Votre question

plus d'îcone sur le bureau au démarrage

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
16 Décembre 2008 18:22:24

Bonsoir

Je n'ai plus d'icône sur le bureau principal. Dès que j'arrive sur le bureau principal j'ai juste le temps d'ouvrir internet avant que les îcones disparais et parfois ça réapparait et aussi le parre-feu qui se désactive tous seul. Je doit être infecté par un spyware.

merci de votre aide :hello: 

Autres pages sur : icone bureau demarrage

16 Décembre 2008 18:27:00

bonjour

fais ceci:

http://www.trendsecure.com/portal/fr/_download/HJTInsta...

Télécharge HiJackThis de Merijn sur ton bureau.
- Renomme le fichier HiJackThis.exe en Scanner.exe pour cela, fais un clic droit sur le fichier HiJackThis.exe et choisis renommer dans la liste
- Tape Scanner.exe et Appuye sur la touche Entrée.
- Génère un rapport en suivant ces indications :
- Double-clic sur Scanner.exe
- Exécute le et clique sur Do a scan and save log file.
- Le rapport s'ouvre sur le Bloc-Note
- Colle le rapport ici, pour cela :
- Menu Edition / Selectionner Tout
- Menu Edition / copier
- Ici dans un nouveau message : clic droit / coller


16 Décembre 2008 18:39:05

Bonsoir, voila le rapport :



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:38:53, on 16.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Mirar - {8610962A-EDE8-4A17-979B-23030F8EEDEA} - (no file)
O3 - Toolbar: Mirar - {C5675530-4D1C-42A8-84BE-221DAE71B86C} - C:\WINDOWS\system32\winae77.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 6295 bytes
Contenus similaires
16 Décembre 2008 21:24:37

Bonsoir
poste pour suivre

jess2, merci de ne plus prendre de sujets, on doit suivre tout ce que tu fais et vu au ryhtme où tu postes, ça devient compliqué.
Tu peux me mp si tu veux et je t'expliquerais plus longuement.. :) 
17 Décembre 2008 13:10:13

non mais tkt je n prend plus de poste la je fini deja cela ou j'ai posté un message
17 Décembre 2008 18:13:10

Bonsoir,
désolé de vous déranger dans votre discusion :p 

voila le rapport de Malwarebytes :


Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1507
Windows 5.1.2600 Service Pack 3

17.12.2008 12:42:56
mbam-log-2008-12-17 (12-42-56).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 136904
Temps écoulé: 2 hour(s), 49 minute(s), 59 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 11
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 15

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{c5675530-4d1c-42a8-84be-221dae71b86c} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5675530-4d1c-42a8-84be-221dae71b86c} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5675531-4d1c-42a8-84be-221dae71b86c} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5675531-4d1c-42a8-84be-221dae71b86c} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5675531-4d1c-42a8-84be-221dae71b86c} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{c5675530-4d1c-42a8-84be-221dae71b86c} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{c5675530-4d1c-42a8-84be-221dae71b86c} (Adware.Mirar) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{70C219BC-5150-4D9F-83CC-3D65BD28289F}\RP399\A0724327.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70C219BC-5150-4D9F-83CC-3D65BD28289F}\RP399\A0724328.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70C219BC-5150-4D9F-83CC-3D65BD28289F}\RP402\A0726736.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70C219BC-5150-4D9F-83CC-3D65BD28289F}\RP403\A0727754.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70C219BC-5150-4D9F-83CC-3D65BD28289F}\RP403\A0727755.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70C219BC-5150-4D9F-83CC-3D65BD28289F}\RP403\A0727756.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBtRlJA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJYPiig.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJArolI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJCspoP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winae77.dll (Adware.Mirar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayATLdC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSShrxr.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSoiqt.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSrtql.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
17 Décembre 2008 18:41:49

ok
respote un log hijackthis
17 Décembre 2008 19:19:44

Re bonsoir

voila le nouveau rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:19:42, on 17.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Mirar - {8610962A-EDE8-4A17-979B-23030F8EEDEA} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 7235 bytes
17 Décembre 2008 19:41:58

tu as 2 antivirus vire avg7

fais ceci:

-- Télécharge http://siri.urz.free.fr/Fix/SmitfraudFix.zip SmitfraudFix de S!Ri, balltrap34 et moe31 - mirroir http://72.232.135.12/siri/SmitfraudFix.php
(Si tu as Norton Antivirus ou NOD32, désactive le)
-- Fais un clic droit puis Extraire tout sur le fichier SmitfraudFix.zip, cela va tout décompresser dans un nouveau dossier SmitFraudfix
-- Ouvre le dossier SmitfraudFix double clic sur SmitfraudFix.cmd (le .cmd peut ne pas être présent)
-- Choisis l'option 1 et appuie sur Entrée
-- Réponds o (Oui) aux deux questions suivantes si elles sont posées
-- Un rapport sera généré sauvegarde le dans un dossier
-- Copie/colle le contenu du rapport ici
18 Décembre 2008 19:13:27

Bonsoir

je n'ai plus avg7 depuis longtemps.

SmitFraudFix v2.387

Rapport fait à 19:05:28.42, 18.12.2008
Executé à partir de C:\Documents and Settings\Marcel\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\a.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Marcel


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Marcel\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Marcel\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/100 M Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{DB437D74-4B90-4299-A950-2680CFFC0FE8}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DB437D74-4B90-4299-A950-2680CFFC0FE8}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{DB437D74-4B90-4299-A950-2680CFFC0FE8}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin



18 Décembre 2008 19:31:46

ok

lance le nettoyage
18 Décembre 2008 21:00:41

Bonsoir

voila le rapport du nettoyage :


SmitFraudFix v2.387

Rapport fait à 20:49:08.34, 18.12.2008
Executé à partir de C:\Documents and Settings\Marcel\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\system32\a.exe supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{DB437D74-4B90-4299-A950-2680CFFC0FE8}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DB437D74-4B90-4299-A950-2680CFFC0FE8}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{DB437D74-4B90-4299-A950-2680CFFC0FE8}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

19 Décembre 2008 05:44:42

ok

reposte un hijackthis
19 Décembre 2008 18:48:38

Bonsoir

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:48:30, on 19.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Mirar - {8610962A-EDE8-4A17-979B-23030F8EEDEA} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [juwinusaji] Rundll32.exe "C:\WINDOWS\system32\memovovo.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 7112 bytes
21 Décembre 2008 13:01:39

Bonjour

voila le rapport de TrojanRemover :


***** THE SYSTEM HAS BEEN RESTARTED *****
20.12.2008 22:50:04: Trojan Remover has been restarted
The AppInitDLLs Registry entry has been reset
\systemroot\system32\drivers\TDSSmqlt.sys has been deleted (if it existed)
=======================================================
Removing the following registry keys:
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys - Ownership taken
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys - already removed (or did not exist)
=======================================================
=======================================================
Deleting the following registry value(s):
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[juwinusaji] - already deleted
=======================================================
The Windows Update service should now be enabled
Trojan Remover forced a System Restart by terminating WINLOGON.EXE.
The Cleanup Utility was used to remove locked registry keys.
Unable to rename C:\WINDOWS\system32\kukolare.dll to C:\WINDOWS\system32\kukolare.dll.vir
(C:\WINDOWS\system32\kukolare.dll does not appear to exist)
Unable to rename C:\WINDOWS\system32\drivers\TDSSmqlt.sys to C:\WINDOWS\system32\drivers\TDSSmqlt.sys.vir
(C:\WINDOWS\system32\drivers\TDSSmqlt.sys does not appear to exist)
20.12.2008 22:50:04: Trojan Remover closed
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.5.2555. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 21:58:50 20 déc. 2008
Using Database v7235
Operating System: Windows XP SP3 [Windows XP Home Edition Service Pack 3 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Marcel\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Marcel\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************

************************************************************
21:58:50: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************************
21:58:50: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************************
21:58:50: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
21:58:51: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037824 bytes
Created: 19.08.2004
Modified: 14.04.2008
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created: 19.08.2004
Modified: 14.04.2008
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 19.08.2004
Modified: 14.04.2008
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: ccApp
Value Data: "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
66656 bytes
Created: 31.03.2004
Modified: 31.03.2004
Company: Symantec Corporation
--------------------
Value Name: vptray
Value Data: C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
124152 bytes
Created: 03.08.2004
Modified: 03.08.2004
Company: Symantec Corporation
--------------------
Value Name: PCSuiteTrayApplication
Value Data: "C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" -startup
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
229376 bytes
Created: 15.06.2006
Modified: 15.06.2006
Company: Nokia
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre6\bin\jusched.exe"
C:\Program Files\Java\jre6\bin\jusched.exe
136600 bytes
Created: 18.12.2008
Modified: 18.12.2008
Company: Sun Microsystems, Inc.
--------------------
Value Name: WinampAgent
Value Data: "C:\Program Files\Winamp\winampa.exe"
C:\Program Files\Winamp\winampa.exe
36352 bytes
Created: 04.08.2008
Modified: 04.08.2008
Company: [no info]
--------------------
Value Name: QuickTime Task
Value Data: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
C:\Program Files\QuickTime\QTTask.exe
413696 bytes
Created: 04.11.2008
Modified: 04.11.2008
Company: Apple Inc.
--------------------
Value Name: juwinusaji
Value Data: Rundll32.exe "C:\WINDOWS\system32\kukolare.dll",s
C:\WINDOWS\system32\kukolare.dll - has a *known* Malware filename: TROJAN.VIRTUMONDE (HEURISTIC DETECTION)
C:\WINDOWS\system32\kukolare.dll - unable to take ownership/change permissions
C:\WINDOWS\system32\kukolare.dll - this reference has been removed
C:\WINDOWS\system32\kukolare.dll - marked for renaming when the PC is restarted (if it exists)
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1230728 bytes
Created: 20.12.2008
Modified: 10.12.2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Value Name: Malwarebytes Anti-Malware (reboot)
Value Data: "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
1265296 bytes
Created: 13.04.2008
Modified: 03.12.2008
Company: Malwarebytes Corporation
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 19.08.2004
Modified: 14.04.2008
Company: Microsoft Corporation
--------------------
Value Name: PcSync
Value Data: "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
1449984 bytes
Created: 27.06.2006
Modified: 27.06.2006
Company: Time Information Services Ltd.
--------------------
Value Name: Pando
Value Data: "C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized
C:\Program Files\Pando Networks\Pando\pando.exe
6210888 bytes
Created: 02.06.2008
Modified: 02.06.2008
Company: Pando Networks
--------------------
Value Name:
Value Data:
Blank entry: []
--------------------
Value Name: MSMSGS
Value Data: "C:\Program Files\Messenger\msmsgs.exe" /background
C:\Program Files\Messenger\msmsgs.exe
1695232 bytes
Created: 15.09.2006
Modified: 14.04.2008
Company: Microsoft Corporation
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty

************************************************************
21:59:51: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}
Value: Microsoft AntiMalware ShellExecuteHook
File: C:\PROGRA~1\WINDOW~4\MpShHook.dll
C:\PROGRA~1\WINDOW~4\MpShHook.dll
83224 bytes
Created: 03.11.2006
Modified: 03.11.2006
Company: Microsoft Corporation
----------

************************************************************
21:59:51: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
21:59:51: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\system32\logon.scr
C:\WINDOWS\system32\logon.scr
221696 bytes
Created: 19.08.2004
Modified: 14.04.2008
Company: Microsoft Corporation
--------------------

************************************************************
21:59:51: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
C:\WINDOWS\INF\wmp11.inf
2441 bytes
Created: 03.11.2006
Modified: 03.11.2006
Company: [no info]
----------

************************************************************
21:59:52: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------

************************************************************
21:59:53: Scanning ----- SERVICES REGISTRY KEYS -----
Key: Ad-Watch Connect Filter
ImagePath: \??\C:\WINDOWS\system32\drivers\NSDriver.sys
C:\WINDOWS\system32\drivers\NSDriver.sys [file not found to scan]
----------
Key: Ad-Watch Real-Time Scanner
ImagePath: \??\C:\WINDOWS\system32\drivers\AWRTPD.sys
C:\WINDOWS\system32\drivers\AWRTPD.sys [file not found to scan]
----------
Key: Ad-Watch Registry Filter
ImagePath: \??\C:\WINDOWS\system32\drivers\AWRTRD.sys
C:\WINDOWS\system32\drivers\AWRTRD.sys [file not found to scan]
----------
Key: Apple Mobile Device
ImagePath: "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
132424 bytes
Created: 07.11.2008
Modified: 07.11.2008
Company: Apple Inc.
----------
Key: CaCCProvSP
ImagePath: "C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe"
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe [file not found to scan]
----------
Key: catchme
ImagePath: \??\C:\DOCUME~1\Marcel\LOCALS~1\Temp\catchme.sys - this file is globally excluded
----------
Key: ccEvtMgr
ImagePath: "C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
255072 bytes
Created: 31.03.2004
Modified: 31.03.2004
Company: Symantec Corporation
----------
Key: ccPwdSvc
ImagePath: "C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe"
C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
87136 bytes
Created: 31.03.2004
Modified: 31.03.2004
Company: Symantec Corporation
----------
Key: ccSetMgr
ImagePath: "C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe"
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
242784 bytes
Created: 31.03.2004
Modified: 31.03.2004
Company: Symantec Corporation
----------
Key: ctsfm2k
ImagePath: system32\DRIVERS\ctsfm2k.sys
C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
130192 bytes
Created: 15.09.2006
Modified: 22.09.2003
Company: Creative Technology Ltd
----------
Key: DefWatch
ImagePath: "C:\Program Files\Symantec AntiVirus\DefWatch.exe"
C:\Program Files\Symantec AntiVirus\DefWatch.exe
29952 bytes
Created: 03.08.2004
Modified: 03.08.2004
Company: Symantec Corporation
----------
Key: eeCtrl
ImagePath: \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys
C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys
385072 bytes
Created: 15.04.2008
Modified: 15.04.2008
Company: Symantec Corporation
----------
Key: iIvc
ImagePath: system32\drivers\bnlqj.sys
C:\WINDOWS\system32\drivers\bnlqj.sys
61440 bytes
Created: 20.12.2008
Modified: 20.12.2008
Company: [no info]
----------
Key: JavaQuickStarterService
ImagePath: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
C:\Program Files\Java\jre6\bin\jqs.exe
152984 bytes
Created: 18.12.2008
Modified: 18.12.2008
Company: Sun Microsystems, Inc.
----------
Key: NAVENG
ImagePath: \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20081209.003\naveng.sys
C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20081209.003\naveng.sys
89104 bytes
Created: 09.12.2008
Modified: 09.12.2008
Company: Symantec Corporation
----------
Key: NAVEX15
ImagePath: \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20081209.003\navex15.sys
C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20081209.003\navex15.sys
876112 bytes
Created: 09.12.2008
Modified: 09.12.2008
Company: Symantec Corporation
----------
Key: Nokia USB Generic
ImagePath: system32\drivers\nmwcdc.sys
C:\WINDOWS\system32\drivers\nmwcdc.sys
8704 bytes
Created: 30.06.2007
Modified: 29.05.2006
Company: Nokia
----------
Key: Nokia USB Modem
ImagePath: system32\drivers\nmwcdcm.sys
C:\WINDOWS\system32\drivers\nmwcdcm.sys
13312 bytes
Created: 30.06.2007
Modified: 29.05.2006
Company: Nokia
----------
Key: Nokia USB Phone Parent
ImagePath: system32\drivers\nmwcd.sys
C:\WINDOWS\system32\drivers\nmwcd.sys
127488 bytes
Created: 30.06.2007
Modified: 29.05.2006
Company: Nokia
----------
Key: Nokia USB Port
ImagePath: system32\drivers\nmwcdcj.sys
C:\WINDOWS\system32\drivers\nmwcdcj.sys
13312 bytes
Created: 30.06.2007
Modified: 29.05.2006
Company: Nokia
----------
Key: ossrv
ImagePath: system32\DRIVERS\ctoss2k.sys
C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
178672 bytes
Created: 15.09.2006
Modified: 22.09.2003
Company: Creative Technology Ltd.
----------
Key: P16X
ImagePath: system32\drivers\P16X.sys
C:\WINDOWS\system32\drivers\P16X.sys
1330048 bytes
Created: 15.09.2006
Modified: 22.09.2003
Company: Creative Technology Ltd.
----------
Key: pcouffin
ImagePath: System32\Drivers\pcouffin.sys
C:\WINDOWS\System32\Drivers\pcouffin.sys
47360 bytes
Created: 05.12.2008
Modified: 05.12.2008
Company: VSO Software
----------
Key: PfModNT
ImagePath: \??\C:\WINDOWS\system32\drivers\PfModNT.sys
C:\WINDOWS\system32\drivers\PfModNT.sys
15840 bytes
Created: 15.09.2006
Modified: 05.03.2003
Company: Creative Technology Ltd.
----------
Key: SavRoam
ImagePath: "C:\Program Files\Symantec AntiVirus\SavRoam.exe"
C:\Program Files\Symantec AntiVirus\SavRoam.exe
169192 bytes
Created: 31.03.2004
Modified: 31.03.2004
Company: symantec
----------
Key: SAVRT
ImagePath: \??\C:\Program Files\Symantec AntiVirus\savrt.sys
C:\Program Files\Symantec AntiVirus\savrt.sys
-R- 301200 bytes
Created: 09.02.2004
Modified: 09.02.2004
Company: Symantec Corporation
----------
Key: SAVRTPEL
ImagePath: \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys
C:\Program Files\Symantec AntiVirus\Savrtpel.sys
-R- 37008 bytes
Created: 09.02.2004
Modified: 09.02.2004
Company: Symantec Corporation
----------
Key: ServiceLayer
ImagePath: "C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe"
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
174080 bytes
Created: 05.06.2006
Modified: 05.06.2006
Company: Nokia.
----------
Key: SNDSrvc
ImagePath: "C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe"
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
201944 bytes
Created: 12.06.2004
Modified: 12.06.2004
Company: Symantec Corporation
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{C002BEB6-F558-4AE6-81A8-B3997CE7CEBC}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 19.08.2004
Modified: 14.04.2008
Company: Microsoft Corporation
----------
Key: Symantec AntiVirus
ImagePath: "C:\Program Files\Symantec AntiVirus\Rtvscan.exe"
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
1271040 bytes
Created: 03.08.2004
Modified: 03.08.2004
Company: Symantec Corporation
----------
Key: SymEvent
ImagePath: \??\C:\Program Files\Symantec\SYMEVENT.SYS
C:\Program Files\Symantec\SYMEVENT.SYS
82832 bytes
Created: 21.09.2006
Modified: 04.03.2004
Company: Symantec Corporation
----------
Key: SYMREDRV
ImagePath: \SystemRoot\System32\Drivers\SYMREDRV.SYS
C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
16280 bytes
Created: 12.06.2004
Modified: 12.06.2004
Company: Symantec Corporation
----------
Key: SYMTDI
ImagePath: \SystemRoot\System32\Drivers\SYMTDI.SYS
C:\WINDOWS\System32\Drivers\SYMTDI.SYS
263736 bytes
Created: 12.06.2004
Modified: 12.06.2004
Company: Symantec Corporation
----------
Key: usnjsvc
ImagePath: "C:\Program Files\MSN Messenger\usnsvc.exe"
C:\Program Files\MSN Messenger\usnsvc.exe
97136 bytes
Created: 19.01.2007
Modified: 19.01.2007
Company: Microsoft Corporation
----------
Key: WinDefend
ImagePath: "C:\Program Files\Windows Defender\MsMpEng.exe"
C:\Program Files\Windows Defender\MsMpEng.exe
13592 bytes
Created: 03.11.2006
Modified: 03.11.2006
Company: Microsoft Corporation
----------
Key: WpdUsb
ImagePath: system32\DRIVERS\wpdusb.sys
C:\WINDOWS\system32\DRIVERS\wpdusb.sys
38528 bytes
Created: 10.08.2004
Modified: 18.10.2006
Company: Microsoft Corporation
----------

************************************************************
22:00:02: Scanning -----VXD ENTRIES-----

************************************************************
22:00:02: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : NavLogon
DLLName: C:\WINDOWS\system32\NavLogon.dll
C:\WINDOWS\system32\NavLogon.dll
83160 bytes
Created: 20.07.2004
Modified: 20.07.2004
Company: Symantec Corporation
----------

************************************************************
22:00:03: Scanning ----- CONTEXTMENUHANDLERS -----
Key: LDVPMenu
CLSID: {BDA77241-42F6-11d0-85E2-00AA001FE28C}
Path: C:\Program Files\Fichiers communs\Symantec Shared\SSC\vpshell2.dll
C:\Program Files\Fichiers communs\Symantec Shared\SSC\vpshell2.dll
46216 bytes
Created: 03.08.2004
Modified: 03.08.2004
Company: Symantec Corporation
----------
Key: PandoShellExt
CLSID: {9C150845-2A2D-44CC-90B3-AA03480AA3D2}
Path: C:\Program Files\Pando Networks\Pando\PandoShellExt.dll
C:\Program Files\Pando Networks\Pando\PandoShellExt.dll
57344 bytes
Created: 02.06.2008
Modified: 02.06.2008
Company: Pando Networks
----------

************************************************************
22:00:04: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
372736 bytes
Created: 10.05.2007
Modified: 10.05.2007
Company: Adobe Systems, Inc.
----------

************************************************************
22:00:04: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
62080 bytes
Created: 22.10.2006
Modified: 22.10.2006
Company: Adobe Systems Incorporated
----------
Key: {38D3FE60-3D53-4F37-BB0E-C7A97A26A156}
BHO: C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
577536 bytes
Created: 02.06.2008
Modified: 02.06.2008
Company: Pando Networks
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre6\bin\ssv.dll
C:\Program Files\Java\jre6\bin\ssv.dll
320920 bytes
Created: 18.12.2008
Modified: 18.12.2008
Company: Sun Microsystems, Inc.
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
328752 bytes
Created: 20.09.2007
Modified: 20.09.2007
Company: Microsoft Corporation
----------
Key: {DBC80044-A445-435b-BC74-9C25C1C588A9}
BHO: C:\Program Files\Java\jre6\bin\jp2ssv.dll
C:\Program Files\Java\jre6\bin\jp2ssv.dll
34816 bytes
Created: 18.12.2008
Modified: 18.12.2008
Company: Sun Microsystems, Inc.
----------
Key: {E5A1691B-D188-4419-AD02-90002030B8EE}
BHO: C:\PROGRA~1\FlashFXP\IEFlash.dll
C:\PROGRA~1\FlashFXP\IEFlash.dll
191096 bytes
Created: 16.05.2007
Modified: 16.05.2007
Company: IniCom Networks, Inc.
----------
Key: {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
BHO: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
73728 bytes
Created: 18.12.2008
Modified: 18.12.2008
Company: Sun Microsystems, Inc.
----------
Key: {fe5435bb-f40e-4e0c-8327-8c32aafddc2a}
BHO: C:\WINDOWS\system32\lujetifi.dll
C:\WINDOWS\system32\lujetifi.dll
62711 bytes
Created: 20.09.2008
Modified: 20.09.2008
Company: [no info]
----------

************************************************************
22:00:05: Scanning ----- SHELLSERVICEOBJECTS -----

************************************************************
22:00:05: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
22:00:05: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
22:00:05: Scanning ----- APPINIT_DLLS -----
AppInitDLLs entry = [C:\WINDOWS\system32\jolefayu.dll,C:\WINDOWS\system32\barusaya.dll]
File: C:\WINDOWS\system32\jolefayu.dll
C:\WINDOWS\system32\jolefayu.dll
-HS- 63632 bytes
Created: 20.09.2008
Modified: 20.09.2008
Company: [no info]
C:\WINDOWS\system32\jolefayu.dll - this reference will be removed
C:\WINDOWS\system32\jolefayu.dll - HIDDEN and SYSTEM file attributes removed
C:\WINDOWS\system32\jolefayu.dll - file renamed to: C:\WINDOWS\system32\jolefayu.dll.vir
----------
File: C:\WINDOWS\system32\barusaya.dll
C:\WINDOWS\system32\barusaya.dll
62711 bytes
Created: 20.09.2008
Modified: 20.09.2008
Company: [no info]
----------

************************************************************
22:00:11: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
22:00:11: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 15.09.2006
Modified: 15.09.2006
Company: [no info]
--------------------
C:\Program Files\Microsoft Office\Office\OSA9.EXE
65588 bytes
Created: 21.01.2000
Modified: 21.01.2000
Company: Microsoft Corporation
Microsoft Office.lnk - links to C:\Program Files\Microsoft Office\Office\OSA9.EXE
--------------------

************************************************************
No User Startup Groups were located to check

************************************************************
22:00:12: Scanning ----- SCHEDULED TASKS -----
Taskname: AppleSoftwareUpdate.job
File: C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
566592 bytes
Created: 30.07.2008
Modified: 30.07.2008
Company: Apple Inc.
Parameters: -task
Next Run Time: 23.12.2008 17:43:00
Status: La tâche n'a pas encore été exécutée
Creator: SYSTEM
Comments: [blank]
----------
Taskname: iamkwwte.job
File: C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nnnkHYPG.dll
66560 bytes
Created: 14.12.2008
Modified: 14.12.2008
Company: ESET
Parameters: "C:\WINDOWS\system32\nnnkHYPG.dll",d
Next Run Time: 20.12.2008 23:00:00
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: Marcel
Comments: [blank]
C:\WINDOWS\system32\nnnkHYPG.dll appears to contain: TROJAN.VIRTUMONDE
iamkwwte.job - this Scheduled Task has been deleted
C:\WINDOWS\system32\nnnkHYPG.dll - file renamed to: C:\WINDOWS\system32\nnnkHYPG.dll.vir
The Windows Update service is disabled
The Windows Update service has been reset
This service will also be checked when the PC is restarted
----------
Taskname: MP Scheduled Scan.job
File: C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
293144 bytes
Created: 03.11.2006
Modified: 03.11.2006
Company: Microsoft Corporation
Parameters: Scan -RestrictPrivileges
Next Run Time: 21.12.2008 02:28:00
Status: La tâche n'a pas encore été exécutée
Creator: SYSTEM
Comments: Scheduled Scan
----------
Taskname: User_Feed_Synchronization-{321F9EFF-A697-4DB8-B9E7-FBCE5E7642DC}.job
File: C:\WINDOWS\system32\msfeedssync.exe
C:\WINDOWS\system32\msfeedssync.exe
12288 bytes
Created: 17.10.2006
Modified: 17.10.2006
Company: Microsoft Corporation
Parameters: sync
Next Run Time: 20.12.2008 22:31:00
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: Marcel
Comments: Updates out-of-date system feeds.
----------

************************************************************
22:00:24: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
22:00:24: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Hidden or inaccessible Services entry: [TDSSserv.sys]
Entry has been scheduled for deletion when the PC is restarted
\systemroot\system32\drivers\TDSSmqlt.sys - file could not be erased using RAW erasure
C:\WINDOWS\system32\drivers\TDSSmqlt.sys - unable to take ownership/change permissions
\systemroot\system32\drivers\TDSSmqlt.sys - marked for renaming when the PC is restarted (if it exists)
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Marcel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Marcel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
858054 bytes
Created: 22.01.2007
Modified: 09.10.2008
Company: [no info]
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Marcel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
858054 bytes
Created: 22.01.2007
Modified: 09.10.2008
Company: [no info]
----------
Checking autorun.inf in F:\
F:\autorun.inf
-H- 71 bytes
Created: 01.04.2008
Modified: 01.04.2008
Company: [no info]
F:\autorun.inf open entry: [wd_windows_tools\WDSetup.exe]
F:\wd_windows_tools\WDSetup.exe
1774550 bytes
Created: 31.03.2008
Modified: 31.03.2008
Company: Western Digital Corporation
----------
--------------------
Checks for rogue DNS NameServers completed
----------
Additional checks completed

************************************************************
22:00:37: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
[1 loaded module]
--------------------
C:\WINDOWS\system32\csrss.exe
[13 loaded modules in total]
--------------------
C:\WINDOWS\system32\winlogon.exe
[73 loaded modules in total]
--------------------
C:\WINDOWS\system32\services.exe
[26 loaded modules in total]
--------------------
C:\WINDOWS\system32\lsass.exe
[57 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[52 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[38 loaded modules in total]
--------------------
C:\Program Files\Windows Defender\MsMpEng.exe - file already scanned
[40 loaded modules in total]
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
[149 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[29 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[31 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[40 loaded modules in total]
--------------------
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe - file already scanned
[32 loaded modules in total]
--------------------
C:\WINDOWS\system32\spoolsv.exe
[51 loaded modules in total]
--------------------
C:\PROGRA~1\SYMANT~1\VPTray.exe - file already scanned
[46 loaded modules in total]
--------------------
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE - file already scanned
[60 loaded modules in total]
--------------------
C:\Program Files\Winamp\winampa.exe - file already scanned
[22 loaded modules in total]
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
[33 loaded modules in total]
--------------------
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe - file already scanned
[54 loaded modules in total]
--------------------
C:\Program Files\Pando Networks\Pando\pando.exe - file already scanned
[107 loaded modules in total]
--------------------
C:\Program Files\Messenger\msmsgs.exe - file already scanned
[46 loaded modules in total]
--------------------
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe - file already scanned
[24 loaded modules in total]
--------------------
C:\Program Files\Symantec AntiVirus\DefWatch.exe - file already scanned
[10 loaded modules in total]
--------------------
C:\Program Files\Java\jre6\bin\jqs.exe - file already scanned
[83 loaded modules in total]
--------------------
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
[33 loaded modules in total]
--------------------
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe - file already scanned
[47 loaded modules in total]
--------------------
C:\WINDOWS\System32\alg.exe
[32 loaded modules in total]
--------------------
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
[107 loaded modules in total]
--------------------
C:\WINDOWS\explorer.exe - file already scanned
[117 loaded modules in total]
--------------------
C:\Program Files\Mozilla Firefox\firefox.exe
[89 loaded modules in total]
--------------------
C:\Documents and Settings\Marcel\Application Data\Simply Super Software\Trojan Remover\bgq183.exe
FileSize: 2884472
[This is a Trojan Remover component]
[74 loaded modules in total]
--------------------

************************************************************
22:02:16: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

************************************************************
22:02:16: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

************************************************************
22:02:16: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
22:02:16: started scan of Windows\System32 DLLs
1350 DLL files scanned, 0 malicious DLLs deleted (or marked for deletion)
22:04:54: completed scan of Windows\System32 DLLS
************************************************************
22:04:54: started scan of EXE files in C:\WINDOWS\system32
329 EXE files scanned in C:\WINDOWS\system32
0 malicious EXE files deleted (or marked for deletion)
************************************************************
22:04:55: Removing the following Trojan.VirtuMonde config file(s):
esentprf.ini
1 Trojan.VirtuMonde config file deleted

************************************************************
22:04:55: Scanning ------ %TEMP% DIRECTORY ------
C:\DOCUME~1\Marcel\LOCALS~1\Temp\etilqs_heLcffDBWI328Mwd7M1K appears to be in-use/locked
C:\DOCUME~1\Marcel\LOCALS~1\Temp\etilqs_heLcffDBWI328Mwd7M1K-journal appears to be in-use/locked
C:\DOCUME~1\Marcel\LOCALS~1\Temp\etilqs_qfp0qYtEyeZibHmSDrYM appears to be in-use/locked
************************************************************
22:04:56: Scanning ------ C:\WINDOWS\Temp DIRECTORY ------
************************************************************
22:04:56: Scanning ------ ROOT DIRECTORY ------

************************************************************
22:04:56: ------ Scan for other files to remove ------
C:\WINDOWS\system32\TDSSlrvd.dat has been deleted
----------
1 malware-related files deleted (or marked for deletion)

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\windows\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&...
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...

************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
=== ONE OR MORE FILES WERE RENAMED OR REMOVED ===
Scan completed at: 22:04:56 20 déc. 2008
Total Scan time: 00:06:05
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
20.12.2008 22:46:03: restart commenced
************************************************************


21 Décembre 2008 15:28:22

ok

reposte un hijackthis
21 Décembre 2008 19:40:31

Bonsoir,


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:39:26, on 21.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Mirar - {8610962A-EDE8-4A17-979B-23030F8EEDEA} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [juwinusaji] Rundll32.exe "C:\WINDOWS\system32\memovovo.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: *.antispyexpert.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.spyguardpro.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusremover2008.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
O15 - Trusted Zone: *.antispyexpert.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.spyguardpro.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusremover2008.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 8415 bytes
23 Décembre 2008 13:12:34

Salut, bien dormis ;)  ??

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1507
Windows 5.1.2600 Service Pack 3

23.12.2008 12:21:52
mbam-log-2008-12-23 (12-21-51).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 141884
Temps écoulé: 2 hour(s), 53 minute(s), 9 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
23 Décembre 2008 13:31:58

oui et toi

reposte un log hijackthis
23 Décembre 2008 18:03:14

Ouai bien :D 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:03:12, on 23.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Mirar - {8610962A-EDE8-4A17-979B-23030F8EEDEA} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O20 - Winlogon Notify: awtsPJDw - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 7770 bytes
23 Décembre 2008 18:12:45

d'apres le rapport c'est propre
23 Décembre 2008 21:18:19

a ok escuse moi

oui vazi
23 Décembre 2008 21:22:14

ok
Greg209 :) 

Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

viens sur le forum et édition "coller"

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer


ajoute un nouveau rapport Hijackthis.

Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS