Trojan:Win32/Alureon.DX HELP!!!
ugns
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
mon ordi fonctionnant sous win vista est infecte par un virus Trojan:Alureon
Si quelqu'un pourrait m'aider.
J'ai un rapport de HijackThis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:25:02 AM, on 18/01/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode with network support
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Rogers SHS] C:\Program Files\rogers\selfhealing\shs.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Huguens\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10m_ActiveX.exe -update activex
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote Table Of Contents.onetoc2
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-ca.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Google Update Service (gupdate1c9baf5ef2f2477) (gupdate1c9baf5ef2f2477) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Rogers SHS Service (RogersSelfHelpService) - Rogers Cable Communications - C:\Program Files\Rogers\SelfHealing\RogersSelfHelpService.exe
O23 - Service: Rogers Update Manager (RogersUpdateManager) - Rogers Cable Communications - C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
mon ordi fonctionnant sous win vista est infecte par un virus Trojan:Alureon
Si quelqu'un pourrait m'aider.
J'ai un rapport de HijackThis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:25:02 AM, on 18/01/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode with network support
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Rogers SHS] C:\Program Files\rogers\selfhealing\shs.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Huguens\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10m_ActiveX.exe -update activex
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote Table Of Contents.onetoc2
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-ca.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Google Update Service (gupdate1c9baf5ef2f2477) (gupdate1c9baf5ef2f2477) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Rogers SHS Service (RogersSelfHelpService) - Rogers Cable Communications - C:\Program Files\Rogers\SelfHealing\RogersSelfHelpService.exe
O23 - Service: Rogers Update Manager (RogersUpdateManager) - Rogers Cable Communications - C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
A voir également:
- Trojan:Win32/Alureon.DX HELP!!!
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Anti trojan - Télécharger - Antivirus & Antimalwares
- Csrss.exe trojan fr ✓ - Forum Virus
- Trojan b901 system32 win config 34 ✓ - Forum Virus
- Virus trojan al11 ✓ - Forum Virus
4 réponses
salut
/!\ ATTENTION SUIVRE A LA LETTRE CES INDICATIONS/!\
__________________________________________________________
>Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
>>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
=====================================================
▶ Surtout , pense à l'enregistrement à renommer Combofix en "ton prenom.exe" avant qu'il soit enregistré sur ton disque dur
Telecharge ici : Combofix
Avant d'utiliser ComboFix :
Si tu utilises AVG, IL FAUT IMPERATIVEMENT LE DESINSTALLER avant d'utiliser Combofix car il peut causer des dégâts en interaction avec l'outil pouvant mener à la réinstallation totale du système.
La simple désactivation du résident n'est pas suffisante.
Télécharge le désinstalleur d'AVG sur ce lien : https://www.avg.com/fr-fr/avg-remover
Choisis la version adéquate (32 ou 64 bits)/!\
Les logiciels d'émulation de CD comme Daemon Tools peuvent gêner les outils de désinfection. Utilise Defogger pour les désactiver temporairement :
▶ Télécharge Defogger (de jpshortstuff) sur ton Bureau
▶ Lance le
Une fenêtre apparait : clique sur "Disable"
▶ Fais redémarrer l'ordinateur si l'outil te le demande
Note : Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"
_________________________________________________________
>> referme les fenêtres de tous les programmes en cours.
>> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
>>la protection en temps réel de ton Antivirus et de tes Antispywares,
>>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur combofix renommé
¤¤¤¤¤¤¤¤¤¤ LAISSE-LE INSTALLER LA CONSOLE DE RECUPERATION S'IL TE LE DEMANDE ¤¤¤¤¤¤¤¤¤¤
▶ !!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!!
▶ n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
/!\ ATTENTION SUIVRE A LA LETTRE CES INDICATIONS/!\
__________________________________________________________
>Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
>>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
=====================================================
▶ Surtout , pense à l'enregistrement à renommer Combofix en "ton prenom.exe" avant qu'il soit enregistré sur ton disque dur
Telecharge ici : Combofix
Avant d'utiliser ComboFix :
Si tu utilises AVG, IL FAUT IMPERATIVEMENT LE DESINSTALLER avant d'utiliser Combofix car il peut causer des dégâts en interaction avec l'outil pouvant mener à la réinstallation totale du système.
