Se connecter / S'enregistrer
Votre question

bonjour, je souhaite me débarasser définitivement du virus win 32 bho

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
20 Janvier 2008 20:06:08

Et oui, un de plus avec ce sacré virus win 32 bho kd tr , j'apelle tous les pros et vous fais parvenir le rapport de combofix
merci d'avance
ComboFix 08-01-20.1 - Jean paul 2008-01-20 17:29:28.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.118 [GMT 1:00]
Running from: C:\Documents and Settings\Jean-Paul\Bureau\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Hanna\Application Data\MANTEC~1
C:\Documents and Settings\Hanna\Menu D‚marrer\Programmes\Outerinfo
C:\Documents and Settings\Hanna\Menu Démarrer\Programmes\Outerinfo\Terms.lnk
C:\Documents and Settings\Hanna\Menu Démarrer\Programmes\Outerinfo\Uninstall.lnk
C:\Documents and Settings\Hanna\Mes documents\FNTS~1
C:\Documents and Settings\Jean-Paul\~tmp1174.exe
C:\Documents and Settings\Jean-Paul\Application Data\STEM32~1
C:\Documents and Settings\Jean-Paul\Menu D‚marrer\Programmes\Outerinfo
C:\Documents and Settings\Jean-Paul\Menu Démarrer\Programmes\Outerinfo\Terms.lnk
C:\Documents and Settings\Jean-Paul\Menu Démarrer\Programmes\Outerinfo\Uninstall.lnk
C:\Documents and Settings\Jean-Paul\Mes documents\CURITY~1
C:\Program Files\dobe~1
C:\Program Files\Fichiers communs\{10218~1
C:\Program Files\Fichiers communs\{30218~1
C:\Program Files\Fichiers communs\Yazzle1122OinUninstaller.exe
C:\Program Files\Fichiers communs\Yazzle1396OinUninstaller.exe
C:\Program Files\inetget2
C:\Program Files\mantec~1
C:\Program Files\outerinfo
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\web buying
C:\Program Files\webhancer
C:\Program Files\webhancer\Programs\license.txt
C:\Program Files\webhancer\Programs\readme.txt
C:\Program Files\webhancer\Programs\sporder.dll
C:\Program Files\webhancer\Programs\whAgent.ini
C:\Program Files\Windows NT\visohdodi.html
C:\Program Files\winpop
C:\Program Files\wintouch
C:\Program Files\wintouch\wintouch.cfg
C:\Program Files\Words
C:\Program Files\Words\list.txt
C:\Program Files\Words\script.txt
C:\Program Files\Words\UnInstall.exe
C:\Program Files\ymbols~1
C:\temp\0b9
C:\temp\0b9\tmpTF.log
C:\temp\17o7
C:\temp\17o7\tmpTF.log
C:\temp\tn3
C:\WINDOWS\cookies.ini
C:\WINDOWS\crosof~1.net
C:\WINDOWS\crosof~1.net\??crosoft.NET\
C:\WINDOWS\dobe~1
C:\WINDOWS\ecurit~1
C:\WINDOWS\ecurit~1\?ecurity\
C:\WINDOWS\mcroso~1
C:\WINDOWS\pack.epk
C:\WINDOWS\ppatch~1
C:\WINDOWS\ppatch~1\??pPatch\
C:\WINDOWS\system32\adeeg.ini
C:\WINDOWS\system32\adeeg.ini2
C:\WINDOWS\system32\ajpboolm.ini
C:\WINDOWS\system32\alog.txt
C:\WINDOWS\system32\banwhvpb.dll
C:\WINDOWS\system32\bduyiqyn.dll
C:\WINDOWS\system32\bpvhwnab.ini
C:\WINDOWS\system32\brtvnqxc.dll
C:\WINDOWS\system32\bugkubdn.dll
C:\WINDOWS\system32\byfejbne.dll
C:\WINDOWS\system32\conf.dat
C:\WINDOWS\system32\crosof~1
C:\WINDOWS\system32\curity~1
C:\WINDOWS\system32\dcbeg.ini
C:\WINDOWS\system32\dcbeg.ini2
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\ecurit~1
C:\WINDOWS\system32\epnmbrrw.dll
C:\WINDOWS\system32\fhkmp.ini
C:\WINDOWS\system32\fhkmp.ini2
C:\WINDOWS\system32\geeda.dll
C:\WINDOWS\system32\ghpevrdq.dll
C:\WINDOWS\system32\gkhvktkp.dll
C:\WINDOWS\system32\jkbjyuhw.ini
C:\WINDOWS\system32\maviwvid.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mgfalsie.dll
C:\WINDOWS\system32\mloobpja.dll
C:\WINDOWS\system32\msyguulg.dll
C:\WINDOWS\system32\ndouoeqn.dll
C:\WINDOWS\system32\nwnsvfyq.ini
C:\WINDOWS\system32\obajlykw.dll
C:\WINDOWS\system32\qdrvephg.ini
C:\WINDOWS\system32\qihwrmjr.dll
C:\WINDOWS\system32\qqstv.ini
C:\WINDOWS\system32\qqstv.ini2
C:\WINDOWS\system32\qyfvsnwn.dll
C:\WINDOWS\system32\skhrltgw.dll
C:\WINDOWS\system32\slqqvjac.dll
C:\WINDOWS\system32\smpi1
C:\WINDOWS\system32\T2
C:\WINDOWS\system32\T3
C:\WINDOWS\system32\T5
C:\WINDOWS\system32\uttcriqv.dll
C:\WINDOWS\system32\vtsqq.dll
C:\WINDOWS\system32\wgluswcr.dll
C:\WINDOWS\system32\wgtlrhks.ini
C:\WINDOWS\system32\whuyjbkj.dll
C:\WINDOWS\system32\wkyljabo.ini
C:\WINDOWS\system32\wnsintsv.exe
C:\WINDOWS\system32\xedcoakh.dll
C:\WINDOWS\wr.txt
C:\WINDOWS\ystem3~1

