Win32:Purityscan-S [Trj]

lucie -  
 princ3ss3-sunshin3 -
bonjours .
avast me déniche sans arret a achaque conexion :

C:\Program Files\Fichiers communs\Yazzle1125OinAdmin.exe\[UPX]

Win32:Purityscan-S [Trj]

-------------

C:\Documents and Settings\metal.kanar\Local Settings\Temporary Internet Files\Content.IE5\6TDAVMXS\Installer[1].exe

Win32:Lookme-gen [Adw]

---------------

C:\Documents and Settings\LocalService.AUTORITE NT.000\Local Settings\Temporary Internet Files\Content.IE5\AFR6DHAR\adult1[1].exe

Win32:Dialer-gen13 [Trj]

et sunbelt kerio trouve sans arret

C\windos\system32\is941.exe

pouvez vous m'aider?
merci

18 réponses

  1. did71 Messages postés 2187 Statut Contributeur sécurité 36
     
    Bonsoir lucie,

    télécharge HijackThis:

    http://pchelpbordeaux.free.fr/logiciels.html

    Tutorial
    http://pchelpbordeaux.free.fr/tuto.html

    Démo en image
    http://pageperso.aol.fr/balltrap34/demohijack.htm

    Fais un scan et poste l'analyse.

    a+
    0
  2. lucie
     
    Logfile of HijackThis v1.99.1
    Scan saved at 23:53:53, on 25/10/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\WINDOWS\lsass.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\WINDOWS\vsnpstd2.exe
    C:\WINDOWS\System32\winamp.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    c:\windows\algs.exe
    C:\Program Files\Maxthon\Maxthon.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\Program Files\Giganology\Gigaget\Gigaget.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://findthewebsiteyouneed.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
    R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
    O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\System32\gigagetbho_v10.dll
    O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\System32\ljvuyexr.dll
    O2 - BHO: (no name) - {3A947772-3B29-41DB-A436-4B5CAAECE2F6} - C:\WINDOWS\System32\ljjifge.dll
    O2 - BHO: (no name) - {5A742A78-5E67-41BE-A19B-3C2A3EECD7D5} - C:\WINDOWS\System32\vtsqq.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Gigaget] "C:\Program Files\Giganology\Gigaget\GigagetShell.exe" /s
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
    O4 - HKLM\..\Run: [Repair Registry Pro] C:\Program Files\Repair Registry Pro\RepairRegistryPro.exe -s
    O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
    O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
    O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e37.exe
    O4 - HKLM\..\Run: [newname] C:\\nwnmff_e37.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\coincoin\eMule\emule.exe -AutoStart
    O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
    O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O12 - Plugin for .m4v: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4897C1FD-A695-4825-9468-089435E0BD2F}: NameServer = 195.238.2.22 195.238.2.21
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: dxclib303562752.dll
    O20 - Winlogon Notify: ljjifge - C:\WINDOWS\SYSTEM32\ljjifge.dll
    O20 - Winlogon Notify: vtsqq - C:\WINDOWS\System32\vtsqq.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: LSA Shel (Export Version) - Unknown owner - C:\WINDOWS\lsass.exe
    O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    0
  3. did71 Messages postés 2187 Statut Contributeur sécurité 36
     
    re,

    joliement infecté ton pc!

    1) Télécharge SmitfraudFix de S!Ri:
    http://siri.urz.free.fr/Fix/SmitfraudFix.zip
    Tu le dézippes sur le Bureau.

    Tu ouvres SmitfraudFix, tu double cliques sur SmitfraudFix.cmd et tu choisis l’option 1
    Postes le rapport.

    2)Télécharge ce fichier - combofix.exe :

    http://download.bleepingcomputer.com/sUBs/combofix.exe

    et sauvegarde le sur ton bureau!

    Clic sur le menu Démarrer puis executer et copie/colle ceci :
    "%userprofile%\Bureau\combofix.exe" /v vtsqq
    puis clic sur OK.

    Ne touche a rien et attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

    3) Télécharge Look2Me-Destroyer.exe sur ton Bureau.
    http://www.atribune.org/ccount/click.php?id=7

    * Ferme toutes les fenêtres actives avant de passer à l'étape suivante.
    * Double-clique Look2Me-Destroyer.exe afin de lancer l'outil.
    * Coche Run this program as a task
    * Un message s'affichera, te disant ceci : "Look2Me-Destroyer will close and re-open in approximately 10 seconds". Clique OK
    * Il se relancera après les 10 secondes, puis clique sur le bouton Scan for L2M; les icônes de ton Bureau vont disparaître : c'est normal.
    * Lorsque le scan termine, clique sur le bouton Remove L2M
    * Un message Done Scanning apparaîtra, clique OK.
    * Un nouveau message s'affichera : Done removing infected files! Look2Me-Destroyer will now shutdown your computer; clique OK.
    * Ton PC va maintenant s'éteindre.
    * Démarre ton PC normalement.
    * Colle le rapport généré, situé ici : C:\Look2Me-Destroyer.txt ,

    #Si Look2Me-Destroyer ne se relance pas automatiquement après les 10 secondes, redémarre et essaie à nouveau.

    ##Si tu reçois un message de ton parefeu que l'outil tente d'accéder à l'internet : accepte.

    ###Si un message runtime error '339' s'affiche : télécharge MSWINSCK.OCX du lien ci-bas, et place-le dans le dossier C:\Windows\System32.
    http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

    4)poste les rapports SmitfraudFix, combofix et look2me

    a+
    0
  4. lucie
     
    a la fin de look2me-destroy, mon pc s'est étain d'un coup!!! pouf!!! c'etait normal??

    je continue a avoir mes attaques annoncées par avast!

    metal.kanar - 06-10-26 1:29:31,75 Service Pack 1
    ComboFix 06.10.19 - Running from: "C:\Documents and Settings\metal.kanar\Bureau"

    ((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))

    C:\WINDOWS\system32\dxclib303562752.dll
    C:\Documents and Settings\metal.kanar\Application Data\Dxcdmns.dll
    C:\Documents and Settings\metal.kanar\Application Data\Dxcknwrd.dll
    C:\Documents and Settings\metal.kanar\Application Data\Dxcuknwrd.dll
    C:\WINDOWS\system32\bkd.exe
    C:\Program Files\DeluxeCommunications\Dxc.exe
    C:\Program Files\DeluxeCommunications\DxcBho.dll
    C:\Program Files\DeluxeCommunications\DxcCore.dll

    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    C:\WINDOWS\teller2.chk
    C:\dfndrff_e37.exe
    C:\drsmartload.exe
    C:\deskbar.exe
    C:\deskbar_e37.exe
    C:\kybrdff_e37.exe
    C:\nwnmff_e37.exe
    C:\Documents and Settings\metal.kanar\Local Settings\Temporary Internet Files\Content.IE5\6TDAVMXS\dfndrff_e_uit[1].exe
    C:\Documents and Settings\metal.kanar\Local Settings\Temporary Internet Files\Content.IE5\KVHFIM7P\drsmartload44a[1].exe
    C:\Documents and Settings\metal.kanar\Local Settings\Temporary Internet Files\Content.IE5\6TDAVMXS\kybrdff_e[1].exe
    C:\Documents and Settings\metal.kanar\Local Settings\Temporary Internet Files\Content.IE5\1V379T0E\nwnmff_e[1].exe
    C:\Program Files\Fichiers communs\Yazzle1125OinUninstaller.exe
    C:\Program Files\Deskbar

    ((((((((((((((((((((((((((((((( Files Created from 2006-09-26 to 2006-10-26 ))))))))))))))))))))))))))))))))))

    2006-10-26 01:14 40,973 ---hs---- C:\WINDOWS\system32\ddcyayv.dll
    2006-10-26 01:13 181,580 --a------ C:\WINDOWS\YazzleBundle-1125.exe
    2006-10-26 00:38 40,973 ---hs---- C:\WINDOWS\system32\qomkheb.dll
    2006-10-26 00:09 16,384 --a------ C:\mc44a37.exe
    2006-10-26 00:08 40,973 ---hs---- C:\WINDOWS\system32\cbxwvwx.dll
    2006-10-25 22:38 40,973 ---hs---- C:\WINDOWS\system32\nnnnkll.dll
    2006-10-25 21:17 40,973 ---hs---- C:\WINDOWS\system32\khfedee.dll
    2006-10-25 19:49 40,973 ---hs---- C:\WINDOWS\system32\ljjifge.dll
    2006-10-25 18:59 98,324 --a------ C:\WINDOWS\system32\ljvuyexr.dll
    2006-10-25 18:59 67,604 --a------ C:\WINDOWS\system32\mewluiyw.exe
    2006-10-25 18:59 501,334 ---hs---- C:\WINDOWS\system32\qqstv.bak1
    2006-10-25 18:58 688,180 ---hs---- C:\WINDOWS\system32\vtsqq.dll
    2006-10-25 18:35 40,973 ---hs---- C:\WINDOWS\system32\awtqnkh.dll
    2006-10-25 18:34 8,012 --a------ C:\WINDOWS\algs.exe
    2006-10-25 18:34 16,384 --ahs---- C:\WINDOWS\system32\wu.exe
    2006-10-24 19:51 53,675 -r-hs---- C:\WINDOWS\lsass.exe
    2006-10-24 19:50 13,664 --ah----- C:\WINDOWS\system32\ksbar.exe
    2006-10-24 19:37 51,068 --ah----- C:\WINDOWS\system32\fjlxabmn.exe
    2006-10-24 19:33 562,980 --a------ C:\WINDOWS\system32\winsms.exe
    2006-10-23 12:37 114,392 --a------ C:\WINDOWS\system32\fhm.exe
    2006-10-22 12:53 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2006-10-22 12:51 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
    2006-10-21 15:45 90,112 --a------ C:\WINDOWS\system32\dpl100.dll
    2006-10-21 15:45 856,064 --a------ C:\WINDOWS\system32\xvidcore.dll
    2006-10-21 15:45 77,824 --a------ C:\WINDOWS\system32\mplaw7.dll
    2006-10-21 15:45 77,824 --a------ C:\WINDOWS\system32\mplaa6.dll
    2006-10-21 15:45 755,200 --a------ C:\WINDOWS\system32\Ir50_32.dll
    2006-10-21 15:45 65,536 --a------ C:\WINDOWS\system32\mplapx.dll
    2006-10-21 15:45 65,536 --a------ C:\WINDOWS\system32\mplam6.dll
    2006-10-21 15:45 630,784 --a------ C:\WINDOWS\system32\vp7vfw.dll
    2006-10-21 15:45 620,180 --a------ C:\WINDOWS\system32\divx.dll
    2006-10-21 15:45 593,938 --a------ C:\WINDOWS\system32\x264vfw.dll
    2006-10-21 15:45 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll
    2006-10-21 15:45 438,272 --a------ C:\WINDOWS\system32\vp6vfw.dll
    2006-10-21 15:45 39,936 --a------ C:\WINDOWS\system32\huffyuv.dll
    2006-10-21 15:45 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2006-10-21 15:45 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
    2006-10-21 15:45 217,088 --a------ C:\WINDOWS\system32\xvidvfw.dll
    2006-10-21 15:45 217,088 --a------ C:\WINDOWS\system32\i420vfw.dll
    2006-10-21 15:45 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
    2006-10-21 15:45 200,704 --a------ C:\WINDOWS\system32\dtu100.dll
    2006-10-21 15:45 200,192 --a------ C:\WINDOWS\system32\Ir50_qc.dll
    2006-10-21 15:45 19,968 --a------ C:\WINDOWS\system32\cpuinf32.dll
    2006-10-21 15:45 183,808 --a------ C:\WINDOWS\system32\Ir50_qcx.dll
    2006-10-21 15:45 144,384 --a------ C:\WINDOWS\system32\Iacenc.dll
    2006-10-21 15:45 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll
    2006-10-21 15:45 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
    2006-10-21 02:51 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
    2006-10-21 02:51 249,856 --------- C:\WINDOWS\Setup1.exe
    2006-10-20 18:04 79,360 --a------ C:\WINDOWS\system32\irmon.dll
    2006-10-20 18:04 7,680 --a------ C:\WINDOWS\system32\wshirda.dll
    2006-10-20 18:04 55,296 --a------ C:\WINDOWS\system32\drivers\irda.sys
    2006-10-20 18:04 26,624 --a------ C:\WINDOWS\system32\drivers\irstusb.sys
    2006-10-20 18:04 20,096 --a------ C:\WINDOWS\system32\drivers\MSIRCOMM.sys
    2006-10-20 18:04 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
    2006-10-20 18:04 100,864 --a------ C:\WINDOWS\system32\irftp.exe
    2006-10-15 18:36 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
    2006-10-15 18:36 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
    2006-10-15 18:36 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
    2006-10-15 18:26 301 C:\WINDOWSVue 5 Infinite.reg
    2006-10-15 16:56 56,832 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
    2006-10-15 16:56 50,688 --a------ C:\WINDOWS\system32\vfwwdm32.dll
    2006-10-15 16:55 61,440 --a------ C:\WINDOWS\system32\csnpstd2.dll
    2006-10-15 16:55 57,344 --a------ C:\WINDOWS\system32\rsnpstd2.dll
    2006-10-15 16:55 53,248 --a------ C:\WINDOWS\system32\dsnpstd2.dll
    2006-10-15 16:55 53,248 --a------ C:\WINDOWS\amcap.exe
    2006-10-15 16:55 36,864 --a------ C:\WINDOWS\system32\vsnpstd2.dll
    2006-10-15 16:55 347,264 --a------ C:\WINDOWS\system32\drivers\snpstd2.sys
    2006-10-15 16:55 286,720 --a------ C:\WINDOWS\vsnpstd2.exe
    2006-10-15 16:55 20,480 --a------ C:\WINDOWS\usnpstd2.exe
    2006-10-15 16:54 182,880 --a------ C:\WINDOWS\system32\iuengine.dll
    2006-10-15 16:53 28,160 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
    2006-10-15 15:22 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
    2006-10-15 15:01 90,240 --a------ C:\WINDOWS\system32\drivers\sptd4941.sys
    2006-10-15 15:01 664,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2006-10-14 21:48 978,944 --a------ C:\WINDOWS\SynthCoreA.Dll
    2006-10-14 21:48 77,440 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
    2006-10-14 21:48 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys
    2006-10-14 21:48 56,832 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
    2006-10-14 21:48 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
    2006-10-14 21:48 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
    2006-10-14 21:48 5,888 --a------ C:\WINDOWS\system32\drivers\splitter.sys
    2006-10-14 21:48 380,928 --a------ C:\WINDOWS\SynCor.exe
    2006-10-14 21:48 30,208 --a------ C:\WINDOWS\system32\wdmioctl.dll
    2006-10-14 21:48 2,816 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
    2006-10-14 21:48 159,360 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
    2006-10-14 21:48 142,208 --a------ C:\WINDOWS\system32\drivers\aec.sys
    2006-10-14 21:48 134,272 --a------ C:\WINDOWS\system32\drivers\portcls.sys
    2006-10-14 21:48 1,285,632 --a------ C:\WINDOWS\system32\SMMedia.dll
    2006-10-14 21:47 991,232 --a------ C:\WINDOWS\system32\virtear.dll
    2006-10-14 21:47 720,896 --a------ C:\WINDOWS\system32\Audio3d.dll
    2006-10-14 21:47 49,152 --a------ C:\WINDOWS\system32\S11thk32.dll
    2006-10-14 21:47 49,152 --a------ C:\WINDOWS\system32\DSndUp.exe
    2006-10-14 21:47 45,056 --a------ C:\WINDOWS\system32\SynthCore11Resources.dll
    2006-10-14 21:47 45,056 --a------ C:\WINDOWS\system32\CleanUp.exe
    2006-10-14 21:47 44 --a------ C:\WINDOWS\system32\msssc.dll
    2006-10-14 21:47 40,820 --a------ C:\WINDOWS\system32\Syncor11.dll
    2006-10-14 20:48 36,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
    2006-10-14 20:48 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
    2006-10-14 20:48 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2006-10-14 20:48 129,784 --------- C:\WINDOWS\system32\pxafs.dll
    2006-10-14 20:48 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
    2006-10-14 20:40 86,016 --a------ C:\WINDOWS\system32\gigagetbho_v10.dll
    2006-10-14 20:28 98,816 --a------ C:\WINDOWS\system32\dmstyle.dll
    2006-10-14 20:28 974,848 --a------ C:\WINDOWS\system32\dxdiag.exe
    2006-10-14 20:28 929,792 --a------ C:\WINDOWS\system32\ATKDispCPL.dll
    2006-10-14 20:28 83,968 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
    2006-10-14 20:28 80,896 --a------ C:\WINDOWS\system32\dpvsetup.exe
    2006-10-14 20:28 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll
    2006-10-14 20:28 797,184 --a------ C:\WINDOWS\system32\d3dim700.dll
    2006-10-14 20:28 79,360 --a------ C:\WINDOWS\system32\dpwsockx.dll
    2006-10-14 20:28 77,824 --a------ C:\WINDOWS\system32\dpmodemx.dll
    2006-10-14 20:28 76,800 --a------ C:\WINDOWS\system32\dmscript.dll
    2006-10-14 20:28 733,184 --a------ C:\WINDOWS\system32\qedwipes.dll
    2006-10-14 20:28 723,968 --a------ C:\WINDOWS\system32\dpnet.dll
    2006-10-14 20:28 7,424 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
    2006-10-14 20:28 68,096 --a------ C:\WINDOWS\system32\dpnhupnp.dll
    2006-10-14 20:28 65,536 --a------ C:\WINDOWS\system32\ATKOGL.dll
    2006-10-14 20:28 64,512 --a------ C:\WINDOWS\system32\amstream.dll
    2006-10-14 20:28 602,624 --a------ C:\WINDOWS\system32\dx7vb.dll
    2006-10-14 20:28 58,368 --a------ C:\WINDOWS\system32\dmcompos.dll
    2006-10-14 20:28 52,096 --a------ C:\WINDOWS\system32\drivers\msdv.sys
    2006-10-14 20:28 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys
    2006-10-14 20:28 5,248 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
    2006-10-14 20:28 491,520 --a------ C:\WINDOWS\system32\dsdmoprp.dll
    2006-10-14 20:28 48,512 --a------ C:\WINDOWS\system32\drivers\stream.sys
    2006-10-14 20:28 470,528 --a------ C:\WINDOWS\system32\qdvd.dll
    2006-10-14 20:28 47,104 --a------ C:\WINDOWS\system32\wstdecod.dll
    2006-10-14 20:28 46,592 --a------ C:\WINDOWS\system32\dxdllreg.exe
    2006-10-14 20:28 440,832 --a------ C:\WINDOWS\system32\ATKOSDX.dll
    2006-10-14 20:28 4,608 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
    2006-10-14 20:28 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
    2006-10-14 20:28 4,096 --a------ C:\WINDOWS\system32\drivers\swenum.sys
    2006-10-14 20:28 381,952 --a------ C:\WINDOWS\system32\dsound.dll
    2006-10-14 20:28 381,952 --a------ C:\WINDOWS\system32\dpvoice.dll
    2006-10-14 20:28 354,816 --a------ C:\WINDOWS\system32\psisdecd.dll
    2006-10-14 20:28 34,304 --a------ C:\WINDOWS\system32\mciqtz32.dll
    2006-10-14 20:28 33,280 --a------ C:\WINDOWS\system32\dmloader.dll
    2006-10-14 20:28 324,096 --a------ C:\WINDOWS\system32\mswebdvd.dll
    2006-10-14 20:28 32,768 --a------ C:\WINDOWS\system32\dpnhpast.dll
    2006-10-14 20:28 316,928 --a------ C:\WINDOWS\system32\qdv.dll
    2006-10-14 20:28 3,072 --a------ C:\WINDOWS\system32\dpnlobby.dll
    2006-10-14 20:28 3,072 --a------ C:\WINDOWS\system32\dpnaddr.dll
    2006-10-14 20:28 292,864 --a------ C:\WINDOWS\system32\ddraw.dll
    2006-10-14 20:28 28,160 --a------ C:\WINDOWS\system32\dplaysvr.exe
    2006-10-14 20:28 27,136 --a------ C:\WINDOWS\system32\dmband.dll
    2006-10-14 20:28 258,048 --a------ C:\WINDOWS\ATKKBService.exe
    2006-10-14 20:28 257,024 --a------ C:\WINDOWS\system32\qcap.dll
    2006-10-14 20:28 24,064 --a------ C:\WINDOWS\system32\ddrawex.dll
    2006-10-14 20:28 230,400 --a------ C:\WINDOWS\system32\dplayx.dll
    2006-10-14 20:28 23,040 --a------ C:\WINDOWS\system32\drivers\atkkbnt.sys
    2006-10-14 20:28 194,912 --a------ C:\WINDOWS\system32\ATKDISP.dll
    2006-10-14 20:28 19,968 --a------ C:\WINDOWS\system32\dpvacm.dll
    2006-10-14 20:28 186,880 --a------ C:\WINDOWS\system32\dsdmo.dll
    2006-10-14 20:28 181,248 --a------ C:\WINDOWS\system32\dmime.dll
    2006-10-14 20:28 18,944 --a------ C:\WINDOWS\system32\encapi.dll
    2006-10-14 20:28 18,688 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
    2006-10-14 20:28 18,432 --a------ C:\WINDOWS\system32\dswave.dll
    2006-10-14 20:28 16,896 --a------ C:\WINDOWS\system32\msyuv.dll
    2006-10-14 20:28 16,896 --a------ C:\WINDOWS\system32\dpnsvr.exe
    2006-10-14 20:28 16,384 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
    2006-10-14 20:28 15,104 --a------ C:\WINDOWS\system32\drivers\mpe.sys
    2006-10-14 20:28 14,976 --a------ C:\WINDOWS\system32\drivers\streamip.sys
    2006-10-14 20:28 132,608 --a------ C:\WINDOWS\system32\devenum.dll
    2006-10-14 20:28 130,304 --a------ C:\WINDOWS\system32\drivers\ks.sys
    2006-10-14 20:28 13,312 --a------ C:\WINDOWS\system32\msdmo.dll
    2006-10-14 20:28 122,880 --a------ C:\WINDOWS\system32\dmusic.dll
    2006-10-14 20:28 112,128 --a------ C:\WINDOWS\system32\dpvvox.dll
    2006-10-14 20:28 11,392 --a------ C:\WINDOWS\system32\drivers\bdasup.sys
    2006-10-14 20:28 11,264 --a------ C:\WINDOWS\system32\ATKOSDMini.DLL
    2006-10-14 20:28 100,864 --a------ C:\WINDOWS\system32\dmsynth.dll
    2006-10-14 20:28 10,880 --a------ C:\WINDOWS\system32\drivers\slip.sys
    2006-10-14 20:28 10,112 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
    2006-10-14 20:28 1,975,936 --a------ C:\WINDOWS\system32\drivers\Bravo.sys
    2006-10-14 20:28 1,962,496 --a------ C:\WINDOWS\system32\quartz.dll
    2006-10-14 20:28 1,798,144 --a------ C:\WINDOWS\system32\qedit.dll
    2006-10-14 20:28 1,769,472 --a------ C:\WINDOWS\system32\dxdiagn.dll
    2006-10-14 20:28 1,703,936 --a------ C:\WINDOWS\system32\d3d9.dll
    2006-10-14 20:28 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll
    2006-10-14 20:28 1,230,336 --a------ C:\WINDOWS\system32\msvidctl.dll
    2006-10-14 20:28 1,201,152 --a------ C:\WINDOWS\system32\d3d8.dll
    2006-10-14 20:28 1,189,888 --a------ C:\WINDOWS\system32\dx8vb.dll
    2006-10-14 20:25 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
    2006-10-14 20:16 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe
    2006-10-14 20:16 299,008 -ra------ C:\WINDOWS\system32\atiiiexx.dll
    2006-10-14 20:15 11,264 -ra------ C:\WINDOWS\system32\drivers\EIO.sys
    2006-10-14 20:10 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
    2006-10-14 20:01 57,728 --a------ C:\WINDOWS\system32\drivers\redbook.sys
    2006-10-14 20:01 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
    2006-10-14 20:00 70,144 --a------ C:\WINDOWS\system32\usbui.dll
    2006-10-14 20:00 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
    2006-10-14 19:58 86,044 --a------ C:\WINDOWS\system32\dgsetup.dll
    2006-10-14 19:58 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
    2006-10-14 19:58 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
    2006-10-14 19:58 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
    2006-10-14 19:58 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
    2006-10-14 19:58 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
    2006-10-14 19:58 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
    2006-10-14 19:58 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
    2006-10-14 19:58 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
    2006-10-14 19:58 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
    2006-10-14 19:58 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
    2006-10-14 19:58 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
    2006-10-14 19:58 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
    2006-10-14 19:58 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
    2006-10-14 19:58 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
    2006-10-14 19:58 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
    2006-10-14 19:58 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
    2006-10-14 19:58 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
    2006-10-14 19:58 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
    2006-10-14 19:58 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
    2006-10-14 19:58 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
    2006-10-14 19:58 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
    2006-10-14 19:58 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
    2006-10-14 19:58 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
    2006-10-14 19:58 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
    2006-10-14 19:58 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
    2006-10-14 19:58 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
    2006-10-14 19:58 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
    2006-10-14 19:58 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
    2006-10-14 19:58 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
    2006-10-14 19:58 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
    2006-10-14 19:58 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
    2006-10-14 19:58 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
    2006-10-14 19:58 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
    2006-10-14 19:58 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
    2006-10-14 19:58 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
    2006-10-14 19:58 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
    2006-10-14 19:58 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
    2006-10-14 19:58 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
    2006-10-14 19:58 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
    2006-10-14 19:58 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
    2006-10-14 19:58 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
    2006-10-14 19:58 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
    2006-10-14 19:58 13,312 --a------ C:\WINDOWS\system32\irclass.dll
    2006-10-14 19:58 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
    2006-10-14 19:58 10,496 --a------ C:\WINDOWS\system32\drivers\irenum.sys
    2006-10-14 19:57 73,216 --a------ C:\WINDOWS\system32\storprop.dll
    2006-10-14 19:57 67,584 --a------ C:\WINDOWS\NOTEPAD.EXE
    2006-10-14 19:57 6,656 --a------ C:\WINDOWS\system32\batt.dll
    2006-10-14 19:57 15,872 --a------ C:\WINDOWS\TASKMAN.EXE
    2006-10-14 19:30 70,688 --a------ C:\WINDOWS\system32\drivers\alcaudsl.sys
    2006-10-14 19:30 53,600 --a------ C:\WINDOWS\system32\drivers\alcan5wn.sys
    2006-10-14 19:30 5,606 --a------ C:\WINDOWS\system32\stci.dll
    2006-10-14 19:30 5,280 --a------ C:\WINDOWS\system32\drivers\alcawh.sys
    2006-10-14 19:30 3,968 --a------ C:\WINDOWS\system32\drivers\alcacr.sys
    2006-10-14 19:25 87,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2006-10-14 19:25 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2006-10-14 19:25 666,240 --a------ C:\WINDOWS\system32\aswBoot.exe
    2006-10-14 19:25 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
    2006-10-14 19:25 36,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2006-10-14 19:25 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
    2006-10-14 19:25 24,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2006-10-14 19:25 16,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2006-10-14 19:25 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
    2006-10-14 19:24 21,760 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
    2006-10-14 19:09 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
    2006-10-14 19:07 40,960 --a------ C:\WINDOWS\system32\safrslv.dll
    2006-10-14 19:07 39,424 --a------ C:\WINDOWS\system32\safrcdlg.dll
    2006-10-14 19:07 33,792 --a------ C:\WINDOWS\system32\racpldlg.dll
    2006-10-14 19:07 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
    2006-10-14 19:07 28,672 --a------ C:\WINDOWS\system32\isrdbg32.dll
    2006-10-14 19:07 26,624 --a------ C:\WINDOWS\system32\safrdm.dll
    2006-10-14 19:07 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
    2006-10-14 19:07 11,264 --a------ C:\WINDOWS\system32\atrace.dll
    2006-10-14 19:06 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
    2006-10-14 19:06 81,920 --a------ C:\WINDOWS\system32\isign32.dll
    2006-10-14 19:06 81,408 --a------ C:\WINDOWS\system32\msoert2.dll
    2006-10-14 19:06 73,728 --a------ C:\WINDOWS\system32\ils.dll
    2006-10-14 19:06 72,192 --a------ C:\WINDOWS\system32\acctres.dll
    2006-10-14 19:06 69,632 --a------ C:\WINDOWS\system32\icwdial.dll
    2006-10-14 19:06 69,376 --a------ C:\WINDOWS\system32\drivers\sr.sys
    2006-10-14 19:06 65,536 --a------ C:\WINDOWS\system32\msconf.dll
    2006-10-14 19:06 63,488 --a------ C:\WINDOWS\system32\srclient.dll
    2006-10-14 19:06 61,440 --a------ C:\WINDOWS\system32\icwphbk.dll
    2006-10-14 19:06 587,776 --a------ C:\WINDOWS\system32\inetcomm.dll
    2006-10-14 19:06 50,176 --a------ C:\WINDOWS\system32\inetres.dll
    2006-10-14 19:06 32,256 --a------ C:\WINDOWS\system32\mnmdd.dll
    2006-10-14 19:06 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
    2006-10-14 19:06 256,512 --a------ C:\WINDOWS\system32\mstask.dll
    2006-10-14 19:06 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll
    2006-10-14 19:06 228,864 --a------ C:\WINDOWS\system32\srrstr.dll
    2006-10-14 19:06 228,864 --a------ C:\WINDOWS\system32\msoeacct.dll
    2006-10-14 19:06 223,232 --a------ C:\WINDOWS\system32\qmgr.dll
    2006-10-14 19:06 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
    2006-10-14 19:06 161,280 --a------ C:\WINDOWS\system32\schedsvc.dll
    2006-10-14 19:06 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
    2006-10-14 19:06 159,232 --a------ C:\WINDOWS\system32\srsvc.dll
    2006-10-14 19:05 9,728 --a------ C:\WINDOWS\system32\xolehlp.dll
    2006-10-14 19:05 869,376 --a------ C:\WINDOWS\system32\msdtctm.dll
    2006-10-14 19:05 83,968 --a------ C:\WINDOWS\system32\mtxoci.dll
    2006-10-14 19:05 80,896 --a------ C:\WINDOWS\system32\charmap.exe
    2006-10-14 19:05 73,216 --a------ C:\WINDOWS\system32\avwav.dll
    2006-10-14 19:05 634,880 --a------ C:\WINDOWS\system32\getuname.dll
    2006-10-14 19:05 61,952 --a------ C:\WINDOWS\system32\rdshost.exe
    2006-10-14 19:05 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
    2006-10-14 19:05 57,344 --a------ C:\WINDOWS\system32\sol.exe
    2006-10-14 19:05 55,808 --a------ C:\WINDOWS\system32\freecell.exe
    2006-10-14 19:05 54,784 --a------ C:\WINDOWS\system32\msdtclog.dll
    2006-10-14 19:05 5,632 --a------ C:\WINDOWS\system32\write.exe
    2006-10-14 19:05 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
    2006-10-14 19:05 497,152 --a------ C:\WINDOWS\system32\hypertrm.dll
    2006-10-14 19:05 44,544 --a------ C:\WINDOWS\system32\hticons.dll
    2006-10-14 19:05 4,608 --a------ C:\WINDOWS\system32\rdpcfgex.dll
    2006-10-14 19:05 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
    2006-10-14 19:05 35,840 --a------ C:\WINDOWS\system32\winchat.exe
    2006-10-14 19:05 33,792 --a------ C:\WINDOWS\system32\regini.exe
    2006-10-14 19:05 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
    2006-10-14 19:05 232,960 --a------ C:\WINDOWS\system32\avtapi.dll
    2006-10-14 19:05 22,528 --a------ C:\WINDOWS\system32\qwinsta.exe
    2006-10-14 19:05 22,528 --a------ C:\WINDOWS\system32\msg.exe
    2006-10-14 19:05 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
    2006-10-14 19:05 20,232 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
    2006-10-14 19:05 19,456 --a------ C:\WINDOWS\system32\qprocess.exe
    2006-10-14 19:05 185,344 --a------ C:\WINDOWS\system32\accwiz.exe
    2006-10-14 19:05 17,408 --a------ C:\WINDOWS\system32\tsshutdn.exe
    2006-10-14 19:05 17,408 --a------ C:\WINDOWS\system32\qappsrv.exe
    2006-10-14 19:05 16,896 --a------ C:\WINDOWS\system32\tskill.exe
    2006-10-14 19:05 16,384 --a------ C:\WINDOWS\system32\rwinsta.exe
    2006-10-14 19:05 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
    2006-10-14 19:05 151,040 --a------ C:\WINDOWS\system32\msdtcuiu.dll
    2006-10-14 19:05 15,872 --a------ C:\WINDOWS\system32\logoff.exe
    2006-10-14 19:05 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
    2006-10-14 19:05 15,360 --a------ C:\WINDOWS\system32\tscon.exe
    2006-10-14 19:05 15,360 --a------ C:\WINDOWS\system32\shadow.exe
    2006-10-14 19:05 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
    2006-10-14 19:05 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe
    2006-10-14 19:05 128,000 --a------ C:\WINDOWS\system32\mshearts.exe
    2006-10-14 19:05 125,952 --a------ C:\WINDOWS\system32\sndrec32.exe
    2006-10-14 19:05 119,808 --a------ C:\WINDOWS\system32\winmine.exe
    2006-10-14 19:05 115,200 --a------ C:\WINDOWS\system32\calc.exe
    2006-10-14 19:05 11,144 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
    2006-10-14 19:05 10,240 --a------ C:\WINDOWS\system32\reset.exe
    2006-10-14 19:05 1,263 --a------ C:\WINDOWS\system32\usrlogon.cmd
    2006-10-14 19:04 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll
    2006-10-14 19:04 9,216 --a------ C:\WINDOWS\system32\icaapi.dll
    2006-10-14 19:04 88,576 --a------ C:\WINDOWS\system32\tscfgwmi.dll
    2006-10-14 19:04 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
    2006-10-14 19:04 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
    2006-10-14 19:04 75,912 --a------ C:\WINDOWS\system32\rdpwsx.dll
    2006-10-14 19:04 598,016 --a------ C:\WINDOWS\system32\mstscax.dll
    2006-10-14 19:04 582,656 --a------ C:\WINDOWS\system32\catsrvut.dll
    2006-10-14 19:04 57,856 --a------ C:\WINDOWS\system32\remotepg.dll
    2006-10-14 19:04 57,856 --a------ C:\WINDOWS\system32\licwmi.dll
    2006-10-14 19:04 56,832 --a------ C:\WINDOWS\system32\colbact.dll
    2006-10-14 19:04 54,272 --a------ C:\WINDOWS\system32\stclient.dll
    2006-10-14 19:04 534,528 --a------ C:\WINDOWS\system32\spider.exe
    2006-10-14 19:04 53,248 --a------ C:\WINDOWS\system32\servdeps.dll
    2006-10-14 19:04 495,616 --a------ C:\WINDOWS\system32\comuid.dll
    2006-10-14 19:04 468,480 --a------ C:\WINDOWS\system32\clbcatq.dll
    2006-10-14 19:04 44,032 --a------ C:\WINDOWS\system32\rdpclip.exe
    2006-10-14 19:04 40,960 --a------ C:\WINDOWS\system32\tscupgrd.exe
    2006-10-14 19:04 393,216 --a------ C:\WINDOWS\system32\mstsc.exe
    2006-10-14 19:04 38,024 --a------ C:\WINDOWS\system32\drivers\termdd.sys
    2006-10-14 19:04 359,936 --a------ C:\WINDOWS\system32\msdtcprx.dll
    2006-10-14 19:04 344,576 --a------ C:\WINDOWS\system32\mspaint.exe
    2006-10-14 19:04 33,280 --a------ C:\WINDOWS\system32\cfgbkend.dll
    2006-10-14 19:04 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
    2006-10-14 19:04 215,040 --a------ C:\WINDOWS\system32\catsrv.dll
    2006-10-14 19:04 202,752 --a------ C:\WINDOWS\system32\termsrv.dll
    2006-10-14 19:04 190,464 --a------ C:\WINDOWS\system32\wuaueng.dll
    2006-10-14 19:04 182,400 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
    2006-10-14 19:04 180,736 --a------ C:\WINDOWS\system32\cmprops.dll
    2006-10-14 19:04 16,896 --a------ C:\WINDOWS\system32\mmfutil.dll
    2006-10-14 19:04 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
    2006-10-14 19:04 142,848 --a------ C:\WINDOWS\system32\wuauclt.exe
    2006-10-14 19:04 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll
    2006-10-14 19:04 135,680 --a------ C:\WINDOWS\system32\rdchost.dll
    2006-10-14 19:04 130,560 --a------ C:\WINDOWS\system32\sessmgr.exe
    2006-10-14 19:04 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe
    2006-10-14 19:04 118,272 --a------ C:\WINDOWS\system32\mplay32.exe
    2006-10-14 19:04 115,976 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
    2006-10-14 19:04 100,864 --a------ C:\WINDOWS\system32\clbcatex.dll
    2006-10-14 19:04 100,352 --a------ C:\WINDOWS\system32\clipbrd.exe
    2006-10-14 19:04 1,172,992 --a------ C:\WINDOWS\system32\comsvcs.dll

    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2006-10-26 01:32 44032 --a------ C:\WINDOWS\system32\ftp.exe
    2006-10-26 01:32 17920 --a------ C:\WINDOWS\system32\tftp.exe
    2006-10-26 01:30 -------- d-------- C:\Program Files\Fichiers communs
    2006-10-26 01:12 -------- d---s---- C:\Documents and Settings\metal.kanar\Application Data\Microsoft
    2006-10-26 00:18 -------- d-------- C:\Program Files\Hijackthis Version Fran‡aise
    2006-10-25 23:47 -------- d-------- C:\Program Files\MSN Messenger
    2006-10-25 18:59 -------- d-------- C:\Program Files\VSToolbar
    2006-10-25 01:25 -------- d-------- C:\Documents and Settings\metal.kanar\Application Data\Azureus
    2006-10-24 19:51 135168 --a------ C:\WINDOWS\system32\sfc_os.dll
    2006-10-24 19:20 -------- d--h----- C:\Program Files\InstallShield Installation Information
    2006-10-24 19:20 -------- d-------- C:\Program Files\ATI Technologies
    2006-10-22 12:42 -------- d-------- C:\Program Files\Fichiers communs\InstallShield
    2006-10-21 15:49 -------- d-------- C:\Documents and Settings\metal.kanar\Application Data\GRETECH
    2006-10-21 15:48 -------- d-------- C:\Program Files\GRETECH
    2006-10-21 15:47 -------- d-------- C:\Documents and Settings\metal.kanar\Application Data\Media Player Classic
    2006-10-21 15:45 -------- d-------- C:\Program Files\K-Lite Codec Pack
    2006-10-21 02:47 -------- d-------- C:\Program Files\Winamp
    2006-10-21 02:47 -------- d-------- C:\Program Files\MUSK Codec Pack v5
    2006-10-20 18:14 -------- d-------- C:\Documents and Settings\metal.kanar\Application Data\vlc
    2006-10-15 18:42 301 --a------ C:\WINDOWS\Vue 5 Infinite.reg
    2006-10-15 18:28 -------- d-------- C:\Program Files\e-on software
    2006-10-15 18:03 -------- d-------- C:\Documents and Settings\metal.kanar\Application Data\Adobe
    2006-10-15 17:59 -------- d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
    2006-10-15 17:59 -------- d-------- C:\Program Files\Fichiers communs\Adobe
    2006-10-15 17:58 -------- d-------- C:\Program Files\Adobe
    2006-10-15 17:53 -------- d-------- C:\Documents and Settings\metal.kanar\Application Data\mirage
    2006-10-15 17:18 -------- d-------- C:\Program Files\Windows Media Player
    2006-10-14 21:47 -------- d-------- C:\Documents and Settings\metal.kanar\Application Data\Macromedia
    2006-10-14 21:40 -------- d-------- C:\Program Files\Java
    2006-10-14 21:15 -------- d-------- C:\Documents and Settings\metal.kanar\Application Data\Ahead
    2006-10-14 20:56 -------- d-------- C:\Program Files\Azureus
    2006-10-14 20:43 -------- d-------- C:\Documents and Settings\metal.kanar\Application Data\Google
    2006-10-14 20:42 -------- d-------- C:\Program Files\Google
    2006-10-14 20:40 -------- d-------- C:\Program Files\Giganology
    2006-10-14 20:37 -------- d-------- C:\Program Files\WinRAR
    2006-10-14 19:57 62 --ahs---- C:\Documents and Settings\metal.kanar\Application Data\desktop.ini
    2006-10-14 19:30 -------- d-------- C:\Program Files\Thomson
    2006-10-14 19:23 -------- d-------- C:\Documents and Settings\metal.kanar\Application Data\Identities
    2006-10-14 19:05 -------- d--h----- C:\Program Files\WindowsUpdate
    2006-10-14 19:04 -------- d-------- C:\Program Files\Messenger
    2006-10-14 18:39 -------- d-------- C:\Program Files\GameSpy Arcade
    2006-10-13 00:27 -------- d-------- C:\Program Files\ESET
    2006-10-12 23:43 -------- d-------- C:\Program Files\Sunbelt Software
    2006-10-12 23:06 -------- d-------- C:\Program Files\VirtualDJ
    2006-10-12 20:09 -------- d-------- C:\Program Files\Movie Maker
    2006-10-12 20:09 -------- d-------- C:\Program Files\Internet Explorer
    2006-10-12 20:08 -------- d-------- C:\Program Files\NetMeeting
    2006-10-12 20:07 -------- d-------- C:\Program Files\Outlook Express
    2006-10-12 20:07 -------- d-------- C:\Program Files\Fichiers communs\System
    2006-10-12 18:14 -------- d-------- C:\Program Files\support.com
    2006-10-12 00:33 -------- d-------- C:\Program Files\Fichiers communs\Ahead
    2006-10-12 00:32 -------- d-------- C:\Program Files\Nero
    2006-09-29 18:13 -------- d-------- C:\Program Files\Maxthon
    2006-09-28 19:23 -------- d-------- C:\Program Files\Nouveau dossier
    2006-09-27 19:15 -------- d-------- C:\Program Files\Macromedia
    2006-09-27 14:22 -------- d-------- C:\Program Files\Ahead
    2006-09-26 14:08 -------- d-------- C:\Program Files\Webteh
    2006-09-26 00:52 -------- d-------- C:\Program Files\ASUS
    2006-09-26 00:48 -------- d-------- C:\Program Files\VIA
    2006-09-26 00:44 -------- d-------- C:\Program Files\AMD
    2006-09-25 18:49 -------- d-------- C:\Program Files\MUSK Codec Pack Lite!
    2006-09-25 17:52 -------- d-------- C:\Program Files\Windows Live Toolbar
    2006-09-25 16:41 -------- d-------- C:\Program Files\ComPlus Applications
    2006-09-14 13:32 -------- d-------- C:\Program Files\Wanadoo
    2006-09-11 12:33 -------- d-------- C:\Program Files\Bauhaus
    2006-09-05 15:39 -------- d-------- C:\Program Files\vso
    2006-09-05 01:44 -------- d-------- C:\Program Files\BlackIsle
    2006-08-26 20:51 -------- d-------- C:\Program Files\Trust
    2006-08-02 22:30 278528 --a------ C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll

    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
    "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Fichiers communs\\Ahead\\lib\\NMBgMonitor.exe\""
    "eMuleAutoStart"="C:\\coincoin\\eMule\\emule.exe -AutoStart"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
    "SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
    "ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
    "Gigaget"="\"C:\\Program Files\\Giganology\\Gigaget\\GigagetShell.exe\" /s"
    "WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
    "NeroFilterCheck"="C:\\WINDOWS\\System32\\NeroCheck.exe"
    "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
    "Smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe"
    "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
    "SNPSTD2"="C:\\WINDOWS\\vsnpstd2.exe"
    "Repair Registry Pro"="C:\\Program Files\\Repair Registry Pro\\RepairRegistryPro.exe -s"
    "Winamp Agent"="C:\\WINDOWS\\System32\\winamp.exe"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,cc,04,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
    ff,ff,04,00,00,00
    "RestoredStateInfo"=hex:18,00,00,00,6a,06,00,00,23,00,00,00,a4,00,00,00,9a,00,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{3A947772-3B29-41DB-A436-4B5CAAECE2F6}"=""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjifge
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtsqq

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

    Completion time: 06-10-26 1:33:47.98
    C:\ComboFix.txt ... 06-10-26 01:33

    SmitFraudFix v2.113

    Rapport fait à 1:39:18,03, 26/10/2006
    Executé à partir de C:\Documents and Settings\metal.kanar\Bureau\anti v solution\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    C:\WINDOWS\keyboard1.dat PRESENT !
    C:\WINDOWS\newname.dat PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\metal.kanar

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\metal.kanar\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\METAL~1.KAN\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    Look2Me-Destroyer V1.0.12

    Scanning for infected files.....
    Scan started at 26/10/2006 01:50:05

    Attempting to delete infected files...

    Making registry repairs.

    Restoring Windows certificates.

    Replaced hosts file with default windows hosts file

    Restoring SeDebugPrivilege for Administrateurs - Succeeded
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Slt,

    Pour avancer

    Fais l'option 2 de smitfraud
    stp

    Télécharge ceci: (merci a S!RI pour ce programme).
    http://siri.urz.free.fr/Fix/SmitfraudFix.zip
    TUTO :: http://siri.urz.free.fr/Fix/SmitfraudFix.php

    Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport
    Copie/colle le sur le poste stp.
    ----------------------------------------------------------------------------
    Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).
    ----------------------------------------------------------------------------
    Relance le programme Smitfraud,
    Cette fois choisit l’option 2, répond oui a tous ;
    Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum

    ========================================
    Refais un Hitjackthis

    A++
    0
  7. lucie
     
    qSmitFraudFix v2.113

    Rapport fait à 13:46:13,95, 26/10/2006
    Executé à partir de C:\Documents and Settings\metal.kanar\Bureau\anti v solution\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    C:\drsmartload?.exe PRESENT !
    C:\drsmartload??.exe PRESENT !
    C:\drsmartload???.exe PRESENT !
    C:\drsmartload????.exe PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    C:\WINDOWS\keyboard1.dat PRESENT !
    C:\WINDOWS\newname.dat PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\metal.kanar

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\metal.kanar\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\METAL~1.KAN\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    ----------------------------------------------

    SmitFraudFix v2.113

    Rapport fait à 13:51:52,40, 26/10/2006
    Executé à partir de C:\Documents and Settings\metal.kanar\Bureau\anti v solution\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    C:\drsmartload?.exe supprimé
    C:\WINDOWS\keyboard1.dat supprimé
    C:\WINDOWS\newname.dat supprimé

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    Logfile of HijackThis v1.99.1
    Scan saved at 13:55:08, on 26/10/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\System32\gigagetbho_v10.dll
    O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\System32\ljvuyexr.dll
    O2 - BHO: (no name) - {3A947772-3B29-41DB-A436-4B5CAAECE2F6} - C:\WINDOWS\System32\ljjifge.dll
    O2 - BHO: (no name) - {7135F278-0364-4768-8D21-F8B61929BDF3} - C:\WINDOWS\System32\vtsqq.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Gigaget] "C:\Program Files\Giganology\Gigaget\GigagetShell.exe" /s
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
    O4 - HKLM\..\Run: [Repair Registry Pro] C:\Program Files\Repair Registry Pro\RepairRegistryPro.exe -s
    O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\coincoin\eMule\emule.exe -AutoStart
    O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
    O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O12 - Plugin for .m4v: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: ljjifge - C:\WINDOWS\SYSTEM32\ljjifge.dll
    O20 - Winlogon Notify: vtsqq - C:\WINDOWS\System32\vtsqq.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: LSA Shel (Export Version) - Unknown owner - C:\WINDOWS\lsass.exe
    O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    0
  8. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Hitjackthis en mode normal stp
    0
  9. lucie
     
    Logfile of HijackThis v1.99.1
    Scan saved at 16:35:40, on 26/10/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\WINDOWS\lsass.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Giganology\Gigaget\GigagetShell.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\WINDOWS\vsnpstd2.exe
    C:\WINDOWS\System32\winamp.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Alwil Software\Avast4\setup\avast.setup
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\System32\gigagetbho_v10.dll
    O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\System32\ljvuyexr.dll
    O2 - BHO: (no name) - {3A947772-3B29-41DB-A436-4B5CAAECE2F6} - C:\WINDOWS\System32\ljjifge.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {B7736116-1CD7-4520-BDA9-852FD7CDB64C} - C:\WINDOWS\System32\vtsqq.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Gigaget] "C:\Program Files\Giganology\Gigaget\GigagetShell.exe" /s
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
    O4 - HKLM\..\Run: [Repair Registry Pro] C:\Program Files\Repair Registry Pro\RepairRegistryPro.exe -s
    O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\coincoin\eMule\emule.exe -AutoStart
    O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
    O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O12 - Plugin for .m4v: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: ljjifge - C:\WINDOWS\SYSTEM32\ljjifge.dll
    O20 - Winlogon Notify: vtsqq - C:\WINDOWS\System32\vtsqq.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: LSA Shel (Export Version) - Unknown owner - C:\WINDOWS\lsass.exe
    O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    0
  10. did71 Messages postés 2187 Statut Contributeur sécurité 36
     
    Bonjour Lucie,

    On continue la désinfection!

    Télécharge VundoFix.exe (par Atribune) sur ton Bureau:

    http://www.atribune.org/public-beta/VundoFix.exe

    Double-clique VundoFix.exe afin de le lancer
    Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
    Clique sur le bouton Scan for Vundo
    Lorsque le scan est complété, clique sur le bouton Remove Vundo
    Une invite te demandera si tu veux supprimer les fichiers, clique YES
    Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
    Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK

    Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse
    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

    a+
    0
  11. lucie
     
    VundoFix V6.2.6

    Checking Java version...

    Java version is 1.5.0.6

    Java version is 1.5.0.7

    Scan started at 21:10:50 26/10/2006

    Listing files found while scanning....

    C:\WINDOWS\system32\awtqnkh.dll
    C:\WINDOWS\system32\cbxwvwx.dll
    C:\WINDOWS\system32\cbxyvsr.dll
    C:\WINDOWS\system32\ddcyayv.dll
    C:\WINDOWS\system32\khfedee.dll
    C:\WINDOWS\system32\ljjifge.dll
    C:\WINDOWS\system32\ljvuyexr.dll
    C:\WINDOWS\system32\mljjjhf.dll
    C:\WINDOWS\system32\nnnnkll.dll
    C:\WINDOWS\system32\qomkheb.dll
    C:\WINDOWS\system32\vtusttr.dll
    C:\WINDOWS\System32\vtsqq.dll
    C:\WINDOWS\System32\qqstv.ini
    C:\WINDOWS\System32\qqstv.bak1

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\awtqnkh.dll
    C:\WINDOWS\system32\awtqnkh.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\cbxwvwx.dll
    C:\WINDOWS\system32\cbxwvwx.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\cbxyvsr.dll
    C:\WINDOWS\system32\cbxyvsr.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ddcyayv.dll
    C:\WINDOWS\system32\ddcyayv.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\khfedee.dll
    C:\WINDOWS\system32\khfedee.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ljjifge.dll
    C:\WINDOWS\system32\ljjifge.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\ljvuyexr.dll
    C:\WINDOWS\system32\ljvuyexr.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mljjjhf.dll
    C:\WINDOWS\system32\mljjjhf.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nnnnkll.dll
    C:\WINDOWS\system32\nnnnkll.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qomkheb.dll
    C:\WINDOWS\system32\qomkheb.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vtusttr.dll
    C:\WINDOWS\system32\vtusttr.dll Has been deleted!

    Attempting to delete C:\WINDOWS\System32\vtsqq.dll
    C:\WINDOWS\System32\vtsqq.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\System32\qqstv.ini
    C:\WINDOWS\System32\qqstv.ini Has been deleted!

    Attempting to delete C:\WINDOWS\System32\qqstv.bak1
    C:\WINDOWS\System32\qqstv.bak1 Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\ljjifge.dll
    C:\WINDOWS\system32\ljjifge.dll Has been deleted!

    Attempting to delete C:\WINDOWS\System32\vtsqq.dll
    C:\WINDOWS\System32\vtsqq.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Logfile of HijackThis v1.99.1
    Scan saved at 23:50:12, on 26/10/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\WINDOWS\lsass.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Giganology\Gigaget\GigagetShell.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\WINDOWS\vsnpstd2.exe
    C:\WINDOWS\System32\winamp.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\System32\gigagetbho_v10.dll
    O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\System32\ljvuyexr.dll (file missing)
    O2 - BHO: (no name) - {26DAF2EB-A907-4B43-94A5-C829C03C62C7} - C:\WINDOWS\System32\vtsqq.dll (file missing)
    O2 - BHO: (no name) - {3A947772-3B29-41DB-A436-4B5CAAECE2F6} - C:\WINDOWS\System32\ljjifge.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Gigaget] "C:\Program Files\Giganology\Gigaget\GigagetShell.exe" /s
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
    O4 - HKLM\..\Run: [Repair Registry Pro] C:\Program Files\Repair Registry Pro\RepairRegistryPro.exe -s
    O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\coincoin\eMule\emule.exe -AutoStart
    O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
    O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O12 - Plugin for .m4v: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: LSA Shel (Export Version) - Unknown owner - C:\WINDOWS\lsass.exe
    O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    0
  12. did71 Messages postés 2187 Statut Contributeur sécurité 36
     
    bonsoir lucie,

    1)désinstalle via ajout/suppression de programme :

    VSToolbar
    Repair Registry Pro

    2) relance hijackthis, coche les lignes citées ci dessous et fix checked (toutes fenêtres IE fermées) :

    O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\System32\ljvuyexr.dll (file missing)
    O2 - BHO: (no name) - {26DAF2EB-A907-4B43-94A5-C829C03C62C7} - C:\WINDOWS\System32\vtsqq.dll (file missing)
    O2 - BHO: (no name) - {3A947772-3B29-41DB-A436-4B5CAAECE2F6} - C:\WINDOWS\System32\ljjifge.dll (file missing)
    O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
    O4 - HKLM\..\Run: [Repair Registry Pro] C:\Program Files\Repair Registry Pro\RepairRegistryPro.exe -s

    3) passe un scan en ligne ici:

    http://www.bitdefender.fr/scan8/ie.html

    4) poste le rapport bitdefender ainsi qu'un nouvel hijackthis.

    a+
    0
  13. lucie
     
    Logfile of HijackThis v1.99.1
    Scan saved at 11:37:22, on 28/10/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\WINDOWS\lsass.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\WINDOWS\vsnpstd2.exe
    C:\WINDOWS\System32\winamp.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\windows\pak.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Giganology\Gigaget\Gigaget.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\System32\gigagetbho_v10.dll
    O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\System32\ljvuyexr.dll (file missing)
    O2 - BHO: (no name) - {26DAF2EB-A907-4B43-94A5-C829C03C62C7} - C:\WINDOWS\System32\vtsqq.dll (file missing)
    O2 - BHO: (no name) - {3A947772-3B29-41DB-A436-4B5CAAECE2F6} - C:\WINDOWS\System32\ljjifge.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Gigaget] "C:\Program Files\Giganology\Gigaget\GigagetShell.exe" /s
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
    O4 - HKLM\..\Run: [Repair Registry Pro] C:\Program Files\Repair Registry Pro\RepairRegistryPro.exe -s
    O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
    O4 - HKLM\..\Run: [Services] C:\windows\pak.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\coincoin\eMule\emule.exe -AutoStart
    O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
    O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O12 - Plugin for .m4v: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: LSA Shel (Export Version) - Unknown owner - C:\WINDOWS\lsass.exe
    O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    aucune presence de O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll

    impossible de lancer le scan bitdefender

    Logfile of HijackThis v1.99.1
    Scan saved at 11:48:34, on 28/10/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\WINDOWS\lsass.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\WINDOWS\vsnpstd2.exe
    C:\WINDOWS\System32\winamp.exe
    C:\windows\pak.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Giganology\Gigaget\Gigaget.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Maxthon\Maxthon.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\System32\gigagetbho_v10.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Gigaget] "C:\Program Files\Giganology\Gigaget\GigagetShell.exe" /s
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
    O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
    O4 - HKLM\..\Run: [Services] C:\windows\pak.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\coincoin\eMule\emule.exe -AutoStart
    O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
    O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O12 - Plugin for .m4v: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4897C1FD-A695-4825-9468-089435E0BD2F}: NameServer = 195.238.2.22 195.238.2.21
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: LSA Shel (Export Version) - Unknown owner - C:\WINDOWS\lsass.exe
    O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    0
  14. did71 Messages postés 2187 Statut Contributeur sécurité 36
     
    Bonjour Lucie,

    relance hijackthis, coche les lignes citées ci dessous et fix checked (toutes fenêtres IE fermées) :

    O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
    O4 - HKLM\..\Run: [Services] C:\windows\pak.exe

    Vas dans menu démarrer>exécuter> tu écris services.msc> dans la fenêtre qui s'ouvre tu recherches LSA Shel> tu double clic dessus et dans type de démarrage, tu sélectionne désactivé.

    Ensuite, Télécharge Killbox sur ton Bureau :

    http://www.downloads.subratam.org/KillBox.exe

    Double-clique killbox.exe.
    Choisis l'option "Delete on reboot".

    Copie le texte gras ci-bas (sélectionne tout avec ta souris, clic-droit et "Copier") :

    C:\WINDOWS\System32\winamp.exe
    C:\windows\pak.exe
    C:\WINDOWS\lsass.exe


    Clique sur le menu 'File' de KillBox (en haut à gauche) et choisis Paste from clipboard

    Tous les fichiers doivent maintenant apparaître dans la boîte "Full Path of File to Delete".
    Si tu cliques sur la petite flèche à droite de cette boîte, tu devrais y voir tous les fichiers collés !

    Clique sur le bouton : All Files(!important!)

    Clique maintenant sur le bouton Kill (cercle rouge avec un X blanc)
    Killbox va te demander "...Would like to Reboot now ?", clique YES et attends le redémarrage.
    Si tu ne reçois pas ce message, redémarre le PC avec le bouton "Démarrer".

    ensuite reposte un rapport hijackthis

    a+
    0
  15. lucie
     
    Logfile of HijackThis v1.99.1
    Scan saved at 13:09:25, on 30/10/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Giganology\Gigaget\GigagetShell.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\WINDOWS\vsnpstd2.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMIndexStoreSvr.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\System32\gigagetbho_v10.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Gigaget] "C:\Program Files\Giganology\Gigaget\GigagetShell.exe" /s
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\coincoin\eMule\emule.exe -AutoStart
    O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
    O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O12 - Plugin for .m4v: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    0
  16. did71 Messages postés 2187 Statut Contributeur sécurité 36
     
    bonsoir,

    le rapport est propre!

    Comment se comporte le pc?

    a+
    0
  17. FAB.75010
     
    BONSOIR
    J AI UN BROBLEME DE VIRUS
    POUVEZ VOUS M AIDER
    MERCI

    Logfile of HijackThis v1.99.1
    Scan saved at 23:46:49, on 17/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\??stem\w?auboot.exe
    C:\PROGRA~1\MICROS~2\rapimgr.exe
    C:\Program Files\Router\Router.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: (no name) - {C1D9AD62-69FC-4359-8B2E-4BE672810F9F} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [podytimed] C:\Program Files\ComPlus Applications\podytimed77798.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Ealr] "C:\DOCUME~1\fab\APPLIC~1\SKS~1\rundll.exe" -vt yazb
    O4 - HKCU\..\Run: [Ltxvpj] C:\WINDOWS\??stem\w?auboot.exe
    O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\fab\Application Data\WinTouch\WinTouch.exe
    O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\fab\Application Data\Microsoft\Windows\rayiou.exe
    O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    0
  18. princ3ss3-sunshin3
     
    S'il vous plait aidez moi. Voilà g ce satané virus Win32 PurityScan-Q [trj] sur mon ordinateur et avast n'arive pas à le supprimer car il revient à chaque fois. Est ce que quelqu'un pourrai m'aider assez rapidement s'il vous plait???

    Jevous post le rapport qui a été fait avec HijackThis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:37:15, on 20/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\DOCUME~1\patricia\LOCALS~1\Temp\services.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\mrofinu1148.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\SPYWAREfighter\spftray.exe
    C:\WINDOWS\system32\B3B2BAB3BCBEBFB.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\SPYWAREfighter\spfprc.exe
    C:\Program Files\SPYWAREfighter\SPYWAREfighter.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\17PHolmes1148.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\17PHolmes1148.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\eMule\emule.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: (no name) - {58959612-F0BB-49B8-8003-D63C91EC972E} - C:\Program Files\Internet Explorer\merozC:\DOCUME~1\patricia\LOCALS~1\Temp\mst455101.exe.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [Flash Player2] C:\DOCUME~1\patricia\LOCALS~1\Temp\services.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1148.exe 61A847B5BBF72813339F30466188719AB689201522886B092CBD44BD8689220221DD3257
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
    O4 - HKLM\..\Run: [1C1B231C252728262] B3B2BAB3BCBEBFB.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
    0