La simple désactivation du résident n'est pas suffisante.
Télécharge le désinstalleur d'AVG sur ce lien : https://www.avg.com/fr-fr/avg-remover
Choisis la version adéquate (32 ou 64 bits)/!\
Les logiciels d'émulation de CD comme Daemon Tools peuvent gêner les outils de désinfection. Utilise Defogger pour les désactiver temporairement :
▶ Télécharge Defogger (de jpshortstuff) sur ton Bureau
▶ Lance le
Une fenêtre apparait : clique sur "Disable"
▶ Fais redémarrer l'ordinateur si l'outil te le demande
Note : Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"
_________________________________________________________
>> referme les fenêtres de tous les programmes en cours.
>> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
>>la protection en temps réel de ton Antivirus et de tes Antispywares,
>>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur combofix renommé
¤¤¤¤¤¤¤¤¤¤ LAISSE-LE INSTALLER LA CONSOLE DE RECUPERATION S'IL TE LE DEMANDE ¤¤¤¤¤¤¤¤¤¤
▶ !!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!!
▶ n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
pourquoi tu l'as pas renommé comme demandé ?
tu as trois beaux rootkits en plus....
__________________________________________________
=>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=
----------------------------------------------------------------------------
Toujours avec toutes les protections désactivées, fais ceci :
▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :
----------------------------------------------------------
KillAll::
ClearJavaCache::
Rootkit::
c:\windows\system32\drivers\iivytsnz.sys
c:\windows\system32\drivers\ecgzqduc.sys
c:\windows\system32\drivers\xqjptxlf.sys
File::
c:\users\Huguens\AppData\Local\Hcabumokabadebi.bin
Folder::
c:\users\Huguens\AppData\Local\1cf6efbe
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
"iTunesHelper"=-
------------------------------------------------------------------
▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
▶ Quitte le Bloc Notes
▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix
▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt
tu as trois beaux rootkits en plus....
__________________________________________________
=>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=
----------------------------------------------------------------------------
Toujours avec toutes les protections désactivées, fais ceci :
▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :
----------------------------------------------------------
KillAll::
ClearJavaCache::
Rootkit::
c:\windows\system32\drivers\iivytsnz.sys
c:\windows\system32\drivers\ecgzqduc.sys
c:\windows\system32\drivers\xqjptxlf.sys
File::
c:\users\Huguens\AppData\Local\Hcabumokabadebi.bin
Folder::
c:\users\Huguens\AppData\Local\1cf6efbe
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
"iTunesHelper"=-
------------------------------------------------------------------
▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
▶ Quitte le Bloc Notes
▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix
▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt
salut!
(J'etais pas trop sure de quand le renommer. si c'est pas trop tard, puis-je encore le faire?)
voici le dernier rapport. Merci:
-------------------
ComboFix 12-01-18.04 - Huguens 18/01/2012 15:26:33.1.2 - x86 NETWORK
Microsoft® Windows Vista(TM) Home Premium 6.0.6002.2.1252.2.1033.18.1978.1494 [GMT -5:00]
Running from: C:\Users\Huguens\Downloads\ComboFix.exe
Command switches used :: C:\Users\Huguens\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FILE ::
"c:\users\Huguens\AppData\Local\Hcabumokabadebi.bin"
(J'etais pas trop sure de quand le renommer. si c'est pas trop tard, puis-je encore le faire?)