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CLIENT_IP-IPX
-------\LEGACY_CORE
-------\LEGACY_MSUPDATE
-------\Client IP-IPX
-------\core


((((((((((((((((((((((((((((( Fichiers créés 2007-12-20 to 2008-01-20 ))))))))))))))))))))))))))))))))))))
.

2008-01-20 17:44 . 2008-01-20 17:46 368 --ahs---- C:\WINDOWS\system32\fhkmp.ini
2008-01-20 17:24 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-19 16:52 . 2008-01-19 16:52 314,848 --a------ C:\WINDOWS\system32\pmkhf.dll
2008-01-19 16:30 . 2008-01-20 09:45 1,057,252 ---hs---- C:\WINDOWS\system32\xxmnbhsj.ini
2008-01-18 17:15 . 2008-01-19 16:24 1,057,132 ---hs---- C:\WINDOWS\system32\wctpbtqr.ini
2008-01-17 18:50 . 2008-01-20 17:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-15 21:08 . 2008-01-18 15:54 1,064,498 ---hs---- C:\WINDOWS\system32\csfgkhym.ini
2008-01-15 18:54 . <REP> C:\Documents and Settings\Régine\Application Data\Grisoft
2008-01-15 18:36 . 2008-01-15 18:36 <REP> d-------- C:\Documents and Settings\Jean-Paul\Application Data\Grisoft
2008-01-15 18:35 . 2008-01-15 18:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-15 18:35 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-15 18:26 . 2008-01-15 18:26 <REP> d-------- C:\Program Files\Trend Micro
2008-01-15 14:56 . 2008-01-15 19:42 1,061,496 ---hs---- C:\WINDOWS\system32\wtodlmby.ini
2008-01-14 16:32 . 2008-01-14 16:54 1,057,156 ---hs---- C:\WINDOWS\system32\sssnmjuv.ini
2008-01-14 13:58 . 2008-01-14 16:28 1,064,918 ---hs---- C:\WINDOWS\system32\wvegsnts.ini
2008-01-13 09:45 . 2008-01-14 13:38 1,065,698 ---hs---- C:\WINDOWS\system32\gdcfuwyh.ini
2008-01-11 13:38 . 2008-01-13 09:45 1,060,922 ---hs---- C:\WINDOWS\system32\wyuuefyq.ini
2008-01-11 13:02 . 2008-01-11 13:36 1,059,581 ---hs---- C:\WINDOWS\system32\cvtacwnp.ini
2008-01-10 17:03 . 2008-01-11 06:29 1,058,015 ---hs---- C:\WINDOWS\system32\vsdsogtu.ini
2008-01-10 09:30 . 2008-01-11 13:01 189,582 --ahs---- C:\WINDOWS\system32\qqtss.ini
2007-12-28 10:38 . 2007-12-28 10:38 24,288 --a------ C:\WINDOWS\system32\mljklif.dll
2007-12-27 10:45 . 2007-12-27 10:45 24,288 --a------ C:\WINDOWS\system32\yayxxyv.dll
2007-12-26 12:53 . 2007-12-26 12:53 24,304 --------- C:\WINDOWS\system32\wvuttsq.dll
2007-12-23 12:53 . 2007-12-23 12:53 26,357 --a------ C:\WINDOWS\fft4qu1j.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-20 16:12 2,132,992 ----a-w C:\WINDOWS\Internet Logs\xDB44.tmp
2008-01-20 16:12 1,833,984 ----a-w C:\WINDOWS\Internet Logs\xDB43.tmp
2008-01-19 14:08 --------- d-----w C:\Documents and Settings\Jean-Paul\Application Data\LimeWire
2008-01-18 19:34 --------- d-----w C:\Program Files\eMule
2008-01-18 19:22 2,824,192 ----a-w C:\WINDOWS\Internet Logs\xDB41.tmp
2008-01-18 19:22 2,123,776 ----a-w C:\WINDOWS\Internet Logs\xDB42.tmp
2008-01-15 17:52 --------- d-----w C:\Program Files\Dcads Advanced Toolbar
2008-01-14 19:45 77,379 ----a-w C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
2008-01-13 17:50 2,092,544 ----a-w C:\WINDOWS\Internet Logs\xDB40.tmp
2008-01-13 11:59 2,835,456 ----a-w C:\WINDOWS\Internet Logs\xDB3E.tmp
2008-01-13 11:59 2,088,960 ----a-w C:\WINDOWS\Internet Logs\xDB3F.tmp
2008-01-13 08:45 --------- d-s---w C:\Documents and Settings\Régine\Application Data\Microsoft
2008-01-10 11:23 2,806,272 ----a-w C:\WINDOWS\Internet Logs\xDB3C.tmp
2008-01-10 11:23 2,070,528 ----a-w C:\WINDOWS\Internet Logs\xDB3D.tmp
2008-01-04 16:09 2,672,640 ----a-w C:\WINDOWS\Internet Logs\xDB3A.tmp
