyxyv.dll -> C:\WINDOWS\system32\ddcyxyv.dll.vir [11/10/2006, 19:30:55] - File successfully renamed! [11/10/2006, 19:30:55] - Removing HKLM\...\Browser Helper Objects\{F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2} [11/10/2006, 19:30:55] - Removing HKCR\CLSID\{F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2} [11/10/2006, 19:30:55] - Adding Kill Bit for ActiveX for GUID: {F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2} [11/10/2006, 19:30:55] - Deleting ATLEvents/MSEvents Registry entries [11/10/2006, 19:30:55] - Removing HKLM\...\Winlogon\Notify\ddcyxyv [11/10/2006, 19:30:55] - Searching for Browser Helper Objects: [11/10/2006, 19:30:55] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [11/10/2006, 19:30:55] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [11/10/2006, 19:30:55] - Finished Searching Browser Helper Objects [11/10/2006, 19:30:55] - Finishing up... [11/10/2006, 19:30:55] - A restart is needed. [11/10/2006, 19:30:59] - Attempting to Restart via STOP error (Blue Screen!)
  7. misterbobo
    Oui bizarre d'autant qu'il ne m'a jamais demandé si je voulais nettoyer la base de registre comme tu me l'indiquais sur un des premiers posts Logfile of HijackThis v1.99.1 Scan saved at 19:15:50, on 10/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\OasClnt.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\Rundll32.exe c:\program files\mcafee.com\agent\mcagent.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: (no name) - {F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2} - C:\WINDOWS\system32\ddcyxyv.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvjoj.dll,startup O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O20 - Winlogon Notify: ddcyxyv - C:\WINDOWS\SYSTEM32\ddcyxyv.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfServi
  8. misterbobo
    Désolé mais j'ai toujours fait l'option 2 comme demandé. Je viens de le refaire, pour âtre sur et j'ai eu la même chose. Seule chose à noter Virusscan, détecte des scripts anormaux et me demande si je souhaite laisser faire (oui). SmitFraudFix v2.119 Rapport fait à 18:55:02,48, 10/11/2006 Executé à partir de F:\Util\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés C:\WINDOWS\system32\drvjoj.dll PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Les Favard »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Les Favard\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\LESFAV~1\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="file:///C:/DOCUME~1/LESFAV~1/LOCALS~1/Temp/msohtml1/02/clip_image002.jpg" "SubscribedURL"="file:///C:/DOCUME~1/LESFAV~1/LOCALS~1/Temp/msohtml1/02/clip_image002.jpg" "FriendlyName"="" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin
  9. misterbobo
    Bonjour Bruce, Merci d'être tjs là... SmitFraudFix v2.119 Rapport fait à 17:12:06,41, 10/11/2006 Executé à partir de F:\Util\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés C:\WINDOWS\system32\drvjoj.dll PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Les Favard »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Les Favard\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\LESFAV~1\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="file:///C:/DOCUME~1/LESFAV~1/LOCALS~1/Temp/msohtml1/02/clip_image002.jpg" "SubscribedURL"="file:///C:/DOCUME~1/LESFAV~1/LOCALS~1/Temp/msohtml1/02/clip_image002.jpg" "FriendlyName"="" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin
  10. misterbobo
    Bon nah en fait j'ai encore des alertes sur vundo....et puis l'icone est revenue...........aRGHHHH
  11. misterbobo
    Notes que depuis le redémarrage, j'ai plus l'icone avec le point d'exclam dans la barre des taches, et jusqu'à maintenant plus d'alertes sur la présence d'un trojan vundo...mais la je me méfie parce que tout à l'heure, à peine j'avais posté ça que .... Alors pour le rapport Combofix ça donne ça : Les Favard - 06-11-09 19:39:39,06 Service Pack 2 ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Les Favard\Bureau" Command switches used :: /v ddcyxyv.dll (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\components C:\Program Files\Fichiers communs\{341951E6-0358-1036-0327-000121000021} C:\Program Files\Fichiers communs\{C41951E6-0358-1036-0327-000121000021} ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Folders Quarantined: C:\QooBox\Purity\WINDOWS\APPATC~1 C:\QooBox\Purity\WINDOWS\MANTEC~1 C:\QooBox\Purity\WINDOWS\system32\MBOLS~1 ((((((((((((((((((((((((((((((( Files Created from 2006-10-09 to 2006-11-09 )))))))))))))))))))))))))))))))))) 2006-11-09 19:40 690,913 C:\WINDOWS\system32\sstsp.dll 2006-11-09 16:18 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2006-11-09 15:58 53,248 --a------ C:\WINDOWS\system32\Process.exe 2006-11-09 15:58 40,960 --a------ C:\WINDOWS\system32\swsc.exe 2006-11-09 15:58 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2006-11-09 15:58 135,168 --a------ C:\WINDOWS\system32\swreg.exe 2006-11-09 12:24 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2006-11-08 02:42 40,973 ---hs---- C:\WINDOWS\system32\yayyvut.dll 2006-11-08 02:14 40,973 ---h----- C:\WINDOWS\system32\ddcyxyv.dll 2006-11-08 02:07 9,216 --a------ C:\WINDOWS\system32\MpfApi.dll 2006-11-08 02:07 80,640 --a------ C:\WINDOWS\system32\drivers\MpFirewall.sys 2006-11-08 00:32 572,603 ---hs---- C:\WINDOWS\system32\fihkj.bak1 2006-11-08 00:18 114,464 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys 2006-11-08 00:15 349,760 --a------ C:\WINDOWS\system32\mcinsctl.dll 2006-11-08 00:15 288,320 --a------ C:\WINDOWS\system32\mcgdmgr.dll 2006-11-07 23:55 2 --a------ C:\WINDOWS\system32\wnsapisu.exe 2006-11-07 23:54 59,392 --a------ C:\WINDOWS\system32\drvjoj.dll 2006-11-07 23:54 40,973 ---hs---- C:\WINDOWS\system32\yayayyv.dll 2006-11-07 23:14 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2006-11-07 23:14 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2006-11-07 23:14 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys 2006-11-07 23:14 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys 2006-11-07 23:14 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys 2006-11-07 23:14 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys 2006-11-07 23:14 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys 2006-11-07 23:13 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys 2006-11-07 23:13 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys 2006-11-07 23:13 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2006-11-07 23:13 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2006-11-07 23:13 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys 2006-11-07 23:13 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2006-11-07 23:13 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys 2006-11-07 23:13 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys 2006-11-07 19:43 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2006-11-07 19:42 58,496 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2006-11-07 19:42 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll 2006-11-07 19:42 1,897,408 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys 2006-11-07 19:41 77,312 --a------ C:\WINDOWS\system32\usbui.dll 2006-11-07 19:41 43,008 --a------ C:\WINDOWS\system32\drivers\AMDAGP.SYS 2006-11-07 19:41 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys 2006-11-07 19:39 86,044 --a------ C:\WINDOWS\system32\dgsetup.dll 2006-11-07 19:39 8,704 --a------ C:\WINDOWS\system32\batt.dll 2006-11-07 19:39 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll 2006-11-07 19:39 76,800 --a------ C:\WINDOWS\system32\storprop.dll 2006-11-07 19:39 70,656 --a------ C:\WINDOWS\NOTEPAD.EXE 2006-11-07 19:39 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll 2006-11-07 19:39 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll 2006-11-07 19:39 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll 2006-11-07 19:39 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll 2006-11-07 19:39 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll 2006-11-07 19:39 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll 2006-11-07 19:39 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll 2006-11-07 19:39 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll 2006-11-07 19:39 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll 2006-11-07 19:39 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll 2006-11-07 19:39 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL 2006-11-07 19:39 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll 2006-11-07 19:39 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll 2006-11-07 19:39 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll 2006-11-07 19:39 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll 2006-11-07 19:39 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll 2006-11-07 19:39 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll 2006-11-07 19:39 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll 2006-11-07 19:39 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll 2006-11-07 19:39 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll 2006-11-07 19:39 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll 2006-11-07 19:39 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll 2006-11-07 19:39 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll 2006-11-07 19:39 