voici le dernier rapport. Merci:
-------------------
ComboFix 12-01-18.04 - Huguens 18/01/2012 15:26:33.1.2 - x86 NETWORK
Microsoft® Windows Vista(TM) Home Premium 6.0.6002.2.1252.2.1033.18.1978.1494 [GMT -5:00]
Running from: C:\Users\Huguens\Downloads\ComboFix.exe
Command switches used :: C:\Users\Huguens\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FILE ::
"c:\users\Huguens\AppData\Local\Hcabumokabadebi.bin"
-------------------------------------
ComboFix 12-01-18.04 - Huguens 18/01/2012 6:08.1.2 - x86 MINIMAL
Microsoft® Windows Vista(TM) Home Premium 6.0.6002.2.1252.2.1033.18.1978.1577 [GMT -5:00]
Running from: c:\users\Huguens\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\programdata\~FcjoiYsBHAxgDF
c:\programdata\~FcjoiYsBHAxgDFr
c:\programdata\DF08.tmp
c:\programdata\FcjoiYsBHAxgDF
c:\programdata\shs_setup_4059-354328.exe
C:\ugns.exe
c:\ugns.exe\023.dat
c:\ugns.exe\023v.dat
c:\ugns.exe\AppData.folder.dat
c:\ugns.exe\appinit.bad
c:\ugns.exe\asp.str
c:\ugns.exe\Assoc.cmd
c:\ugns.exe\attr.dat
c:\ugns.exe\ATTRIB.3XE
c:\ugns.exe\autorun_inf.dat
c:\ugns.exe\autorun_infB.dat
c:\ugns.exe\av.cmd
c:\ugns.exe\av.vbs
c:\ugns.exe\AWF.cmd
c:\ugns.exe\badclsid
c:\ugns.exe\BFE.dat
c:\ugns.exe\Boot-Rk.cmd
c:\ugns.exe\Boot.bat
c:\ugns.exe\BootDrv.vbs
c:\ugns.exe\borlander_file.dat
c:\ugns.exe\borlander_folder.dat
c:\ugns.exe\c.bat
c:\ugns.exe\Cache.folder.dat
c:\ugns.exe\Catch-sub.cmd
c:\ugns.exe\catchme.3XE
c:\ugns.exe\Catchme.tmp
c:\ugns.exe\CCS.bat
c:\ugns.exe\CF-Script.cmd
c:\ugns.exe\CF25881.3XE
c:\ugns.exe\Cfiles.dat
c:\ugns.exe\Cfolders.dat
c:\ugns.exe\CHCP.bat
c:\ugns.exe\ClistB.dat
c:\ugns.exe\clsid.c
c:\ugns.exe\clsid.dat
c:\ugns.exe\cmd.3XE
c:\ugns.exe\Combobatch.bat
c:\ugns.exe\ComboFix-Download.3XE
c:\ugns.exe\ConEnv.sed
c:\ugns.exe\Cookies.folder.dat
c:\ugns.exe\Create.cmd
c:\ugns.exe\Creg.dat
c:\ugns.exe\CregC.cmd
c:\ugns.exe\CregC.dat
c:\ugns.exe\CregC_.dat
c:\ugns.exe\CSCRIPT.3XE
c:\ugns.exe\d-del_A.dat
c:\ugns.exe\d-delA.dat
c:\ugns.exe\dd.3XE
c:\ugns.exe\ddsDo.sed
c:\ugns.exe\DelClsid.bat
c:\ugns.exe\DelClsid64.bat
c:\ugns.exe\Desktop.folder.dat
c:\ugns.exe\DisclaimED.dat
c:\ugns.exe\dll_whitelist.dat
c:\ugns.exe\dnd.dat
c:\ugns.exe\DPF.str
c:\ugns.exe\Drive.folder.dat
c:\ugns.exe\DriveFile.dat
c:\ugns.exe\Drives.dat
c:\ugns.exe\DrvRun.vbs
c:\ugns.exe\dumphive.3XE
c:\ugns.exe\embedded.sed
c:\ugns.exe\en-CA\ATTRIB.3XE.mui
c:\ugns.exe\en-CA\CF25881.3XE.mui
c:\ugns.exe\en-CA\CMD.3XE.mui
c:\ugns.exe\en-CA\CSCRIPT.3XE.mui
c:\ugns.exe\en-CA\PING.3XE.mui
c:\ugns.exe\en-CA\REGT.3XE.mui
c:\ugns.exe\en-CA\ROUTE.3XE.mui
c:\ugns.exe\en-US\ATTRIB.3XE.mui
c:\ugns.exe\en-US\CF25881.3XE.mui
c:\ugns.exe\en-US\cmd.3XE.mui
c:\ugns.exe\en-US\CSCRIPT.3XE.mui
c:\ugns.exe\en-US\iexplore.exe
c:\ugns.exe\en-US\PING.3XE.mui
c:\ugns.exe\en-US\REGT.3XE.mui
c:\ugns.exe\en-US\ROUTE.3XE.mui
c:\ugns.exe\Env.sed
c:\ugns.exe\ERDNT.e_e