2008-01-04 16:09 2,038,272 ----a-w C:\WINDOWS\Internet Logs\xDB3B.tmp
2008-01-02 15:20 2,766,848 ----a-w C:\WINDOWS\Internet Logs\xDB39.tmp
2007-12-29 10:55 2,637,312 ----a-w C:\WINDOWS\Internet Logs\xDB36.tmp
2007-12-29 10:55 2,014,720 ----a-w C:\WINDOWS\Internet Logs\xDB38.tmp
2007-12-25 09:16 2,768,384 ----a-w C:\WINDOWS\Internet Logs\xDB35.tmp
2007-12-25 09:16 1,995,264 ----a-w C:\WINDOWS\Internet Logs\xDB37.tmp
2007-12-20 19:34 3,027,456 ----a-w C:\WINDOWS\Internet Logs\xDB34.tmp
2007-12-18 09:17 80,097 ----a-w C:\WINDOWS\system32\dcads-remove.exe
2007-12-17 18:36 --------- d-----w C:\Documents and Settings\Régine\Application Data\ATI
2007-12-17 10:06 --------- d-----w C:\Documents and Settings\Jean-Paul\Application Data\ATI
2007-12-16 19:01 194,372 ----a-w C:\WINDOWS\system32\adssitesuggest_uninstall.exe
2007-12-15 16:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-14 20:31 2,665,984 ----a-w C:\WINDOWS\Internet Logs\xDB32.tmp
2007-12-14 20:31 1,900,544 ----a-w C:\WINDOWS\Internet Logs\xDB33.tmp
2007-12-14 14:08 --------- d-----w C:\Documents and Settings\Régine\Application Data\LimeWire
2007-12-10 20:20 1,882,112 ----a-w C:\WINDOWS\Internet Logs\xDB31.tmp
2007-12-10 13:08 --------- d-----w C:\Program Files\Pvm
2007-12-09 19:40 2,706,944 ----a-w C:\WINDOWS\Internet Logs\xDB2F.tmp
2007-12-09 19:40 1,875,456 ----a-w C:\WINDOWS\Internet Logs\xDB30.tmp
2007-12-06 20:23 2,915,328 ----a-w C:\WINDOWS\Internet Logs\xDB2D.tmp
2007-12-06 20:23 1,871,360 ----a-w C:\WINDOWS\Internet Logs\xDB2E.tmp
2007-12-06 18:44 19,456 ----a-w C:\WINDOWS\system32\drivers\defdwxlr.dat
2007-12-04 16:22 --------- d-----w C:\Documents and Settings\Régine\Application Data\Creative
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-12-04 11:16 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-04 10:35 --------- d-----w C:\Documents and Settings\Régine\Application Data\Media Player Classic
2007-12-01 21:38 2,622,976 ----a-w C:\WINDOWS\Internet Logs\xDB2A.tmp
2007-12-01 21:38 1,857,536 ----a-w C:\WINDOWS\Internet Logs\xDB2C.tmp
2007-12-01 08:25 --------- d-----w C:\Program Files\GestStock
2007-12-01 08:07 --------- d-----w C:\Program Files\RegConso
2007-11-30 20:51 --------- d-----w C:\Documents and Settings\Jean-Paul\Application Data\RagTime
2007-11-30 17:34 --------- d-----w C:\Documents and Settings\Régine\Application Data\RagTime
2007-11-30 17:33 --------- d-----w C:\Program Files\RagTime Solo
2007-11-30 16:18 53,248 ----a-w C:\WINDOWS\Internet Logs\xDB29.tmp
2007-11-30 16:18 1,845,248 ----a-w C:\WINDOWS\Internet Logs\xDB2B.tmp
2007-11-30 15:59 2,097,152 ----a-w C:\WINDOWS\Internet Logs\xDB28.tmp
2007-11-28 09:47 2,692,608 ----a-w C:\WINDOWS\Internet Logs\xDB27.tmp
2007-11-27 16:40 327,680 ----a-w C:\WINDOWS\system32\adssitesuggest.dll
2007-11-24 15:41 3,142,144 ----a-w C:\WINDOWS\Internet Logs\xDB25.tmp
2007-11-24 15:41 1,822,720 ----a-w C:\WINDOWS\Internet Logs\xDB26.tmp
2007-11-24 10:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-23 17:27 40,731 ----a-w C:\WINDOWS\system32\superiorads-uninst.exe
2007-11-23 17:26 33,088 ----a-w C:\WINDOWS\system32\dcadssuggest_uninstall.exe
2007-11-23 17:26 --------- d-----w C:\Documents and Settings\Jean-Paul\Application Data\Dcads Advanced Toolbar
2007-11-23 14:24 327,680 ----a-w C:\WINDOWS\system32\dcadssuggest.dll
2007-11-07 20:02 1,752,576 ----a-w C:\WINDOWS\Internet Logs\xDB24.tmp
