Analyse Hijackthis virus
Résolu
aripou
Messages postés
25
Statut
Membre
-
sherred Messages postés 8605 Statut Membre -
sherred Messages postés 8605 Statut Membre -
Bonjour,
J'ai un virus qui est détecté par AVG, mais qui revient toujours, même si j'ai fait un scan en mode sans échec. Pouvez-vous m'aider à m'en débarasser. Voilà un rapport Hijackthis.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:33:10, on 2008-12-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.canoe.ca/accueil.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Common\_helper.dll (file missing)
O2 - BHO: (no name) - {bce00324-24b8-4f33-a573-466f7564713b} - C:\WINDOWS\system32\lilofati.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe"
O4 - HKLM\..\Run: [nuwivayuse] "Rundll32.exe" "C:\WINDOWS\system32\wonizaki.dll",s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CPMbf365421] "Rundll32.exe" "C:\WINDOWS\system32\batujuko.dll",a
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [nuwivayuse] Rundll32.exe "C:\WINDOWS\system32\wonizaki.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [nuwivayuse] Rundll32.exe "C:\WINDOWS\system32\wonizaki.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_05) - https://sdlc-esd.oracle.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u5-windows-i586-jc.cab&AuthParam=1580944752_ad714b48b0d186f5adbe4ba05260ecbd&ext=.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {530f8087-264b-4fca-abed-a29204d8f38c} - C:\WINDOWS\system32\mst120.dll
O20 - AppInit_DLLs: c:\windows\system32\batujuko.dll,C:\WINDOWS\system32\movemora.dll,avgrsstx.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\batujuko.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\batujuko.dll (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
J'ai un virus qui est détecté par AVG, mais qui revient toujours, même si j'ai fait un scan en mode sans échec. Pouvez-vous m'aider à m'en débarasser. Voilà un rapport Hijackthis.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:33:10, on 2008-12-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.canoe.ca/accueil.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Common\_helper.dll (file missing)
O2 - BHO: (no name) - {bce00324-24b8-4f33-a573-466f7564713b} - C:\WINDOWS\system32\lilofati.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe"
O4 - HKLM\..\Run: [nuwivayuse] "Rundll32.exe" "C:\WINDOWS\system32\wonizaki.dll",s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CPMbf365421] "Rundll32.exe" "C:\WINDOWS\system32\batujuko.dll",a
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [nuwivayuse] Rundll32.exe "C:\WINDOWS\system32\wonizaki.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [nuwivayuse] Rundll32.exe "C:\WINDOWS\system32\wonizaki.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_05) - https://sdlc-esd.oracle.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u5-windows-i586-jc.cab&AuthParam=1580944752_ad714b48b0d186f5adbe4ba05260ecbd&ext=.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {530f8087-264b-4fca-abed-a29204d8f38c} - C:\WINDOWS\system32\mst120.dll
O20 - AppInit_DLLs: c:\windows\system32\batujuko.dll,C:\WINDOWS\system32\movemora.dll,avgrsstx.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\batujuko.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\batujuko.dll (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
A voir également:
- Analyse Hijackthis virus
- Hijackthis - Télécharger - Antivirus & Antimalwares
- Virus mcafee - Accueil - Piratage
- Analyse composant pc - Guide
- Analyse disque dur - Télécharger - Informations & Diagnostic
- Analyse performance pc - Guide
3 réponses
Télécharge combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
clique combofix.exe.
touche 1 (Yes) pour démarrer le scan.
une fois fini un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
Le rapport se trouve également ici : C:\Combofix.txt
Déconnecte toi d'internet ferme les fenêtres de tous les programmes en cours.et provisoirement
arrete les anti virus et autres protection pendand l'analyse
Pendant la durée de l'analyse ne te sert pas de ton pc
une fois l'analyse terminé ,remet toute tes protections antivirus et antispywares
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
clique combofix.exe.
touche 1 (Yes) pour démarrer le scan.
une fois fini un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
Le rapport se trouve également ici : C:\Combofix.txt
Déconnecte toi d'internet ferme les fenêtres de tous les programmes en cours.et provisoirement
arrete les anti virus et autres protection pendand l'analyse
Pendant la durée de l'analyse ne te sert pas de ton pc
une fois l'analyse terminé ,remet toute tes protections antivirus et antispywares
Bonjour,
J'ai peut-être fait une erreur en ouvrant combofix, mais il ne m'A pas donné d'option 1 ou 2... Il a commencé èa scanner tout de suite... J'espère qu'Il n'a pas effacé quelque chose qu'il ne fallait pas...
Je vous mets quand même le rapport.
Merci
ComboFix 08-12-24.01 - computer 2008-12-24 15:36:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.641 [GMT -5:00]
Running from: c:\downloads\ComboFix.exe
* Created a new restore point
[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Common\helper.sig
c:\windows\system32\aginodut.ini
c:\windows\system32\ajokawen.ini
c:\windows\system32\ekiyedat.ini
c:\windows\system32\etobibef.ini
c:\windows\system32\ipurihib.ini
c:\windows\system32\onazedet.ini
c:\windows\system32\onulavur.ini
c:\windows\system32\uzebusaw.ini
.
((((((((((((((((((((((((( Files Created from 2008-11-24 to 2008-12-24 )))))))))))))))))))))))))))))))
.
2008-12-24 15:34 . 2008-12-24 15:35 <DIR> d-------- C:\32788R22FWJFW
2008-12-23 23:30 . 2008-12-23 23:30 <DIR> d-------- c:\program files\Trend Micro
2008-12-23 23:11 . 2008-12-23 23:11 <DIR> d-------- c:\program files\CCleaner
2008-12-23 21:19 . 2008-12-23 21:19 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Webroot
2008-12-23 21:19 . 2008-12-23 21:20 <DIR> d-------- c:\documents and settings\Administrator
2008-12-15 14:30 . 2008-12-23 21:16 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-15 14:28 . 2008-12-24 10:12 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-12-15 14:28 . 2008-12-15 14:28 <DIR> d-------- c:\program files\AVG
2008-12-15 14:28 . 2008-12-15 14:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-12-15 14:28 . 2008-12-15 14:28 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-12-15 14:28 . 2008-12-15 14:28 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-12-15 14:02 . 2008-12-15 14:02 268 --ah----- C:\sqmdata17.sqm
2008-12-15 14:02 . 2008-12-15 14:02 244 --ah----- C:\sqmnoopt17.sqm
2008-12-12 17:53 . 2008-12-12 17:53 <DIR> d-------- C:\HEROES
2008-12-12 11:59 . 2008-12-12 11:59 <DIR> d-------- c:\documents and settings\computer\Application Data\Apple Computer
2008-12-11 21:39 . 2008-12-12 11:09 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-11 21:39 . 2008-12-11 21:39 1,409 --a------ c:\windows\QTFont.for
2008-12-11 21:38 . 2008-12-24 15:40 6,265 --a------ C:\logfile
2008-12-11 21:36 . 2008-12-11 21:37 <DIR> d-------- c:\program files\QuickTime
2008-12-11 21:36 . 2008-12-11 21:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-11 21:35 . 2008-12-11 21:35 <DIR> d-------- c:\program files\Common Files\Kodak
2008-12-11 21:35 . 2004-08-04 03:56 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-12-11 21:35 . 2004-08-04 01:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-12-11 21:35 . 2004-08-04 01:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-12-11 21:35 . 2001-08-18 01:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-12-11 21:34 . 2008-12-11 21:36 <DIR> d-------- c:\program files\Kodak
2008-12-11 21:31 . 2008-12-11 21:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kodak
2008-12-04 19:15 . 2008-12-04 19:16 <DIR> d-------- c:\windows\system32\NtmsData
2008-12-02 13:31 . 2008-12-02 13:31 <DIR> d-------- c:\windows\system32\IOSUBSYS
2008-11-30 15:02 . 2008-11-30 15:02 <DIR> d-------- c:\program files\SHOUTcast Source
2008-11-30 15:02 . 2008-11-30 15:02 <DIR> d-------- c:\program files\OpenSource Flash Video Splitter
2008-11-30 15:02 . 2008-11-30 15:02 <DIR> d-------- c:\program files\MONOGRAM AMR SplitterDecoder
2008-11-30 15:02 . 2008-11-30 15:02 <DIR> d-------- c:\program files\DScaler5
2008-11-30 15:02 . 2008-11-30 15:02 <DIR> d-------- c:\program files\CD Audio Reader Filter
2008-11-30 15:01 . 2008-11-30 15:01 <DIR> d-------- c:\program files\Haali
2008-11-30 15:01 . 2008-11-30 15:01 <DIR> d-------- c:\program files\ffdshow
2008-11-30 15:01 . 2008-11-30 15:01 <DIR> d-------- c:\program files\DSP-worx
2008-11-30 15:01 . 2008-11-30 15:01 <DIR> d-------- c:\program files\DirectVobSub
2008-11-30 15:01 . 2007-11-29 15:52 60,273 --a------ c:\windows\system32\pthreadGC2.dll
2008-11-30 15:01 . 2007-12-03 19:34 7,680 --a------ c:\windows\system32\ff_vfw.dll
2008-11-30 15:01 . 2007-11-29 15:52 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2008-11-30 15:00 . 2008-11-30 18:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Zoom Player
2008-11-30 14:00 . 2008-11-30 14:00 244 --ah----- C:\sqmnoopt16.sqm
2008-11-30 14:00 . 2008-11-30 14:00 232 --ah----- C:\sqmdata16.sqm
2008-11-25 15:24 . 2008-12-24 15:36 <DIR> d-------- c:\program files\Common
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-24 20:35 --------- d-----w c:\program files\BitComet
2008-12-02 18:31 --------- d-----w c:\program files\Google
2008-11-26 20:37 --------- d-----w c:\documents and settings\computer\Application Data\LimeWire
2008-11-19 19:16 --------- d-----w c:\documents and settings\computer\Application Data\LANCITE
2008-11-17 20:04 2,306,113 ----a-w c:\windows\system32\GPhotos.scr
2008-11-09 01:14 --------- d-----w c:\program files\Atheros
2008-11-09 01:14 --------- d-----w c:\documents and settings\All Users\Application Data\Atheros
2008-11-09 01:13 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-09 01:13 --------- d-----w c:\documents and settings\computer\Application Data\InstallShield
2008-11-09 01:08 --------- d-----w c:\program files\Intel
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2006-11-10 417792]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-19 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"BitComet"="c:\program files\BitComet\BitComet.exe" [2008-12-03 2514744]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-29 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-29 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-29 118784]
"ZCfgSvc.exe"="c:\windows\system32\ZCfgSvc.exe" [2006-08-03 639040]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2005-07-07 135168]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-15 1261336]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 5367664]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logiciel Kodak EasyShare.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 282624]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2008-02-15 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2006-08-03 06:20 188482 c:\windows\system32\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^computer^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\computer\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^computer^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\computer\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^computer^Start Menu^Programs^Startup^Outil de détection de support de Cyber-shot Viewer.lnk]
path=c:\documents and settings\computer\Start Menu\Programs\Startup\Outil de détection de support de Cyber-shot Viewer.lnk
backup=c:\windows\pss\Outil de détection de support de Cyber-shot Viewer.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
--a------ 2008-12-03 05:11 2514744 c:\program files\BitComet\BitComet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a--c--- 2006-10-27 03:47 31016 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 14:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
--a------ 2008-01-04 23:56 5367664 c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-04-19 22:25 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
-ra--c--- 2006-11-07 01:50 3772416 c:\windows\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"ERSvc"=2 (0x2)
"usnjsvc"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeper.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9565:TCP"= 9565:TCP:BitComet 9565 TCP
"9565:UDP"= 9565:UDP:BitComet 9565 UDP
"9709:TCP"= 9709:TCP:BitComet 9709 TCP
"9709:UDP"= 9709:UDP:BitComet 9709 UDP
"23530:TCP"= 23530:TCP:BitComet 23530 TCP
"23530:UDP"= 23530:UDP:BitComet 23530 UDP
"8360:TCP"= 8360:TCP:BitComet 8360 TCP
"8360:UDP"= 8360:UDP:BitComet 8360 UDP
"21450:TCP"= 21450:TCP:BitComet 21450 TCP
"21450:UDP"= 21450:UDP:BitComet 21450 UDP
"24273:TCP"= 24273:TCP:BitComet 24273 TCP
"24273:UDP"= 24273:UDP:BitComet 24273 UDP
"20227:TCP"= 20227:TCP:BitComet 20227 TCP
"20227:UDP"= 20227:UDP:BitComet 20227 UDP
"8002:TCP"= 8002:TCP:BitComet 8002 TCP
"8002:UDP"= 8002:UDP:BitComet 8002 UDP
"15088:TCP"= 15088:TCP:BitComet 15088 TCP
"15088:UDP"= 15088:UDP:BitComet 15088 UDP
"27081:TCP"= 27081:TCP:BitComet 27081 TCP
"27081:UDP"= 27081:UDP:BitComet 27081 UDP
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-15 97928]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-15 231704]
R3 WSIMD;wsimd Service;c:\windows\system32\DRIVERS\wsimd.sys [2008-11-08 57408]
.