c:\ugns.exe\ERDNTDOS.LOC
c:\ugns.exe\ERDNTWIN.LOC
c:\ugns.exe\ERUNT.3XE
c:\ugns.exe\erunt.dat
c:\ugns.exe\ERUNT.LOC
c:\ugns.exe\Exe.reg
c:\ugns.exe\extract.3XE
c:\ugns.exe\f_system
c:\ugns.exe\Favorites.folder.dat
c:\ugns.exe\FD-SV.cmd
c:\ugns.exe\FdsvOK
c:\ugns.exe\ffdefstr.dll
c:\ugns.exe\FileKill.3XE
c:\ugns.exe\files.pif
c:\ugns.exe\Fin.dat
c:\ugns.exe\FIND3M.bat
c:\ugns.exe\FIXLSP.bat
c:\ugns.exe\FKMGen.cmd
c:\ugns.exe\ForeignWht
c:\ugns.exe\GetHive.cmd
c:\ugns.exe\GOLDUN.DAT
c:\ugns.exe\grep.3XE
c:\ugns.exe\gsar.3XE
c:\ugns.exe\handle.3XE
c:\ugns.exe\hidec.3XE
c:\ugns.exe\history.bat
c:\ugns.exe\History.folder.dat
c:\ugns.exe\Huguens.user.cf
c:\ugns.exe\iexplore.exe
c:\ugns.exe\image001.gif
c:\ugns.exe\Imefile.dat
c:\ugns.exe\katch.cmd
c:\ugns.exe\Kill-All.cmd
c:\ugns.exe\kmd.dat
c:\ugns.exe\Lang.bat
c:\ugns.exe\List-B.bat
c:\ugns.exe\List-C.bat
c:\ugns.exe\lnkread.vbs
c:\ugns.exe\LocalAppData.folder.dat
c:\ugns.exe\LocalService.dat
c:\ugns.exe\LocalServiceNetworkRestricted.dat
c:\ugns.exe\LocalSettings.folder.dat
c:\ugns.exe\LocalSystemNetworkRestricted.dat
c:\ugns.exe\max_.dat
c:\ugns.exe\max_drivertocheck
c:\ugns.exe\mbr.3XE
c:\ugns.exe\mbr.chk
c:\ugns.exe\md5sum.pif
c:\ugns.exe\MoveIt.bat
c:\ugns.exe\mtee.3XE
c:\ugns.exe\MUI
c:\ugns.exe\Music.folder.dat
c:\ugns.exe\MWindows.dat
c:\ugns.exe\mynul.dat
c:\ugns.exe\N_\10210
c:\ugns.exe\N_\10249
c:\ugns.exe\N_\10287
c:\ugns.exe\N_\11761
c:\ugns.exe\N_\12447
c:\ugns.exe\N_\13494
c:\ugns.exe\N_\13739
c:\ugns.exe\N_\14085
c:\ugns.exe\N_\14097
c:\ugns.exe\N_\14185
c:\ugns.exe\N_\14576
c:\ugns.exe\N_\15115
c:\ugns.exe\N_\15476
c:\ugns.exe\N_\16729
c:\ugns.exe\N_\16852
c:\ugns.exe\N_\16974
c:\ugns.exe\N_\1705
c:\ugns.exe\N_\17179
c:\ugns.exe\N_\17610
c:\ugns.exe\N_\18282
c:\ugns.exe\N_\20114
c:\ugns.exe\N_\20663
c:\ugns.exe\N_\22674
c:\ugns.exe\N_\22954
c:\ugns.exe\N_\23579
c:\ugns.exe\N_\2366
c:\ugns.exe\N_\24548
c:\ugns.exe\N_\24716
c:\ugns.exe\N_\27741
c:\ugns.exe\N_\29638
c:\ugns.exe\N_\31078
c:\ugns.exe\N_\31953
c:\ugns.exe\N_\32300
c:\ugns.exe\N_\3587
c:\ugns.exe\N_\4129
c:\ugns.exe\N_\6637
c:\ugns.exe\N_\6783
c:\ugns.exe\N_\8535
c:\ugns.exe\N_\9184
c:\ugns.exe\N_\9249
c:\ugns.exe\N_\9388
c:\ugns.exe\N_\9913
c:\ugns.exe\N_\cfdummy00
c:\ugns.exe\N_\CmdLine00
c:\ugns.exe\ncmd.com
c:\ugns.exe\ND_.bat
c:\ugns.exe\ND_64.bat
c:\ugns.exe\ndis_combofix.dat
c:\ugns.exe\NetHood.folder.dat
c:\ugns.exe\netsvc.bad.dat
c:\ugns.exe\netsvc.dat
c:\ugns.exe\NetworkService.dat
c:\ugns.exe\NirCmd.3XE
c:\ugns.exe\NircmdB.exe
c:\ugns.exe\NirCmdC.3XE
c:\ugns.exe\NIRKMD.3XE
c:\ugns.exe\NlsLanguageDefault
c:\ugns.exe\notifykeys.dat
c:\ugns.exe\notifykeysB.dat
c:\ugns.exe\NT-OS.cmd
c:\ugns.exe\NULL
c:\ugns.exe\OsId.txt
c:\ugns.exe\OSid.vbs
c:\ugns.exe\pausep.3XE
c:\ugns.exe\pend.txt
c:\ugns.exe\Personal.folder.dat
c:\ugns.exe\pev.3XE
c:\ugns.exe\PEV.exe
c:\ugns.exe\pevb.3XE