2007-11-07 20:01 3,419,136 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-21 07:47 6,690,416 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-10-16 09:37 3,891 ----a-w C:\Program Files\satsukidecodersettings.ini
2007-10-16 09:36 680 ----a-w C:\Program Files\mpc2.reg
2007-10-16 09:36 596 ----a-w C:\Program Files\mpc1.reg
2007-10-16 09:36 5,050 ----a-w C:\Program Files\mpc7.reg
2007-10-16 09:36 33,408 ----a-w C:\Program Files\ffdssetts.reg
2007-10-16 09:36 32,754 ----a-w C:\Program Files\ffdsvsetts.reg
2007-10-16 09:36 2,910 ----a-w C:\Program Files\mpc3.reg
2007-10-16 09:36 16,206 ----a-w C:\Program Files\mpc5.reg
2007-10-16 09:36 15,378 ----a-w C:\Program Files\mpc6.reg
2007-10-16 09:36 1,612 ----a-w C:\Program Files\ffdsasetts.reg
2007-10-16 09:36 1,546 ----a-w C:\Program Files\mpc4.reg
2007-10-15 18:35 1,675,264 ----a-w C:\WINDOWS\Internet Logs\xDB23.tmp
2007-10-12 07:12 1,870,848 ----a-w C:\WINDOWS\Internet Logs\xDB20.tmp
2007-10-12 07:12 1,670,144 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp
2007-10-10 13:34 90,112 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp
2007-10-10 13:34 1,665,536 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp
2007-10-10 13:26 43,520 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp
2007-10-10 13:26 1,665,536 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp
2007-10-10 13:23 765,952 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp
2007-10-09 20:07 2,917,888 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp
2007-10-09 20:07 1,664,000 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp
2007-09-28 16:41 2,861,056 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp
2007-09-20 19:21 3,886,080 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp
2007-09-06 19:24 1,554,944 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2007-09-04 11:33 3,866,112 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2007-09-04 11:33 1,550,848 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2007-08-23 18:41 1,515,520 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2007-08-23 18:41 1,350,656 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A0FC761-F841-45CC-BF03-0CF00FEDC025}]
C:\WINDOWS\system32\gebcd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
2007-12-26 12:53 24304 --------- C:\WINDOWS\system32\wvuttsq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7540CF81-934C-44e6-B9FF-70F874F55D79}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{925E1C4B-84A9-A15C-8809-FDADDDE92694}]
C:\WINDOWS\system32\cunqkqp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{930E1D18-DCA1-FC0D-D109-FDADDDE927CE}]
C:\WINDOWS\system32\tni.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9A290A82-7CB9-4753-A0B5-91BB88E3D977}]
2008-01-19 16:52 314848 --a------ C:\WINDOWS\system32\pmkhf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE02E5C2-2BE3-41EE-A543-52A9E167581A}]
C:\WINDOWS\system32\gebcd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C004D9F0-A742-4DC7-AFD0-BC29CE3FE04A}]
2007-11-27 17:40 327680 --a------ C:\WINDOWS\system32\adssitesuggest.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C70E4F4A-DCF1-AD5C-8C09-FDADDDE9299D}]
C:\WINDOWS\system32\tfojwia.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DB53D207-4F1A-4F4F-83D2-2EE305E34BB4}]
2002-09-21 23:28 88576 --a------ C:\WINDOWS\system32\bootvi.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\qdvdldkd]
@={391025AA-2534-F5BA-D722-357B49229FB7}