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll 2006-11-07 19:39 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll 2006-11-07 19:39 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll 2006-11-07 19:39 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll 2006-11-07 19:39 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll 2006-11-07 19:39 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll 2006-11-07 19:39 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll 2006-11-07 19:39 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll 2006-11-07 19:39 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll 2006-11-07 19:39 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll 2006-11-07 19:39 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll 2006-11-07 19:39 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll 2006-11-07 19:39 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll 2006-11-07 19:39 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll 2006-11-07 19:39 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll 2006-11-07 19:39 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll 2006-11-07 19:39 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2006-11-07 19:39 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll 2006-11-07 19:39 15,872 --a------ C:\WINDOWS\TASKMAN.EXE 2006-11-07 19:39 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2006-11-07 19:39 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys 2006-11-07 19:39 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll 2006-11-07 19:37 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2006-11-07 19:31 112,128 --a------ C:\WINDOWS\system32\mapi32.dll 2006-11-07 19:31 0 -rahs---- C:\MSDOS.SYS 2006-11-07 19:31 0 -rahs---- C:\IO.SYS 2006-11-07 19:31 0 --a------ C:\CONFIG.SYS 2006-11-07 19:31 0 --a------ C:\AUTOEXEC.BAT 2006-11-07 19:28 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll 2006-11-07 19:28 72,192 --a------ C:\WINDOWS\system32\acctres.dll 2006-11-07 19:28 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll 2006-11-07 19:28 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll 2006-11-07 19:28 467,224 --a------ C:\WINDOWS\system32\wuapi.dll 2006-11-07 19:28 41,240 --a------ C:\WINDOWS\system32\wups.dll 2006-11-07 19:28 382,464 --a------ C:\WINDOWS\system32\qmgr.dll 2006-11-07 19:28 195,352 --a------ C:\WINDOWS\system32\wuaueng1.dll 2006-11-07 19:28 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2006-11-07 19:28 175,896 --a------ C:\WINDOWS\system32\wuauclt1.exe 2006-11-07 19:28 173,536 --a------ C:\WINDOWS\system32\wuweb.dll 2006-11-07 19:28 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll 2006-11-07 19:28 128,792 --a------ C:\WINDOWS\system32\wucltui.dll 2006-11-07 19:28 125,720 --a------ C:\WINDOWS\system32\wuauclt.exe 2006-11-07 19:28 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll 2006-11-07 19:28 11,264 --a------ C:\WINDOWS\system32\atrace.dll 2006-11-07 19:28 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll 2006-11-07 19:27 86,016 --a------ C:\WINDOWS\system32\isign32.dll 2006-11-07 19:27 81,920 --a------ C:\WINDOWS\system32\ils.dll 2006-11-07 19:27 73,728 --a------ C:\WINDOWS\system32\icwdial.dll 2006-11-07 19:27 73,600 --a------ C:\WINDOWS\system32\drivers\sr.sys 2006-11-07 19:27 69,632 --a------ C:\WINDOWS\system32\msconf.dll 2006-11-07 19:27 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-11-07 19:27 67,584 --a------ C:\WINDOWS\system32\srclient.dll 2006-11-07 19:27 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll 2006-11-07 19:27 50,688 --a------ C:\WINDOWS\system32\inetres.dll 2006-11-07 19:27 45,568 --a------ C:\WINDOWS\system32\safrslv.dll 2006-11-07 19:27 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll 2006-11-07 19:27 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll 2006-11-07 19:27 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll 2006-11-07 19:27 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe 2006-11-07 19:27 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll 2006-11-07 19:27 29,696 --a------ C:\WINDOWS\system32\safrdm.dll 2006-11-07 19:27 282,624 --a------ C:\WINDOWS\system32\inetcfg.dll 2006-11-07 19:27 281,600 --a------ C:\WINDOWS\system32\mstask.dll 2006-11-07 19:27 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll 2006-11-07 19:27 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll 2006-11-07 19:27 241,664 --a------ C:\WINDOWS\system32\srrstr.dll 2006-11-07 19:27 23,040 --a------ C:\WINDOWS\system32\fltmc.exe 2006-11-07 19:27 193,024 --a------ C:\WINDOWS\system32\schedsvc.dll 2006-11-07 19:27 171,008 --a------ C:\WINDOWS\system32\srsvc.dll 2006-11-07 19:27 16,896 --a------ C:\WINDOWS\system32\fltlib.dll 2006-11-07 19:27 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys 2006-11-07 19:27 12,288 --a------ C:\WINDOWS\system32\mstinit.exe 2006-11-07 19:27 105,984 --a------ C:\WINDOWS\system32\msoert2.dll 2006-11-07 19:26 5,632 --a------ C:\WINDOWS\system32\write.exe 2006-11-07 19:25 97,792 --a------ C:\WINDOWS\system32\comrepl.dll 2006-11-07 19:25 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll 2006-11-07 19:25 94,208 --a------ C:\WINDOWS\system32\tscfgwmi.dll 2006-11-07 19:25 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll 2006-11-07 19:25 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll 2006-11-07 19:25 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll 2006-11-07 19:25 80,896 --a------ C:\WINDOWS\system32\charmap.exe 2006-11-07 19:25 73,216 --a------ C:\WINDOWS\system32\avwav.dll 2006-11-07 19:25 67,072 --a------ C:\WINDOWS\system32\rdshost.exe 2006-11-07 19:25 655,360 --a------ C:\WINDOWS\system32\mstscax.dll 2006-11-07 19:25 634,880 --a------ C:\WINDOWS\system32\getuname.dll 2006-11-07 19:25 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll 2006-11-07 19:25 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe 2006-11-07 19:25 61,952 --a------ C:\WINDOWS\system32\remotepg.dll 2006-11-07 19:25 60,416 --a------ C:\WINDOWS\system32\colbact.dll 2006-11-07 19:25 6,144 --a------ C:\WINDOWS\system32\msdtc.exe 2006-11-07 19:25 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll 2006-11-07 19:25 58,880 --a------ C:\WINDOWS\system32\licwmi.dll 2006-11-07 19:25 57,344 --a------ C:\WINDOWS\system32\sol.exe 2006-11-07 19:25 56,320 --a------ C:\WINDOWS\system32\servdeps.dll 2006-11-07 19:25 55,808 --a------ C:\WINDOWS\system32\freecell.exe 2006-11-07 19:25 540,160 --a------ C:\WINDOWS\system32\comuid.dll 2006-11-07 19:25 54,272 --a------ C:\WINDOWS\system32\stclient.dll 2006-11-07 19:25 539,136 --a------ C:\WINDOWS\system32\spider.exe 2006-11-07 19:25 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe 2006-11-07 19:25 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll 2006-11-07 19:25 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe 2006-11-07 19:25 44,544 --a------ C:\WINDOWS\system32\hticons.dll 2006-11-07 19:25 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll 2006-11-07 19:25 411,648 --a------ C:\WINDOWS\system32\mstsc.exe 2006-11-07 19:25 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys 2006-11-07 19:25 4,608 --a------ C:\WINDOWS\system32\rdpcfgex.dll 2006-11-07 19:25 4,096 --a------ C:\WINDOWS\system32\mtxex.dll 2006-11-07 19:25 39,424 --a------ C:\WINDOWS\system32\cfgbkend.dll 2006-11-07 19:25 354,304 --a------ C:\WINDOWS\system32\hypertrm.dll 2006-11-07 19:25 35,840 --a------ C:\WINDOWS\system32\winchat.exe 2006-11-07 19:25 347,648 --a------ C:\WINDOWS\system32\mspaint.exe 2006-11-07 19:25 33,792 --a------ C:\WINDOWS\system32\regini.exe 2006-11-07 19:25 297,984 --a------ C:\WINDOWS\system32\termsrv.dll 2006-11-07 19:25 25,600 --a------ C:\WINDOWS\system32\comaddin.dll 2006-11-07 19:25 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll 2006-11-07 19:25 232,960 --a------ C:\WINDOWS\system32\avtapi.dll 2006-11-07 19:25 225,792 --a------ C:\WINDOWS\system32\catsrv.dll 2006-11-07 19:25 22,528 --a------ C:\WINDOWS\system32\qwinsta.exe 2006-11-07 19:25 22,528 --a------ C:\WINDOWS\system32\msg.exe 2006-11-07 19:25 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys 2006-11-07 19:25 20,992 --a------ C:\WINDOWS\system32\qprocess.exe 2006-11-07 19:25 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll 2006-11-07 19:25 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys 2006-11-07 19:25 191,488 --a------ C:\WINDOWS\system32\cmprops.dll 2006-11-07 19:25 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll 2006-11-07 19:25 189,952 --a------ C:\WINDOWS\system32\accwiz.exe 2006-11-07 19:25 17,920 --a------ C:\WINDOWS\system32\mmfutil.dll 2006-11-07 19:25 17,408 --a------ C:\WINDOWS\system32\tsshutdn.exe 2006-11-07 19:25 17,408 --a------ C:\WINDOWS\system32\qappsrv.exe 2006-11-07 19:25 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll 2006-11-07 19:25 16,896 --a------ C:\WINDOWS\system32\tskill.exe 2006-11-07 19:25 16,384 --a------ C:\WINDOWS\system32\rwinsta.exe 2006-11-07 19:25 16,384 --a------ C:\WINDOWS\system32\avmeter.dll 2006-11-07 19:25 15,872 --a------ C:\WINDOWS\system32\logoff.exe 2006-11-07 19:25 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll 2006-11-07 19:25 15,360 --a------ C:\WINDOWS\system32\tscon.exe 2006-11-07 19:25 15,360 --a------ C:\WINDOWS\system32\shadow.exe 2006-11-07 19:25 147,968 --a------ C:\WINDOWS\system32\rdchost.dll 2006-11-07 19:25 147,456 --a------ C:\WINDOWS\system32\comsnap.dll 2006-11-07 19:25 142,336 --a------ C:\WINDOWS\system32\sessmgr.exe 2006-11-07 19:25 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe 2006-11-07 19:25 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys 2006-11-07 19:25 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe 2006-11-07 19:25 133,120 --a------ C:\WINDOWS\system32\sndrec32.exe 2006-11-07 19:25 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe 2006-11-07 19:25 128,000 --a------ C:\WINDOWS\system32\mshearts.exe 2006-11-07 19:25 124,928 --a------ C:\WINDOWS\system32\mplay32.exe 2006-11-07 19:25 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys 2006-11-07 19:25 119,808 --a------ C:\WINDOWS\system32\winmine.exe 2006-11-07 19:25 115,200 --a------ C:\WINDOWS\system32\calc.exe 2006-11-07 19:25 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll 2006-11-07 19:25 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll 2006-11-07 19:25 11,264 --a------ C:\WINDOWS\system32\icaapi.dll 2006-11-07 19:25 104,448 --a------ C:\WINDOWS\system32\clipbrd.exe 2006-11-07 19:25 10,240 --a------ C:\WINDOWS\system32\reset.exe 2006-11-07 19:25 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll 2006-11-07 19:25 1,263 --a------ C:\WINDOWS\system32\usrlogon.cmd 2006-11-07 19:16 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll 2006-11-07 19:12 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys 2006-11-07 19:12 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll 2006-11-07 19:12 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll 2006-11-07 19:12 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll 2006-11-07 19:12 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2006-11-07 19:12 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys 2006-11-07 19:12 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2006-11-07 19:12 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll 2006-11-07 19:06 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-11-09 19:40 -------- d-------- C:\Program Files\Fichiers communs 2006-11-09 17:44 -------- d-------- C:\Documents and Settings\Les Favard\Application Data\Macromedia 2006-11-09 17:13 -------- d---s---- C:\Documents and Settings\Les Favard\Application Data\Microsoft 2006-11-09 17:09 -------- d-------- C:\Program Files\Hijackthis 2006-11-09 12:12 -------- d-------- C:\Program Files\Internet Explorer 2006-11-09 12:08 -------- d-------- C:\Documents and Settings\Les Favard\Application Data\Sun 2006-11-09 12:07 -------- d-------- C:\Program Files\Java 2006-11-09 12:05 -------- d-------- C:\Program Files\Fichiers communs\Java 2006-11-09 11:55 -------- d-------- C:\Program Files\VSAdd-in 2006-11-09 10:33 -------- d-------- C:\Program Files\Grisoft 2006-11-08 17:58 -------- d-------- C:\Documents and Settings\Les Favard\Application Data\AdobeUM 2006-11-08 02:12 -------- d-------- C:\Program Files\Fichiers communs\Adobe 2006-11-08 02:10 -------- d-------- C:\Documents and Settings\Les Favard\Application Data\McAfee.com Personal Firewall 2006-11-08 02:07 -------- d-------- C:\Program Files\McAfee.com 2006-11-08 01:40 -------- d-------- C:\Documents and Settings\Les Favard\Application Data\Adobe 2006-11-08 01:12 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-11-08 01:12 -------- d-------- C:\Program Files\Fichiers communs\InstallShield 2006-11-08 01:12 -------- d-------- C:\Program Files\CyberLink 2006-11-08 01:07 -------- d-------- C:\Program Files\Lavasoft 2006-11-08 00:32 -------- d-------- C:\Documents and Settings\Les Favard\Application Data\SearchToolbarCorp 2006-11-07 23:37 -------- d-------- C:\Program Files\DivX 2006-11-07 23:13 -------- d-------- C:\Program Files\Creative 2006-11-07 20:02 -------- d-------- C:\Program Files\Windows Media Player 2006-11-07 20:02 -------- d-------- C:\Program Files\Messenger 2006-11-07 19:58 -------- d-------- C:\Program Files\Outlook Express 2006-11-07 19:58 -------- d-------- C:\Program Files\Fichiers communs\System 2006-11-07 19:49 -------- d-------- C:\Program Files\Microsoft Office 2006-11-07 19:49 -------- d-------- C:\Program Files\Fichiers communs\Microsoft Shared 2006-11-07 19:49 -------- d-------- C:\Program Files\Fichiers communs\Designer 2006-11-07 19:44 -------- d--h----- C:\Program Files\Uninstall Information 2006-11-07 19:44 -------- d-------- C:\Documents and Settings\Les Favard\Application Data\Identities 2006-11-07 19:39 62 --ahs---- C:\Documents and Settings\Les Favard\Application Data\desktop.ini 2006-11-07 19:39 -------- d-------- C:\Program Files\Fichiers communs\SpeechEngines 2006-11-07 19:39 -------- d-------- C:\Program Files\Fichiers communs\ODBC 2006-11-07 19:32 -------- d-------- C:\Program Files\xerox 2006-11-07 19:32 -------- d-------- C:\Program Files\microsoft frontpage 2006-11-07 19:29 -------- d--h----- C:\Program Files\WindowsUpdate 2006-11-07 19:29 -------- d-------- C:\Program Files\Services en ligne 2006-11-07 19:28 -------- d-------- C:\Program Files\NetMeeting 2006-11-07 19:28 -------- d-------- C:\Program Files\Movie Maker 2006-11-07 19:28 -------- d-------- C:\Program Files\Fichiers communs\Services 2006-11-07 19:28 -------- d-------- C:\Program Files\Fichiers communs\MSSoap 2006-11-07 19:27 -------- d-------- C:\Documents and Settings\Les Favard\Application Data\Real 2006-11-07 19:26 -------- d-------- C:\Program Files\MSN Gaming Zone 2006-11-07 19:26 -------- d-------- C:\Program Files\ComPlus Applications 2006-11-07 19:25 -------- d-------- C:\Program Files\Windows NT 2006-11-07 19:25 -------- d-------- C:\Program Files\MSN 2006-11-07 19:24 -------- d-------- C:\Program Files\Fichiers communs\xing shared 2006-11-07 19:24 -------- d-------- C:\Program Files\Fichiers communs\Real 2006-11-07 19:23 -------- d-------- C:\Program Files\Real 2006-11-07 19:18 -------- d-------- C:\Program Files\Adobe 2006-11-07 19:12 -------- d-------- C:\Program Files\Fichiers communs\Ahead 2006-11-07 19:12 -------- d-------- C:\Program Files\Ahead 2006-11-07 19:07 -------- d-------- C:\Program Files\WinZip 2006-09-13 06:03 1084416 --a------ C:\WINDOWS\system32\msxml3.dll 2006-08-25 16:51 617472 --a------ C:\WINDOWS\system32\comctl32.dll 2006-08-16 12:59 100352 --a------ C:\WINDOWS\system32\6to4svc.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "TkBellExe"="C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe -osboot" "P17Helper"="Rundll32 P17.dll,P17Helper" "CTDrive"="rundll32.exe C:\\WINDOWS\\system32\\drvjoj.dll,startup" "VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask" "VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe" "OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe" "MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe" "MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe" "MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="file:///C:/DOCUME~1/LESFAV~1/LOCALS~1/Temp/msohtml1/02/clip_image002.jpg" "SubscribedURL"="file:///C:/DOCUME~1/LESFAV~1/LOCALS~1/Temp/msohtml1/02/clip_image002.jpg" "FriendlyName"="" "Flags"=dword:00002001 "Position"=hex:2c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,e8,\ 03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=dword:40000001 "OriginalStateInfo"=hex:18,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,01,00,00,00 "RestoredStateInfo"=hex:dc,ff,15,02,a8,9a,83,7c,40,9a,80,7c,ff,ff,ff,ff,36,9a,\ 80,7c,36,9a,80,7c [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,aa,00,00,00,00,00,00,00,56,03,00,00,e2,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=dword:40000004 "OriginalStateInfo"=hex:18,00,00,00,55,00,00,00,00,00,00,00,ab,03,00,00,e2,02,\ 00,00,04,00,00,40 "RestoredStateInfo"=hex:18,00,00,00,55,00,00,00,00,00,00,00,ab,03,00,00,e2,02,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyxyv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Completion time: 06-11-09 19:41:22.83 C:\ComboFix.txt ... 06-11-09 19:41 ---------------------------------------------------------------------------- Et pour smitfraudfix : SmitFraudFix v2.119 Rapport fait à 19:44:55,15, 09/11/2006 Executé à partir de F:\Util\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés C:\WINDOWS\system32\drvjoj.dll PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Les Favard »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Les Favard\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\LESFAV~1\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="file:///C:/DOCUME~1/LESFAV~1/LOCALS~1/Temp/msohtml1/02/clip_image002.jpg" "SubscribedURL"="file:///C:/DOCUME~1/LESFAV~1/LOCALS~1/Temp/msohtml1/02/clip_image002.jpg" "FriendlyName"="" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin
  12. misterbobo
    En fait oublie le petit 2, j'ai encore des alertes....je suis encore infecté...a voir si cela à un rapport avec les fichiers que je n'ai pu effacer
  13. misterbobo
    2 choses avant les rapport : 1-lors de la procédure je n'ai pas pu supprimer les fichiers en gras, ddcyxyv.dll.vir (le .vir étant je pense de trop), n'a pu etre supprimé (cause fichier système), et eumjzid.dll était introuvable. 2-je n'ai plus d'alerte virusscan depuis le redémarrage, mais j'ai toujours une icône (point d'exclam jaune sur rond rouge) dans la barre des taches --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 17:04:29 09/11/2006 + Résultat de l'analyse: C:\Documents and Settings\Les Favard\Cookies\les favard@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé. C:\Documents and Settings\Les Favard\Cookies\les favard@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé. C:\Documents and Settings\Les Favard\Cookies\les favard@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé. C:\Documents and Settings\Les Favard\Cookies\les [email protected][1].txt -> TrackingCookie.Webtrendslive : Nettoyé. Fin du rapport ----------------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 17:09:11, on 09/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: (no name) - {F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2} - C:\WINDOWS\system32\ddcyxyv.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvjoj.dll,startup O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O20 - Winlogon Notify: ddcyxyv - C:\WINDOWS\SYSTEM32\ddcyxyv.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe ---------------------------------------------------------------------------------- SmitFraudFix v2.119 Rapport fait à 16:31:57,43, 09/11/2006 Executé à partir de F:\Util\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés C:\WINDOWS\system32\drvjoj.dll PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Les Favard »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Les Favard\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\LESFAV~1\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files C:\Program Files\VirusBursters\ PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin
  14. misterbobo
    OK SmitFraudFix v2.119 Rapport fait à 15:58:55,84, 09/11/2006 Executé à partir de F:\Util\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\drvjoj.dll PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Les Favard »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Les Favard\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\LESFAV~1\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files C:\Program Files\VirusBursters\ PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin
  15. misterbobo
    Alors ca nous donne : [11/09/2006, 13:59:43] - VirtumundoBeGone v1.5 ( "F:\Util\VirtumundoBeGone.exe" ) [11/09/2006, 13:59:52] - Detected System Information: [11/09/2006, 13:59:52] - Windows Version: 5.1.2600, Service Pack 2 [11/09/2006, 13:59:52] - Current Username: Les Favard (Admin) [11/09/2006, 13:59:52] - Windows is in NORMAL mode. [11/09/2006, 13:59:52] - Searching for Browser Helper Objects: [11/09/2006, 13:59:52] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [11/09/2006, 13:59:52] - BHO 2: {39f25b12-74ff-4079-a51f-1d70f5b08b84} () [11/09/2006, 13:59:52] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/09/2006, 13:59:52] - Checking for HKLM\...\Winlogon\Notify\ixt0 [11/09/2006, 13:59:52] - Key not found: HKLM\...\Winlogon\Notify\ixt0, continuing. [11/09/2006, 13:59:52] - BHO 3: {6643319F-EF24-9081-FC36-0A01DF56A2BC} () [11/09/2006, 13:59:52] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/09/2006, 13:59:52] - Checking for HKLM\...\Winlogon\Notify\chgsnve [11/09/2006, 13:59:52] - Key not found: HKLM\...\Winlogon\Notify\chgsnve, continuing. [11/09/2006, 13:59:52] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [11/09/2006, 13:59:52] - BHO 5: {A920B4C7-E9E6-4282-9F58-1B7041F9C200} () [11/09/2006, 13:59:52] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/09/2006, 13:59:52] - Checking for HKLM\...\Winlogon\Notify\jkhif [11/09/2006, 13:59:52] - Key not found: HKLM\...\Winlogon\Notify\jkhif, continuing. [11/09/2006, 13:59:52] - BHO 6: {F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2} () [11/09/2006, 13:59:52] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/09/2006, 13:59:52] - Checking for HKLM\...\Winlogon\Notify\ddcyxyv [11/09/2006, 13:59:52] - Found: HKLM\...\Winlogon\Notify\ddcyxyv - This is probably Virtumundo. [11/09/2006, 13:59:52] - Assigning {F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2} MSEvents Object [11/09/2006, 13:59:52] - BHO list has been changed! Starting over... [11/09/2006, 13:59:52] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [11/09/2006, 13:59:52] - BHO 2: {39f25b12-74ff-4079-a51f-1d70f5b08b84} () [11/09/2006, 13:59:52] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/09/2006, 13:59:52] - Checking for HKLM\...\Winlogon\Notify\ixt0 [11/09/2006, 13:59:52] - Key not found: HKLM\...\Winlogon\Notify\ixt0, continuing. [11/09/2006, 13:59:52] - BHO 3: {6643319F-EF24-9081-FC36-0A01DF56A2BC} () [11/09/2006, 13:59:52] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/09/2006, 13:59:52] - Checking for HKLM\...\Winlogon\Notify\chgsnve [11/09/2006, 13:59:52] - Key not found: HKLM\...\Winlogon\Notify\chgsnve, continuing. [11/09/2006, 13:59:52] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [11/09/2006, 13:59:52] - BHO 5: {A920B4C7-E9E6-4282-9F58-1B7041F9C200} () [11/09/2006, 13:59:52] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/09/2006, 13:59:52] - Checking for HKLM\...\Winlogon\Notify\jkhif [11/09/2006, 13:59:52] - Key not found: HKLM\...\Winlogon\Notify\jkhif, continuing. [11/09/2006, 13:59:52] - BHO 6: {F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2} (MSEvents Object) [11/09/2006, 13:59:52] - ALERT: Found MSEvents Object! [11/09/2006, 13:59:52] - Finished Searching Browser Helper Objects [11/09/2006, 13:59:52] - *** Detected MSEvents Object [11/09/2006, 13:59:52] - Trying to remove MSEvents Object... [11/09/2006, 13:59:53] - Terminating Process: IEXPLORE.EXE [11/09/2006, 13:59:53] - Terminating Process: RUNDLL32.EXE [11/09/2006, 13:59:53] - Disabling Automatic Shell Restart [11/09/2006, 13:59:53] - Terminating Process: EXPLORER.EXE [11/09/2006, 13:59:53] - Suspending the NT Session Manager System Service [11/09/2006, 13:59:53] - Terminating Windows NT Logon/Logoff Manager [11/09/2006, 13:59:53] - Re-enabling Automatic Shell Restart [11/09/2006, 13:59:53] - File to disable: C:\WINDOWS\system32\ddcyxyv.dll [11/09/2006, 13:59:53] - Renaming C:\WINDOWS\system32\ddcyxyv.dll -> C:\WINDOWS\system32\ddcyxyv.dll.vir [11/09/2006, 13:59:53] - ! File rename was unsucessful. [11/09/2006, 13:59:53] - Attempting to Deny Access to C:\WINDOWS\system32\ddcyxyv.dll [11/09/2006, 13:59:54] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work. [11/09/2006, 13:59:54] - ERROR: Le mappage entre les noms de compte et les ID de sécurité n'a pas été effectué. [11/09/2006, 13:59:54] - *** IMPORTANT: The file is disabled and will need to be deleted by the user. [11/09/2006, 13:59:54] - Removing HKLM\...\Browser Helper Objects\{F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2} [11/09/2006, 13:59:54] - Removing HKCR\CLSID\{F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2} [11/09/2006, 13:59:54] - Adding Kill Bit for ActiveX for GUID: {F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2} [11/09/2006, 13:59:54] - Deleting ATLEvents/MSEvents Registry entries [11/09/2006, 13:59:54] - Removing HKLM\...\Winlogon\Notify\ddcyxyv [11/09/2006, 13:59:54] - Searching for Browser Helper Objects: [11/09/2006, 13:59:54] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [11/09/2006, 13:59:54] - BHO 2: {39f25b12-74ff-4079-a51f-1d70f5b08b84} () [11/09/2006, 13:59:54] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/09/2006, 13:59:54] - Checking for HKLM\...\Winlogon\Notify\ixt0 [11/09/2006, 13:59:54] - Key not found: HKLM\...\Winlogon\Notify\ixt0, continuing. [11/09/2006, 13:59:54] - BHO 3: {6643319F-EF24-9081-FC36-0A01DF56A2BC} () [11/09/2006, 13:59:54] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/09/2006, 13:59:54] - Checking for HKLM\...\Winlogon\Notify\chgsnve [11/09/2006, 13:59:54] - Key not found: HKLM\...\Winlogon\Notify\chgsnve, continuing. [11/09/2006, 13:59:54] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [11/09/2006, 13:59:54] - BHO 5: {A920B4C7-E9E6-4282-9F58-1B7041F9C200} () [11/09/2006, 13:59:54] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/09/2006, 13:59:54] - Checking for HKLM\...\Winlogon\Notify\jkhif [11/09/2006, 13:59:54] - Key not found: HKLM\...\Winlogon\Notify\jkhif, continuing. [11/09/2006, 13:59:54] - BHO 6: {F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2} () [11/09/2006, 13:59:54] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/09/2006, 13:59:54] - No filename found. Continuing. [11/09/2006, 13:59:54] - Finished Searching Browser Helper Objects [11/09/2006, 13:59:54] - Finishing up... [11/09/2006, 13:59:54] - A restart is needed. [11/09/2006, 14:00:04] - Attempting to Restart via STOP error (Blue Screen!) Et pour HiJackthis : Logfile of HijackThis v1.99.1 Scan saved at 14:05:08, on 09/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\system32\ixt0.dll (file missing) O2 - BHO: (no name) - {6643319F-EF24-9081-FC36-0A01DF56A2BC} - C:\WINDOWS\system32\chgsnve.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: (no name) - {A920B4C7-E9E6-4282-9F58-1B7041F9C200} - C:\WINDOWS\system32\jkhif.dll (file missing) O2 - BHO: (no name) - {F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2} - C:\WINDOWS\system32\ddcyxyv.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvjoj.dll,startup O4 - HKLM\..\Run: [eumjzid.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\eumjzid.dll,lryztjd O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O20 - Winlogon Notify: ddcyxyv - C:\WINDOWS\SYSTEM32\ddcyxyv.dll O20 - Winlogon Notify: winhwc32 - winhwc32.dll (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe Merci encore !!!
×
×
  • Créer...