c:\ugns.exe\Pictures.folder.dat
c:\ugns.exe\PING.3XE
c:\ugns.exe\Policies.dat
c:\ugns.exe\powp.dat
c:\ugns.exe\PreDIR
c:\ugns.exe\Prep.inf
c:\ugns.exe\PrintHood.folder.dat
c:\ugns.exe\Profiles.Folder.dat
c:\ugns.exe\Profiles.Folder.folder.dat
c:\ugns.exe\progfile.dat
c:\ugns.exe\Programs.folder.dat
c:\ugns.exe\Purity.dat
c:\ugns.exe\PV.3XE
c:\ugns.exe\pv.com
c:\ugns.exe\rar_sfx.cmd
c:\ugns.exe\RBoot.dat
c:\ugns.exe\RCLink.dat
c:\ugns.exe\RcVer00
c:\ugns.exe\Recent.folder.dat
c:\ugns.exe\REGDACL.sed
c:\ugns.exe\RegDo.sed
c:\ugns.exe\region.dat
c:\ugns.exe\RegScan.cmd
c:\ugns.exe\RegScan64.cmd
c:\ugns.exe\REGT.3XE
c:\ugns.exe\Resident.txt
c:\ugns.exe\restore_pt.dat
c:\ugns.exe\restore_pt.vbs
c:\ugns.exe\RkDetectA_HDCntrl.dat
c:\ugns.exe\Rkey.cmd
c:\ugns.exe\rmbr.3XE
c:\ugns.exe\rogues.dat
c:\ugns.exe\ROUTE.3XE
c:\ugns.exe\run.sed
c:\ugns.exe\run2.sed
c:\ugns.exe\Rust.str
c:\ugns.exe\s0rt.3XE
c:\ugns.exe\safeboot.dat
c:\ugns.exe\safeboot.def.dat
c:\ugns.exe\sed.3XE
c:\ugns.exe\SendTo.folder.dat
c:\ugns.exe\SetEnvmt.bat
c:\ugns.exe\setpath.3XE
c:\ugns.exe\SetPath.bat
c:\ugns.exe\setpath_N.cmd
c:\ugns.exe\SF.exe
c:\ugns.exe\sfx.cmd
c:\ugns.exe\SnapShot.cmd
c:\ugns.exe\SRestore.cmd
c:\ugns.exe\srizbi.md5
c:\ugns.exe\Start_dat
c:\ugns.exe\StartMenu.folder.dat
c:\ugns.exe\StartUp.folder.dat
c:\ugns.exe\SuppScan.cmd
c:\ugns.exe\svc_wht.dat
c:\ugns.exe\SvcDrv.vbs
c:\ugns.exe\svchost.dat
c:\ugns.exe\swreg.3XE
c:\ugns.exe\swsc.3XE
c:\ugns.exe\swxcacls.3XE
c:\ugns.exe\SysPath.dat
c:\ugns.exe\system_ini.dat
c:\ugns.exe\tail.3XE
c:\ugns.exe\Temp.dat
c:\ugns.exe\Templates.folder.dat
c:\ugns.exe\toolbar.sed
c:\ugns.exe\unhand.dat
c:\ugns.exe\Update-CF.cmd
c:\ugns.exe\v_wht.dat
c:\ugns.exe\VerCF.bat
c:\ugns.exe\VikPev00
c:\ugns.exe\Vikpev01
c:\ugns.exe\VInfo
c:\ugns.exe\VInfo2
c:\ugns.exe\VINFO3
c:\ugns.exe\Vipev.dat
c:\ugns.exe\ViPev00
c:\ugns.exe\ViPev01
c:\ugns.exe\Vista.krl
c:\ugns.exe\Vista.mac
c:\ugns.exe\vistaMcode.dat
c:\ugns.exe\vistareg.dat
c:\ugns.exe\vRun_DLL
c:\ugns.exe\vun.dat
c:\ugns.exe\vundonames.dat
c:\ugns.exe\VwinTemp.dacl
c:\ugns.exe\w_sock.dll
c:\ugns.exe\w7Mcode.dat
c:\ugns.exe\whiteAll.dat
c:\ugns.exe\whitedir.dat
c:\ugns.exe\whitedirCreated.dat
c:\ugns.exe\Wmi_rem.vbs
c:\ugns.exe\xpmcode.dat
c:\ugns.exe\XPSBoot.reg
c:\ugns.exe\zDomain.dat
c:\ugns.exe\zhsvc.dat
c:\ugns.exe\zip.3XE
c:\ugns.exe\Zlob01
c:\users\Huguens\AppData\Local\1cf6efbe\U
c:\users\Huguens\AppData\Local\1cf6efbe\U\000000c0.@
c:\users\Huguens\AppData\Local\1cf6efbe\U\000000cb.@
c:\users\Huguens\AppData\Local\1cf6efbe\U\800000cf.$
c:\users\Huguens\AppData\Roaming\Adobe\plugs
c:\users\Huguens\AppData\Roaming\Adobe\shed
.
.
((((((((((((((((((((((((( Files Created from 2011-12-18 to 2012-01-18 )))))))))))))))))))))))))))))))
.
.
2012-01-18 15:41 . 2012-01-18 15:41 41680 ----a-w- c:\windows\system32\drivers\iivytsnz.sys
2012-01-18 15:41 . 2012-01-18 15:25 -------- d-----w- c:\windows\system32\MpEngineStore
2012-01-18 15:25 . 2012-01-18 15:25 41680 ----a-w- c:\windows\system32\drivers\ecgzqduc.sys
2012-01-18 15:24 . 2011-10-04 22:22 703824 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BB2A59C-51F3-47E3-AC0C-728BADCC0FF7}\gapaengine.dll
2012-01-18 14:19 . 2011-10-04 22:22 703824 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1AB93DC6-7A8E-4F03-A1DE-C4428C7BB5BC}\gapaengine.dll
2012-01-18 14:19 . 2012-01-17 09:39 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5DA8E9B5-3C7D-463A-A3AD-E464C473B3DE}\mpengine.dll
2012-01-18 14:16 . 2012-01-18 14:16 -------- d-----w- c:\program files\Trend Micro
2012-01-18 14:04 . 2012-01-17 09:39 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DCEDAF82-4EE4-42E0-822F-E70B140F5B70}\mpengine.dll
2012-01-18 13:27 . 2011-10-04 22:22 703824 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D586376B-A078-4FB7-8555-4246B90FDF91}\gapaengine.dll
2012-01-18 11:21 . 2012-01-18 11:25 -------- d-----w- c:\users\Huguens\AppData\Local\temp
2012-01-18 11:21 . 2012-01-18 11:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-17 17:15 . 2012-01-17 17:15 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9CFE820A-79D9-4634-9142-37AEC7691442}\offreg.dll
2012-01-17 17:15 . 2011-11-30 07:21 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9CFE820A-79D9-4634-9142-37AEC7691442}\mpengine.dll
2012-01-17 16:21 . 2011-10-04 22:22 703824 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{548BE9F4-BC30-49E7-83CB-6C2CD6CA464D}\gapaengine.dll
2012-01-16 23:48 . 2011-10-04 22:22 703824 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8BE0D7D-7B90-4B48-B645-C69BF9ACA2CB}\gapaengine.dll
2012-01-15 07:13 . 2012-01-15 07:13 41680 ----a-w- c:\windows\system32\drivers\xqjptxlf.sys
2012-01-15 06:59 . 2011-10-04 22:22 703824 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{87201FA6-0AC5-47B9-9A96-30DC4C9BC987}\gapaengine.dll
2012-01-15 01:31 . 2012-01-15 01:31 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D226AEC6-2AF3-4356-89F4-B50E6D5FFAD2}\offreg.dll
2012-01-15 01:31 . 2011-11-30 07:21 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D226AEC6-2AF3-4356-89F4-B50E6D5FFAD2}\mpengine.dll
2012-01-12 21:23 . 2011-10-04 22:22 703824 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B51ABC33-6868-4F67-A17A-EE89E0255323}\gapaengine.dll
2012-01-11 21:48 . 2011-10-04 22:22 703824 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CAA01548-1B17-432B-9AF0-F6BE88C5FE97}\gapaengine.dll
2012-01-11 21:48 . 2011-11-30 07:21 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2EFFBD02-3B2D-4862-87C2-E757E942BEFC}\mpengine.dll
2012-01-11 21:29 . 2011-10-04 22:22 703824 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{641B0910-8F51-4132-83AF-D52E0D6387D3}\gapaengine.dll
2012-01-11 19:28 . 2012-01-11 19:28 -------- d-----w- c:\users\Huguens\AppData\Roaming\SpeedMaxPc
2012-01-11 19:28 . 2012-01-11 19:51 -------- d-----w- c:\programdata\SpeedMaxPc
2012-01-11 15:24 . 2011-10-04 22:22 703824 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7C8A9FE5-8562-417C-BC6F-55B021F30340}\gapaengine.dll
2012-01-11 15:24 . 2011-11-30 07:21 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4837A93A-D8E8-427B-9E66-4C422A6B2BB8}\mpengine.dll
2012-01-10 18:05 . 2012-01-10 18:05 -------- d--h--w- c:\users\Huguens\AppData\Local\FixItCenter
2012-01-10 18:00 . 2012-01-10 18:00 -------- d-----w- c:\program files\Microsoft Fix it Center
2012-01-10 17:52 . 2012-01-11 21:53 -------- d-----w- c:\users\Huguens\AppData\Local\ElevatedDiagnostics
2012-01-10 17:01 . 2012-01-10 17:01 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing
2012-01-10 15:25 . 2012-01-18 11:21 -------- d-sh--w- c:\users\Huguens\AppData\Local\1cf6efbe
2012-01-10 15:25 . 2012-01-11 00:38 -------- d--h--w- c:\users\Huguens\AppData\Local\MicrosoftNT
2012-01-01 04:55 . 2012-01-01 04:55 -------- d--h--w- c:\users\Huguens\AppData\Local\{2DBD0A19-36EC-402F-9100-A99413005678}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-01 05:09 . 2011-08-26 02:00 0 ---ha-w- c:\users\Huguens\AppData\Local\Hcabumokabadebi.bin
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-11 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-12 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-12 202032]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-04-11 68592]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Rogers SHS"="c:\program files\rogers\selfhealing\shs.exe" [2010-01-21 2732032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
.
c:\users\Huguens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote Table Of Contents.onetoc2 [2010-9-8 3656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-18 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-01-29 19:13]
.
2012-01-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-11 22:35]
.
2012-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-11 22:36]
.
2011-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-11 22:36]
.
2011-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1703096936-684161621-604034478-1000Core.job
- c:\users\Huguens\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-09 14:51]
.
2012-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1703096936-684161621-604034478-1000UA.job
- c:\users\Huguens\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-09 14:51]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-18 06:25
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec /V"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-01-18 06:27:44
ComboFix-quarantined-files.txt 2012-01-18 11:27
.
Pre-Run: 127,742,685,184 bytes free
Post-Run: 128,047,263,744 bytes free
.
- - End Of File - - F38E861BCDE55D3A637C561A77E5B316