Contents of the 'Scheduled Tasks' folder
2008-12-24 c:\windows\Tasks\EasyShare Registration RunOnce Task.job
- c:\windows\system32\rundll32.exe [2004-08-03 19:56]
2008-12-12 c:\windows\Tasks\EasyShare Registration Task.job
- c:\windows\system32\rundll32.exe [2004-08-03 19:56]
2008-12-24 c:\windows\Tasks\RegCure Program Check.job
- c:\documents and settings\computer\Desktop\RegCure\RegCure.exe []
2008-11-20 c:\windows\Tasks\RegCure.job
- c:\documents and settings\computer\Desktop\RegCure\RegCure.exe []
.
- - - - ORPHANS REMOVED - - - -
BHO-{bce00324-24b8-4f33-a573-466f7564713b} - c:\windows\system32\lilofati.dll
HKLM-Run-nuwivayuse - c:\windows\system32\wonizaki.dll
HKLM-Run-CPMbf365421 - c:\windows\system32\batujuko.dll
MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://fr.canoe.ca/accueil.html
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://www.google.com/ie
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-24 15:39:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\WRLogonNTF.dll
c:\windows\system32\LgNotify.dll
- - - - - - - > 'explorer.exe'(940)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\agrsmsvc.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Synaptics\SynTP\SynToshiba.exe
c:\windows\system32\wscntfy.exe
c:\program files\Webroot\Spy Sweeper\ssu.exe
.
**************************************************************************
.
Completion time: 2008-12-24 15:42:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-24 20:42:10
Pre-Run: 23 998 451 712 bytes free
Post-Run: 23,925,256,192 bytes free
241
J'ai peut-être fait une erreur en ouvrant combofix, mais il ne m'A pas donné d'option 1 ou 2... Il a commencé èa scanner tout de suite... J'espère qu'Il n'a pas effacé quelque chose qu'il ne fallait pas...
Je vous mets quand même le rapport.
Merci
ComboFix 08-12-24.01 - computer 2008-12-24 15:36:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.641 [GMT -5:00]
Running from: c:\downloads\ComboFix.exe
* Created a new restore point
[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Common\helper.sig
c:\windows\system32\aginodut.ini
c:\windows\system32\ajokawen.ini
c:\windows\system32\ekiyedat.ini
c:\windows\system32\etobibef.ini
c:\windows\system32\ipurihib.ini
c:\windows\system32\onazedet.ini
c:\windows\system32\onulavur.ini
c:\windows\system32\uzebusaw.ini
.
((((((((((((((((((((((((( Files Created from 2008-11-24 to 2008-12-24 )))))))))))))))))))))))))))))))
.
2008-12-24 15:34 . 2008-12-24 15:35 <DIR> d-------- C:\32788R22FWJFW
2008-12-23 23:30 . 2008-12-23 23:30 <DIR> d-------- c:\program files\Trend Micro
2008-12-23 23:11 . 2008-12-23 23:11 <DIR> d-------- c:\program files\CCleaner
2008-12-23 21:19 . 2008-12-23 21:19 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Webroot
2008-12-23 21:19 . 2008-12-23 21:20 <DIR> d-------- c:\documents and settings\Administrator
2008-12-15 14:30 . 2008-12-23 21:16 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-15 14:28 . 2008-12-24 10:12 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-12-15 14:28 . 2008-12-15 14:28 <DIR> d-------- c:\program files\AVG
2008-12-15 14:28 . 2008-12-15 14:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-12-15 14:28 . 2008-12-15 14:28 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-12-15 14:28 . 2008-12-15 14:28 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-12-15 14:02 . 2008-12-15 14:02 268 --ah----- C:\sqmdata17.sqm
2008-12-15 14:02 . 2008-12-15 14:02 244 --ah----- C:\sqmnoopt17.sqm
2008-12-12 17:53 . 2008-12-12 17:53 <DIR> d-------- C:\HEROES
2008-12-12 11:59 . 2008-12-12 11:59 <DIR> d-------- c:\documents and settings\computer\Application Data\Apple Computer
2008-12-11 21:39 . 2008-12-12 11:09 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-11 21:39 . 2008-12-11 21:39 1,409 --a------ c:\windows\QTFont.for
2008-12-11 21:38 . 2008-12-24 15:40 6,265 --a------ C:\logfile
2008-12-11 21:36 . 2008-12-11 21:37 <DIR> d-------- c:\program files\QuickTime
2008-12-11 21:36 . 2008-12-11 21:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-11 21:35 . 2008-12-11 21:35 <DIR> d-------- c:\program files\Common Files\Kodak
2008-12-11 21:35 . 2004-08-04 03:56 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-12-11 21:35 . 2004-08-04 01:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-12-11 21:35 . 2004-08-04 01:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-12-11 21:35 . 2001-08-18 01:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-12-11 21:34 . 2008-12-11 21:36 <DIR> d-------- c:\program files\Kodak
2008-12-11 21:31 . 2008-12-11 21:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kodak
2008-12-04 19:15 . 2008-12-04 19:16 <DIR> d-------- c:\windows\system32\NtmsData
2008-12-02 13:31 . 2008-12-02 13:31 <DIR> d-------- c:\windows\system32\IOSUBSYS
2008-11-30 15:02 . 2008-11-30 15:02 <DIR> d-------- c:\program files\SHOUTcast Source
2008-11-30 15:02 . 2008-11-30 15:02 <DIR> d-------- c:\program files\OpenSource Flash Video Splitter
2008-11-30 15:02 . 2008-11-30 15:02 <DIR> d-------- c:\program files\MONOGRAM AMR SplitterDecoder
2008-11-30 15:02 . 2008-11-30 15:02 <DIR> d-------- c:\program files\DScaler5
2008-11-30 15:02 . 2008-11-30 15:02 <DIR> d-------- c:\program files\CD Audio Reader Filter
2008-11-30 15:01 . 2008-11-30 15:01 <DIR> d-------- c:\program files\Haali
2008-11-30 15:01 . 2008-11-30 15:01 <DIR> d-------- c:\program files\ffdshow
2008-11-30 15:01 . 2008-11-30 15:01 <DIR> d-------- c:\program files\DSP-worx
2008-11-30 15:01 . 2008-11-30 15:01 <DIR> d-------- c:\program files\DirectVobSub
2008-11-30 15:01 . 2007-11-29 15:52 60,273 --a------ c:\windows\system32\pthreadGC2.dll
2008-11-30 15:01 . 2007-12-03 19:34 7,680 --a------ c:\windows\system32\ff_vfw.dll
2008-11-30 15:01 . 2007-11-29 15:52 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2008-11-30 15:00 . 2008-11-30 18:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Zoom Player
2008-11-30 14:00 . 2008-11-30 14:00 244 --ah----- C:\sqmnoopt16.sqm
2008-11-30 14:00 . 2008-11-30 14:00 232 --ah----- C:\sqmdata16.sqm
2008-11-25 15:24 . 2008-12-24 15:36 <DIR> d-------- c:\program files\Common
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-24 20:35 --------- d-----w c:\program files\BitComet
2008-12-02 18:31 --------- d-----w c:\program files\Google
2008-11-26 20:37 --------- d-----w c:\documents and settings\computer\Application Data\LimeWire
2008-11-19 19:16 --------- d-----w c:\documents and settings\computer\Application Data\LANCITE
2008-11-17 20:04 2,306,113 ----a-w c:\windows\system32\GPhotos.scr
2008-11-09 01:14 --------- d-----w c:\program files\Atheros
2008-11-09 01:14 --------- d-----w c:\documents and settings\All Users\Application Data\Atheros
2008-11-09 01:13 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-09 01:13 --------- d-----w c:\documents and settings\computer\Application Data\InstallShield
2008-11-09 01:08 --------- d-----w c:\program files\Intel
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2006-11-10 417792]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-19 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"BitComet"="c:\program files\BitComet\BitComet.exe" [2008-12-03 2514744]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-29 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-29 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-29 118784]
"ZCfgSvc.exe"="c:\windows\system32\ZCfgSvc.exe" [2006-08-03 639040]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2005-07-07 135168]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-15 1261336]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 5367664]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logiciel Kodak EasyShare.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 282624]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2008-02-15 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2006-08-03 06:20 188482 c:\windows\system32\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^computer^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\computer\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^computer^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\computer\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^computer^Start Menu^Programs^Startup^Outil de détection de support de Cyber-shot Viewer.lnk]
path=c:\documents and settings\computer\Start Menu\Programs\Startup\Outil de détection de support de Cyber-shot Viewer.lnk
backup=c:\windows\pss\Outil de détection de support de Cyber-shot Viewer.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
--a------ 2008-12-03 05:11 2514744 c:\program files\BitComet\BitComet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a--c--- 2006-10-27 03:47 31016 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 14:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
--a------ 2008-01-04 23:56 5367664 c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-04-19 22:25 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
-ra--c--- 2006-11-07 01:50 3772416 c:\windows\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"ERSvc"=2 (0x2)
"usnjsvc"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeper.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9565:TCP"= 9565:TCP:BitComet 9565 TCP
"9565:UDP"= 9565:UDP:BitComet 9565 UDP
"9709:TCP"= 9709:TCP:BitComet 9709 TCP
"9709:UDP"= 9709:UDP:BitComet 9709 UDP
"23530:TCP"= 23530:TCP:BitComet 23530 TCP
"23530:UDP"= 23530:UDP:BitComet 23530 UDP
"8360:TCP"= 8360:TCP:BitComet 8360 TCP
"8360:UDP"= 8360:UDP:BitComet 8360 UDP
"21450:TCP"= 21450:TCP:BitComet 21450 TCP
"21450:UDP"= 21450:UDP:BitComet 21450 UDP
"24273:TCP"= 24273:TCP:BitComet 24273 TCP
"24273:UDP"= 24273:UDP:BitComet 24273 UDP
"20227:TCP"= 20227:TCP:BitComet 20227 TCP
"20227:UDP"= 20227:UDP:BitComet 20227 UDP
"8002:TCP"= 8002:TCP:BitComet 8002 TCP
"8002:UDP"= 8002:UDP:BitComet 8002 UDP
"15088:TCP"= 15088:TCP:BitComet 15088 TCP
"15088:UDP"= 15088:UDP:BitComet 15088 UDP
"27081:TCP"= 27081:TCP:BitComet 27081 TCP
"27081:UDP"= 27081:UDP:BitComet 27081 UDP
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-15 97928]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-15 231704]
R3 WSIMD;wsimd Service;c:\windows\system32\DRIVERS\wsimd.sys [2008-11-08 57408]
.
Contents of the 'Scheduled Tasks' folder
2008-12-24 c:\windows\Tasks\EasyShare Registration RunOnce Task.job
- c:\windows\system32\rundll32.exe [2004-08-03 19:56]
2008-12-12 c:\windows\Tasks\EasyShare Registration Task.job
- c:\windows\system32\rundll32.exe [2004-08-03 19:56]
2008-12-24 c:\windows\Tasks\RegCure Program Check.job
- c:\documents and settings\computer\Desktop\RegCure\RegCure.exe []
2008-11-20 c:\windows\Tasks\RegCure.job
- c:\documents and settings\computer\Desktop\RegCure\RegCure.exe []
.
- - - - ORPHANS REMOVED - - - -
BHO-{bce00324-24b8-4f33-a573-466f7564713b} - c:\windows\system32\lilofati.dll
HKLM-Run-nuwivayuse - c:\windows\system32\wonizaki.dll
HKLM-Run-CPMbf365421 - c:\windows\system32\batujuko.dll
MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://fr.canoe.ca/accueil.html
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://www.google.com/ie
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-24 15:39:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\WRLogonNTF.dll
c:\windows\system32\LgNotify.dll
- - - - - - - > 'explorer.exe'(940)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\agrsmsvc.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Synaptics\SynTP\SynToshiba.exe
c:\windows\system32\wscntfy.exe
c:\program files\Webroot\Spy Sweeper\ssu.exe
.
**************************************************************************
.
Completion time: 2008-12-24 15:42:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-24 20:42:10
Pre-Run: 23 998 451 712 bytes free
Post-Run: 23,925,256,192 bytes free
241
télechargez Malwarebyte's ici http://www.malwarebytes.org/mbam/program/mbam-setup.exe
le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
PS : les rapport sont aussi rangé dans l onglet rapport/log
le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
PS : les rapport sont aussi rangé dans l onglet rapport/log