[HKEY_CLASSES_ROOT\CLSID\{391025AA-2534-F5BA-D722-357B49229FB7}]
C:\WINDOWS\system32\qdvdldkd.dIl

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"Srsm"="C:\WINDOWS\CROSOF~1.NET\rundll.exe" [ ]
"Mlcjfn"="C:\WINDOWS\?dobe\m?dtc.exe" [ ]
"Rgibwi"="C:\Program Files\??mantec\r?ndll32.exe" [ ]
"Zuyzc"="C:\Program Files\?dobe\t?skmgr.exe" [ ]
"Rwhpa"="C:\WINDOWS\?ystem32\n?lookup.exe" [2004-08-19 16:10 79360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-11-15 00:51 755472]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-08 23:00 128920]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"VF0060 STISvc"="V0060Pin.dll" [2004-11-01 02:00 36864 C:\WINDOWS\system32\V0060Pin.dll]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48 36975]
"SfKg6w"="C:\WINDOWS\rijirnx.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{1021802C-05B8-1036-0804-040509140021}"= "C:\Program Files\Fichiers communs\{1021802C-05B8-1036-0804-040509140021}\Update.exe" mc-110-12-0000137

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= C:\WINDOWS\system32\wvuttsq.dll [2007-12-26 12:53 24304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuttsq]
wvuttsq.dll 2007-12-26 12:53 24304 C:\WINDOWS\system32\wvuttsq.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\pmkhf.dll

R0 lgnighen;lgnighen;C:\WINDOWS\system32\drivers\defdwxlr.dat []
R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2004-03-11 06:32]
S3 V0060VID;Creative WebCam Live! Ultra;C:\WINDOWS\system32\DRIVERS\V0060Vid.sys [2005-02-02 09:15]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 17:46:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\wvuttsq.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\pmkhf.dll

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\pmkhf.dll
-> C:\WINDOWS\system32\wvuttsq.dll
.
Completion time: 2008-01-20 17:51:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-20 16:51:21
.
2008-01-20 08:49:08 --- E O F ---

Autres pages sur : bonjour souhaite debarasser definitivement virus win bho

Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS