Sujet Précédent Sujet Suivant

Win32:Purityscan-S [Trj]

Fermé
lucie - 25 oct. 2006 à 21:54
 princ3ss3-sunshin3 - 20 janv. 2008 à 14:38
bonjours .
avast me déniche sans arret a achaque conexion :


C:\Program Files\Fichiers communs\Yazzle1125OinAdmin.exe\[UPX]


Win32:Purityscan-S [Trj]

-------------


C:\Documents and Settings\metal.kanar\Local Settings\Temporary Internet Files\Content.IE5\6TDAVMXS\Installer[1].exe


Win32:Lookme-gen [Adw]

---------------

C:\Documents and Settings\LocalService.AUTORITE NT.000\Local Settings\Temporary Internet Files\Content.IE5\AFR6DHAR\adult1[1].exe


Win32:Dialer-gen13 [Trj]



et sunbelt kerio trouve sans arret

C\windos\system32\is941.exe



pouvez vous m'aider?
merci

18 réponses

Réponse 1 / 18
did71 Messages postés 2187 Date d'inscription vendredi 24 mars 2006 Statut Contributeur sécurité Dernière intervention 30 janvier 2010 36
25 oct. 2006 à 23:27
Bonsoir lucie,

télécharge HijackThis:

http://pchelpbordeaux.free.fr/logiciels.html

Tutorial
http://pchelpbordeaux.free.fr/tuto.html

Démo en image
http://pageperso.aol.fr/balltrap34/demohijack.htm

Fais un scan et poste l'analyse.

a+
0
Réponse 2 / 18
lucie
25 oct. 2006 à 23:56
Logfile of HijackThis v1.99.1
Scan saved at 23:53:53, on 25/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\lsass.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\vsnpstd2.exe
C:\WINDOWS\System32\winamp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\windows\algs.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Giganology\Gigaget\Gigaget.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://findthewebsiteyouneed.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\System32\gigagetbho_v10.dll
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\System32\ljvuyexr.dll
O2 - BHO: (no name) - {3A947772-3B29-41DB-A436-4B5CAAECE2F6} - C:\WINDOWS\System32\ljjifge.dll
O2 - BHO: (no name) - {5A742A78-5E67-41BE-A19B-3C2A3EECD7D5} - C:\WINDOWS\System32\vtsqq.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Gigaget] "C:\Program Files\Giganology\Gigaget\GigagetShell.exe" /s
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [Repair Registry Pro] C:\Program Files\Repair Registry Pro\RepairRegistryPro.exe -s
O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e37.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e37.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\coincoin\eMule\emule.exe -AutoStart
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .m4v: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{4897C1FD-A695-4825-9468-089435E0BD2F}: NameServer = 195.238.2.22 195.238.2.21
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: dxclib303562752.dll
O20 - Winlogon Notify: ljjifge - C:\WINDOWS\SYSTEM32\ljjifge.dll
O20 - Winlogon Notify: vtsqq - C:\WINDOWS\System32\vtsqq.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LSA Shel (Export Version) - Unknown owner - C:\WINDOWS\lsass.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
0
Réponse 3 / 18
did71 Messages postés 2187 Date d'inscription vendredi 24 mars 2006 Statut Contributeur sécurité Dernière intervention 30 janvier 2010 36
26 oct. 2006 à 00:47
re,

joliement infecté ton pc!

1) Télécharge SmitfraudFix de S!Ri:
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Tu le dézippes sur le Bureau.

Tu ouvres SmitfraudFix, tu double cliques sur SmitfraudFix.cmd et tu choisis l’option 1
Postes le rapport.

2)Télécharge ce fichier - combofix.exe :

http://download.bleepingcomputer.com/sUBs/combofix.exe

et sauvegarde le sur ton bureau!

Clic sur le menu Démarrer puis executer et copie/colle ceci :
"%userprofile%\Bureau\combofix.exe" /v vtsqq
puis clic sur OK.

Ne touche a rien et attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

3) Télécharge Look2Me-Destroyer.exe sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=7

* Ferme toutes les fenêtres actives avant de passer à l'étape suivante.
* Double-clique Look2Me-Destroyer.exe afin de lancer l'outil.
* Coche Run this program as a task
* Un message s'affichera, te disant ceci : "Look2Me-Destroyer will close and re-open in approximately 10 seconds". Clique OK
* Il se relancera après les 10 secondes, puis clique sur le bouton Scan for L2M; les icônes de ton Bureau vont disparaître : c'est normal.
* Lorsque le scan termine, clique sur le bouton Remove L2M
* Un message Done Scanning apparaîtra, clique OK.
* Un nouveau message s'affichera : Done removing infected files! Look2Me-Destroyer will now shutdown your computer; clique OK.
* Ton PC va maintenant s'éteindre.
* Démarre ton PC normalement.
* Colle le rapport généré, situé ici : C:\Look2Me-Destroyer.txt ,

#Si Look2Me-Destroyer ne se relance pas automatiquement après les 10 secondes, redémarre et essaie à nouveau.

##Si tu reçois un message de ton parefeu que l'outil tente d'accéder à l'internet : accepte.

###Si un message runtime error '339' s'affiche : télécharge MSWINSCK.OCX du lien ci-bas, et place-le dans le dossier C:\Windows\System32.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX


4)poste les rapports SmitfraudFix, combofix et look2me

a+
0
Réponse 4 / 18
lucie
26 oct. 2006 à 02:04
a la fin de look2me-destroy, mon pc s'est étain d'un coup!!! pouf!!! c'etait normal??

je continue a avoir mes attaques annoncées par avast!


metal.kanar - 06-10-26 1:29:31,75 Service Pack 1
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\metal.kanar\Bureau"

((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\dxclib303562752.dll
C:\Documents and Settings\metal.kanar\Application Data\Dxcdmns.dll
C:\Documents and Settings\metal.kanar\Application Data\Dxcknwrd.dll
C:\Documents and Settings\metal.kanar\Application Data\Dxcuknwrd.dll
C:\WINDOWS\system32\bkd.exe
C:\Program Files\DeluxeCommunications\Dxc.exe
C:\Program Files\DeluxeCommunications\DxcBho.dll
C:\Program Files\DeluxeCommunications\DxcCore.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\teller2.chk
C:\dfndrff_e37.exe
C:\drsmartload.exe
C:\deskbar.exe
C:\deskbar_e37.exe
C:\kybrdff_e37.exe
C:\nwnmff_e37.exe
C:\Documents and Settings\metal.kanar\Local Settings\Temporary Internet Files\Content.IE5\6TDAVMXS\dfndrff_e_uit[1].exe
C:\Documents and Settings\metal.kanar\Local Settings\Temporary Internet Files\Content.IE5\KVHFIM7P\drsmartload44a[1].exe
C:\Documents and Settings\metal.kanar\Local Settings\Temporary Internet Files\Content.IE5\6TDAVMXS\kybrdff_e[1].exe
C:\Documents and Settings\metal.kanar\Local Settings\Temporary Internet Files\Content.IE5\1V379T0E\nwnmff_e[1].exe
C:\Program Files\Fichiers communs\Yazzle1125OinUninstaller.exe
C:\Program Files\Deskbar


((((((((((((((((((((((((((((((( Files Created from 2006-09-26 to 2006-10-26 ))))))))))))))))))))))))))))))))))


2006-10-26 01:14 40,973 ---hs---- C:\WINDOWS\system32\ddcyayv.dll
2006-10-26 01:13 181,580 --a------ C:\WINDOWS\YazzleBundle-1125.exe
2006-10-26 00:38 40,973 ---hs---- C:\WINDOWS\system32\qomkheb.dll
2006-10-26 00:09 16,384 --a------ C:\mc44a37.exe
2006-10-26 00:08 40,973 ---hs---- C:\WINDOWS\system32\cbxwvwx.dll
2006-10-25 22:38 40,973 ---hs---- C:\WINDOWS\system32\nnnnkll.dll
2006-10-25 21:17 40,973 ---hs---- C:\WINDOWS\system32\khfedee.dll
2006-10-25 19:49 40,973 ---hs---- C:\WINDOWS\system32\ljjifge.dll
2006-10-25 18:59 98,324 --a------ C:\WINDOWS\system32\ljvuyexr.dll
2006-10-25 18:59 67,604 --a------ C:\WINDOWS\system32\mewluiyw.exe
2006-10-25 18:59 501,334 ---hs---- C:\WINDOWS\system32\qqstv.bak1
2006-10-25 18:58 688,180 ---hs---- C:\WINDOWS\system32\vtsqq.dll
2006-10-25 18:35 40,973 ---hs---- C:\WINDOWS\system32\awtqnkh.dll
2006-10-25 18:34 8,012 --a------ C:\WINDOWS\algs.exe
2006-10-25 18:34 16,384 --ahs---- C:\WINDOWS\system32\wu.exe
2006-10-24 19:51 53,675 -r-hs---- C:\WINDOWS\lsass.exe
2006-10-24 19:50 13,664 --ah----- C:\WINDOWS\system32\ksbar.exe
2006-10-24 19:37 51,068 --ah----- C:\WINDOWS\system32\fjlxabmn.exe
2006-10-24 19:33 562,980 --a------ C:\WINDOWS\system32\winsms.exe
2006-10-23 12:37 114,392 --a------ C:\WINDOWS\system32\fhm.exe
2006-10-22 12:53 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-10-22 12:51 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2006-10-21 15:45 90,112 --a------ C:\WINDOWS\system32\dpl100.dll
2006-10-21 15:45 856,064 --a------ C:\WINDOWS\system32\xvidcore.dll
2006-10-21 15:45 77,824 --a------ C:\WINDOWS\system32\mplaw7.dll
2006-10-21 15:45 77,824 --a------ C:\WINDOWS\system32\mplaa6.dll
2006-10-21 15:45 755,200 --a------ C:\WINDOWS\system32\Ir50_32.dll
2006-10-21 15:45 65,536 --a------ C:\WINDOWS\system32\mplapx.dll
2006-10-21 15:45 65,536 --a------ C:\WINDOWS\system32\mplam6.dll
2006-10-21 15:45 630,784 --a------ C:\WINDOWS\system32\vp7vfw.dll
2006-10-21 15:45 620,180 --a------ C:\WINDOWS\system32\divx.dll
2006-10-21 15:45 593,938 --a------ C:\WINDOWS\system32\x264vfw.dll
2006-10-21 15:45 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2006-10-21 15:45 438,272 --a------ C:\WINDOWS\system32\vp6vfw.dll
2006-10-21 15:45 39,936 --a------ C:\WINDOWS\system32\huffyuv.dll
2006-10-21 15:45 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-10-21 15:45 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2006-10-21 15:45 217,088 --a------ C:\WINDOWS\system32\xvidvfw.dll
2006-10-21 15:45 217,088 --a------ C:\WINDOWS\system32\i420vfw.dll
2006-10-21 15:45 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-10-21 15:45 200,704 --a------ C:\WINDOWS\system32\dtu100.dll
2006-10-21 15:45 200,192 --a------ C:\WINDOWS\system32\Ir50_qc.dll
2006-10-21 15:45 19,968 --a------ C:\WINDOWS\system32\cpuinf32.dll
2006-10-21 15:45 183,808 --a------ C:\WINDOWS\system32\Ir50_qcx.dll
2006-10-21 15:45 144,384 --a------ C:\WINDOWS\system32\Iacenc.dll
2006-10-21 15:45 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll
2006-10-21 15:45 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-10-21 02:51 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2006-10-21 02:51 249,856 --------- C:\WINDOWS\Setup1.exe
2006-10-20 18:04 79,360 --a------ C:\WINDOWS\system32\irmon.dll
2006-10-20 18:04 7,680 --a------ C:\WINDOWS\system32\wshirda.dll
2006-10-20 18:04 55,296 --a------ C:\WINDOWS\system32\drivers\irda.sys
2006-10-20 18:04 26,624 --a------ C:\WINDOWS\system32\drivers\irstusb.sys
2006-10-20 18:04 20,096 --a------ C:\WINDOWS\system32\drivers\MSIRCOMM.sys
2006-10-20 18:04 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2006-10-20 18:04 100,864 --a------ C:\WINDOWS\system32\irftp.exe
2006-10-15 18:36 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2006-10-15 18:36 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2006-10-15 18:36 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2006-10-15 18:26 301 C:\WINDOWSVue 5 Infinite.reg
2006-10-15 16:56 56,832 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2006-10-15 16:56 50,688 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-10-15 16:55 61,440 --a------ C:\WINDOWS\system32\csnpstd2.dll
2006-10-15 16:55 57,344 --a------ C:\WINDOWS\system32\rsnpstd2.dll
2006-10-15 16:55 53,248 --a------ C:\WINDOWS\system32\dsnpstd2.dll
2006-10-15 16:55 53,248 --a------ C:\WINDOWS\amcap.exe
2006-10-15 16:55 36,864 --a------ C:\WINDOWS\system32\vsnpstd2.dll
2006-10-15 16:55 347,264 --a------ C:\WINDOWS\system32\drivers\snpstd2.sys
2006-10-15 16:55 286,720 --a------ C:\WINDOWS\vsnpstd2.exe
2006-10-15 16:55 20,480 --a------ C:\WINDOWS\usnpstd2.exe
2006-10-15 16:54 182,880 --a------ C:\WINDOWS\system32\iuengine.dll
2006-10-15 16:53 28,160 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2006-10-15 15:22 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2006-10-15 15:01 90,240 --a------ C:\WINDOWS\system32\drivers\sptd4941.sys
2006-10-15 15:01 664,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-10-14 21:48 978,944 --a------ C:\WINDOWS\SynthCoreA.Dll
2006-10-14 21:48 77,440 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-10-14 21:48 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-10-14 21:48 56,832 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-10-14 21:48 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-10-14 21:48 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-10-14 21:48 5,888 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-10-14 21:48 380,928 --a------ C:\WINDOWS\SynCor.exe
2006-10-14 21:48 30,208 --a------ C:\WINDOWS\system32\wdmioctl.dll
2006-10-14 21:48 2,816 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-10-14 21:48 159,360 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-10-14 21:48 142,208 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-10-14 21:48 134,272 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2006-10-14 21:48 1,285,632 --a------ C:\WINDOWS\system32\SMMedia.dll
2006-10-14 21:47 991,232 --a------ C:\WINDOWS\system32\virtear.dll
2006-10-14 21:47 720,896 --a------ C:\WINDOWS\system32\Audio3d.dll
2006-10-14 21:47 49,152 --a------ C:\WINDOWS\system32\S11thk32.dll
2006-10-14 21:47 49,152 --a------ C:\WINDOWS\system32\DSndUp.exe
2006-10-14 21:47 45,056 --a------ C:\WINDOWS\system32\SynthCore11Resources.dll
2006-10-14 21:47 45,056 --a------ C:\WINDOWS\system32\CleanUp.exe
2006-10-14 21:47 44 --a------ C:\WINDOWS\system32\msssc.dll
2006-10-14 21:47 40,820 --a------ C:\WINDOWS\system32\Syncor11.dll
2006-10-14 20:48 36,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2006-10-14 20:48 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2006-10-14 20:48 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-10-14 20:48 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2006-10-14 20:48 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-10-14 20:40 86,016 --a------ C:\WINDOWS\system32\gigagetbho_v10.dll
2006-10-14 20:28 98,816 --a------ C:\WINDOWS\system32\dmstyle.dll
2006-10-14 20:28 974,848 --a------ C:\WINDOWS\system32\dxdiag.exe
2006-10-14 20:28 929,792 --a------ C:\WINDOWS\system32\ATKDispCPL.dll
2006-10-14 20:28 83,968 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2006-10-14 20:28 80,896 --a------ C:\WINDOWS\system32\dpvsetup.exe
2006-10-14 20:28 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll
2006-10-14 20:28 797,184 --a------ C:\WINDOWS\system32\d3dim700.dll
2006-10-14 20:28 79,360 --a------ C:\WINDOWS\system32\dpwsockx.dll
2006-10-14 20:28 77,824 --a------ C:\WINDOWS\system32\dpmodemx.dll
2006-10-14 20:28 76,800 --a------ C:\WINDOWS\system32\dmscript.dll
2006-10-14 20:28 733,184 --a------ C:\WINDOWS\system32\qedwipes.dll
2006-10-14 20:28 723,968 --a------ C:\WINDOWS\system32\dpnet.dll
2006-10-14 20:28 7,424 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2006-10-14 20:28 68,096 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2006-10-14 20:28 65,536 --a------ C:\WINDOWS\system32\ATKOGL.dll
2006-10-14 20:28 64,512 --a------ C:\WINDOWS\system32\amstream.dll
2006-10-14 20:28 602,624 --a------ C:\WINDOWS\system32\dx7vb.dll
2006-10-14 20:28 58,368 --a------ C:\WINDOWS\system32\dmcompos.dll
2006-10-14 20:28 52,096 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2006-10-14 20:28 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys
2006-10-14 20:28 5,248 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2006-10-14 20:28 491,520 --a------ C:\WINDOWS\system32\dsdmoprp.dll
2006-10-14 20:28 48,512 --a------ C:\WINDOWS\system32\drivers\stream.sys
2006-10-14 20:28 470,528 --a------ C:\WINDOWS\system32\qdvd.dll
2006-10-14 20:28 47,104 --a------ C:\WINDOWS\system32\wstdecod.dll
2006-10-14 20:28 46,592 --a------ C:\WINDOWS\system32\dxdllreg.exe
2006-10-14 20:28 440,832 --a------ C:\WINDOWS\system32\ATKOSDX.dll
2006-10-14 20:28 4,608 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2006-10-14 20:28 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-10-14 20:28 4,096 --a------ C:\WINDOWS\system32\drivers\swenum.sys
2006-10-14 20:28 381,952 --a------ C:\WINDOWS\system32\dsound.dll
2006-10-14 20:28 381,952 --a------ C:\WINDOWS\system32\dpvoice.dll
2006-10-14 20:28 354,816 --a------ C:\WINDOWS\system32\psisdecd.dll
2006-10-14 20:28 34,304 --a------ C:\WINDOWS\system32\mciqtz32.dll
2006-10-14 20:28 33,280 --a------ C:\WINDOWS\system32\dmloader.dll
2006-10-14 20:28 324,096 --a------ C:\WINDOWS\system32\mswebdvd.dll
2006-10-14 20:28 32,768 --a------ C:\WINDOWS\system32\dpnhpast.dll
2006-10-14 20:28 316,928 --a------ C:\WINDOWS\system32\qdv.dll
2006-10-14 20:28 3,072 --a------ C:\WINDOWS\system32\dpnlobby.dll
2006-10-14 20:28 3,072 --a------ C:\WINDOWS\system32\dpnaddr.dll
2006-10-14 20:28 292,864 --a------ C:\WINDOWS\system32\ddraw.dll
2006-10-14 20:28 28,160 --a------ C:\WINDOWS\system32\dplaysvr.exe
2006-10-14 20:28 27,136 --a------ C:\WINDOWS\system32\dmband.dll
2006-10-14 20:28 258,048 --a------ C:\WINDOWS\ATKKBService.exe
2006-10-14 20:28 257,024 --a------ C:\WINDOWS\system32\qcap.dll
2006-10-14 20:28 24,064 --a------ C:\WINDOWS\system32\ddrawex.dll
2006-10-14 20:28 230,400 --a------ C:\WINDOWS\system32\dplayx.dll
2006-10-14 20:28 23,040 --a------ C:\WINDOWS\system32\drivers\atkkbnt.sys
2006-10-14 20:28 194,912 --a------ C:\WINDOWS\system32\ATKDISP.dll
2006-10-14 20:28 19,968 --a------ C:\WINDOWS\system32\dpvacm.dll
2006-10-14 20:28 186,880 --a------ C:\WINDOWS\system32\dsdmo.dll
2006-10-14 20:28 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2006-10-14 20:28 18,944 --a------ C:\WINDOWS\system32\encapi.dll
2006-10-14 20:28 18,688 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2006-10-14 20:28 18,432 --a------ C:\WINDOWS\system32\dswave.dll
2006-10-14 20:28 16,896 --a------ C:\WINDOWS\system32\msyuv.dll
2006-10-14 20:28 16,896 --a------ C:\WINDOWS\system32\dpnsvr.exe
2006-10-14 20:28 16,384 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
2006-10-14 20:28 15,104 --a------ C:\WINDOWS\system32\drivers\mpe.sys
2006-10-14 20:28 14,976 --a------ C:\WINDOWS\system32\drivers\streamip.sys
2006-10-14 20:28 132,608 --a------ C:\WINDOWS\system32\devenum.dll
2006-10-14 20:28 130,304 --a------ C:\WINDOWS\system32\drivers\ks.sys
2006-10-14 20:28 13,312 --a------ C:\WINDOWS\system32\msdmo.dll
2006-10-14 20:28 122,880 --a------ C:\WINDOWS\system32\dmusic.dll
2006-10-14 20:28 112,128 --a------ C:\WINDOWS\system32\dpvvox.dll
2006-10-14 20:28 11,392 --a------ C:\WINDOWS\system32\drivers\bdasup.sys
2006-10-14 20:28 11,264 --a------ C:\WINDOWS\system32\ATKOSDMini.DLL
2006-10-14 20:28 100,864 --a------ C:\WINDOWS\system32\dmsynth.dll
2006-10-14 20:28 10,880 --a------ C:\WINDOWS\system32\drivers\slip.sys
2006-10-14 20:28 10,112 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2006-10-14 20:28 1,975,936 --a------ C:\WINDOWS\system32\drivers\Bravo.sys
2006-10-14 20:28 1,962,496 --a------ C:\WINDOWS\system32\quartz.dll
2006-10-14 20:28 1,798,144 --a------ C:\WINDOWS\system32\qedit.dll
2006-10-14 20:28 1,769,472 --a------ C:\WINDOWS\system32\dxdiagn.dll
2006-10-14 20:28 1,703,936 --a------ C:\WINDOWS\system32\d3d9.dll
2006-10-14 20:28 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll
2006-10-14 20:28 1,230,336 --a------ C:\WINDOWS\system32\msvidctl.dll
2006-10-14 20:28 1,201,152 --a------ C:\WINDOWS\system32\d3d8.dll
2006-10-14 20:28 1,189,888 --a------ C:\WINDOWS\system32\dx8vb.dll
2006-10-14 20:25 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2006-10-14 20:16 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe
2006-10-14 20:16 299,008 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2006-10-14 20:15 11,264 -ra------ C:\WINDOWS\system32\drivers\EIO.sys
2006-10-14 20:10 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2006-10-14 20:01 57,728 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-10-14 20:01 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-10-14 20:00 70,144 --a------ C:\WINDOWS\system32\usbui.dll
2006-10-14 20:00 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
2006-10-14 19:58 86,044 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-10-14 19:58 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-10-14 19:58 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-10-14 19:58 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-10-14 19:58 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-10-14 19:58 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-10-14 19:58 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-10-14 19:58 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-10-14 19:58 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-10-14 19:58 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-10-14 19:58 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-10-14 19:58 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-10-14 19:58 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-10-14 19:58 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-10-14 19:58 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-10-14 19:58 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-10-14 19:58 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-10-14 19:58 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-10-14 19:58 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-10-14 19:58 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-10-14 19:58 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-10-14 19:58 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-10-14 19:58 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-10-14 19:58 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-10-14 19:58 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-10-14 19:58 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-10-14 19:58 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-10-14 19:58 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-10-14 19:58 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-10-14 19:58 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-10-14 19:58 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-10-14 19:58 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-10-14 19:58 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-10-14 19:58 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-10-14 19:58 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-10-14 19:58 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-10-14 19:58 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-10-14 19:58 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-10-14 19:58 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-10-14 19:58 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-10-14 19:58 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-10-14 19:58 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-10-14 19:58 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-10-14 19:58 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-10-14 19:58 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-10-14 19:58 10,496 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-10-14 19:57 73,216 --a------ C:\WINDOWS\system32\storprop.dll
2006-10-14 19:57 67,584 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-10-14 19:57 6,656 --a------ C:\WINDOWS\system32\batt.dll
2006-10-14 19:57 15,872 --a------ C:\WINDOWS\TASKMAN.EXE
2006-10-14 19:30 70,688 --a------ C:\WINDOWS\system32\drivers\alcaudsl.sys
2006-10-14 19:30 53,600 --a------ C:\WINDOWS\system32\drivers\alcan5wn.sys
2006-10-14 19:30 5,606 --a------ C:\WINDOWS\system32\stci.dll
2006-10-14 19:30 5,280 --a------ C:\WINDOWS\system32\drivers\alcawh.sys
2006-10-14 19:30 3,968 --a------ C:\WINDOWS\system32\drivers\alcacr.sys
2006-10-14 19:25 87,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2006-10-14 19:25 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2006-10-14 19:25 666,240 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-10-14 19:25 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2006-10-14 19:25 36,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2006-10-14 19:25 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2006-10-14 19:25 24,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2006-10-14 19:25 16,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2006-10-14 19:25 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2006-10-14 19:24 21,760 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-10-14 19:09 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-10-14 19:07 40,960 --a------ C:\WINDOWS\system32\safrslv.dll
2006-10-14 19:07 39,424 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-10-14 19:07 33,792 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-10-14 19:07 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-10-14 19:07 28,672 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-10-14 19:07 26,624 --a------ C:\WINDOWS\system32\safrdm.dll
2006-10-14 19:07 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-10-14 19:07 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-10-14 19:06 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
2006-10-14 19:06 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-10-14 19:06 81,408 --a------ C:\WINDOWS\system32\msoert2.dll
2006-10-14 19:06 73,728 --a------ C:\WINDOWS\system32\ils.dll
2006-10-14 19:06 72,192 --a------ C:\WINDOWS\system32\acctres.dll
2006-10-14 19:06 69,632 --a------ C:\WINDOWS\system32\icwdial.dll
2006-10-14 19:06 69,376 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-10-14 19:06 65,536 --a------ C:\WINDOWS\system32\msconf.dll
2006-10-14 19:06 63,488 --a------ C:\WINDOWS\system32\srclient.dll
2006-10-14 19:06 61,440 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-10-14 19:06 587,776 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-10-14 19:06 50,176 --a------ C:\WINDOWS\system32\inetres.dll
2006-10-14 19:06 32,256 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-10-14 19:06 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-10-14 19:06 256,512 --a------ C:\WINDOWS\system32\mstask.dll
2006-10-14 19:06 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-10-14 19:06 228,864 --a------ C:\WINDOWS\system32\srrstr.dll
2006-10-14 19:06 228,864 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-10-14 19:06 223,232 --a------ C:\WINDOWS\system32\qmgr.dll
2006-10-14 19:06 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-10-14 19:06 161,280 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-10-14 19:06 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-10-14 19:06 159,232 --a------ C:\WINDOWS\system32\srsvc.dll
2006-10-14 19:05 9,728 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-10-14 19:05 869,376 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-10-14 19:05 83,968 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-10-14 19:05 80,896 --a------ C:\WINDOWS\system32\charmap.exe
2006-10-14 19:05 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-10-14 19:05 634,880 --a------ C:\WINDOWS\system32\getuname.dll
2006-10-14 19:05 61,952 --a------ C:\WINDOWS\system32\rdshost.exe
2006-10-14 19:05 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-10-14 19:05 57,344 --a------ C:\WINDOWS\system32\sol.exe
2006-10-14 19:05 55,808 --a------ C:\WINDOWS\system32\freecell.exe
2006-10-14 19:05 54,784 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-10-14 19:05 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-10-14 19:05 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-10-14 19:05 497,152 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-10-14 19:05 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-10-14 19:05 4,608 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-10-14 19:05 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-10-14 19:05 35,840 --a------ C:\WINDOWS\system32\winchat.exe
2006-10-14 19:05 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-10-14 19:05 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-10-14 19:05 232,960 --a------ C:\WINDOWS\system32\avtapi.dll
2006-10-14 19:05 22,528 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-10-14 19:05 22,528 --a------ C:\WINDOWS\system32\msg.exe
2006-10-14 19:05 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-10-14 19:05 20,232 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-10-14 19:05 19,456 --a------ C:\WINDOWS\system32\qprocess.exe
2006-10-14 19:05 185,344 --a------ C:\WINDOWS\system32\accwiz.exe
2006-10-14 19:05 17,408 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-10-14 19:05 17,408 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-10-14 19:05 16,896 --a------ C:\WINDOWS\system32\tskill.exe
2006-10-14 19:05 16,384 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-10-14 19:05 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-10-14 19:05 151,040 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-10-14 19:05 15,872 --a------ C:\WINDOWS\system32\logoff.exe
2006-10-14 19:05 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-10-14 19:05 15,360 --a------ C:\WINDOWS\system32\tscon.exe
2006-10-14 19:05 15,360 --a------ C:\WINDOWS\system32\shadow.exe
2006-10-14 19:05 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-10-14 19:05 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-10-14 19:05 128,000 --a------ C:\WINDOWS\system32\mshearts.exe
2006-10-14 19:05 125,952 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-10-14 19:05 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-10-14 19:05 115,200 --a------ C:\WINDOWS\system32\calc.exe
2006-10-14 19:05 11,144 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-10-14 19:05 10,240 --a------ C:\WINDOWS\system32\reset.exe
2006-10-14 19:05 1,263 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-10-14 19:04 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-10-14 19:04 9,216 --a------ C:\WINDOWS\system32\icaapi.dll
2006-10-14 19:04 88,576 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-10-14 19:04 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-10-14 19:04 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
2006-10-14 19:04 75,912 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-10-14 19:04 598,016 --a------ C:\WINDOWS\system32\mstscax.dll
2006-10-14 19:04 582,656 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-10-14 19:04 57,856 --a------ C:\WINDOWS\system32\remotepg.dll
2006-10-14 19:04 57,856 --a------ C:\WINDOWS\system32\licwmi.dll
2006-10-14 19:04 56,832 --a------ C:\WINDOWS\system32\colbact.dll
2006-10-14 19:04 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-10-14 19:04 534,528 --a------ C:\WINDOWS\system32\spider.exe
2006-10-14 19:04 53,248 --a------ C:\WINDOWS\system32\servdeps.dll
2006-10-14 19:04 495,616 --a------ C:\WINDOWS\system32\comuid.dll
2006-10-14 19:04 468,480 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-10-14 19:04 44,032 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-10-14 19:04 40,960 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-10-14 19:04 393,216 --a------ C:\WINDOWS\system32\mstsc.exe
2006-10-14 19:04 38,024 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-10-14 19:04 359,936 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-10-14 19:04 344,576 --a------ C:\WINDOWS\system32\mspaint.exe
2006-10-14 19:04 33,280 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-10-14 19:04 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-10-14 19:04 215,040 --a------ C:\WINDOWS\system32\catsrv.dll
2006-10-14 19:04 202,752 --a------ C:\WINDOWS\system32\termsrv.dll
2006-10-14 19:04 190,464 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-10-14 19:04 182,400 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-10-14 19:04 180,736 --a------ C:\WINDOWS\system32\cmprops.dll
2006-10-14 19:04 16,896 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-10-14 19:04 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-10-14 19:04 142,848 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-10-14 19:04 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-10-14 19:04 135,680 --a------ C:\WINDOWS\system32\rdchost.dll
2006-10-14 19:04 130,560 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-10-14 19:04 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-10-14 19:04 118,272 --a------ C:\WINDOWS\system32\mplay32.exe
2006-10-14 19:04 115,976 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-10-14 19:04 100,864 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-10-14 19:04 100,352 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-10-14 19:04 1,172,992 --a------ C:\WINDOWS\system32\comsvcs.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-26 01:32 44032 --a------ C:\WINDOWS\system32\ftp.exe
2006-10-26 01:32 17920 --a------ C:\WINDOWS\system32\tftp.exe
2006-10-26 01:30 -------- d-------- C:\Program Files\Fichiers communs
2006-10-26 01:12 -------- d---s---- C:\Documents and Settings\metal.kanar\Application Data\Microsoft
2006-10-26 00:18 -------- d-------- C:\Program Files\Hijackthis Version Fran‡aise
2006-10-25 23:47 -------- d-------- C:\Program Files\MSN Messenger
2006-10-25 18:59 -------- d-------- C:\Program Files\VSToolbar
2006-10-25 01:25 -------- d-------- C:\Documents and Settings\metal.kanar\Application Data\Azureus
2006-10-24 19:51 135168 --a------ C:\WINDOWS\system32\sfc_os.dll
2006-10-24 19:20 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-24 19:20 -------- d-------- C:\Program Files\ATI Technologies
2006-10-22 12:42 -------- d-------- C:\Program Files\Fichiers communs\InstallShield
2006-10-21 15:49 -------- d-------- C:\Documents and Settings\metal.kanar\Application Data\GRETECH
2006-10-21 15:48 -------- d-------- C:\Program Files\GRETECH
2006-10-21 15:47 -------- d-------- C:\Documents and Settings\metal.kanar\Application Data\Media Player Classic
2006-10-21 15:45 -------- d-------- C:\Program Files\K-Lite Codec Pack
2006-10-21 02:47 -------- d-------- C:\Program Files\Winamp
2006-10-21 02:47 -------- d-------- C:\Program Files\MUSK Codec Pack v5
2006-10-20 18:14 -------- d-------- C:\Documents and Settings\metal.kanar\Application Data\vlc
2006-10-15 18:42 301 --a------ C:\WINDOWS\Vue 5 Infinite.reg
2006-10-15 18:28 -------- d-------- C:\Program Files\e-on software
2006-10-15 18:03 -------- d-------- C:\Documents and Settings\metal.kanar\Application Data\Adobe
2006-10-15 17:59 -------- d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2006-10-15 17:59 -------- d-------- C:\Program Files\Fichiers communs\Adobe
2006-10-15 17:58 -------- d-------- C:\Program Files\Adobe
2006-10-15 17:53 -------- d-------- C:\Documents and Settings\metal.kanar\Application Data\mirage
2006-10-15 17:18 -------- d-------- C:\Program Files\Windows Media Player
2006-10-14 21:47 -------- d-------- C:\Documents and Settings\metal.kanar\Application Data\Macromedia
2006-10-14 21:40 -------- d-------- C:\Program Files\Java
2006-10-14 21:15 -------- d-------- C:\Documents and Settings\metal.kanar\Application Data\Ahead
2006-10-14 20:56 -------- d-------- C:\Program Files\Azureus
2006-10-14 20:43 -------- d-------- C:\Documents and Settings\metal.kanar\Application Data\Google
2006-10-14 20:42 -------- d-------- C:\Program Files\Google
2006-10-14 20:40 -------- d-------- C:\Program Files\Giganology
2006-10-14 20:37 -------- d-------- C:\Program Files\WinRAR
2006-10-14 19:57 62 --ahs---- C:\Documents and Settings\metal.kanar\Application Data\desktop.ini
2006-10-14 19:30 -------- d-------- C:\Program Files\Thomson
2006-10-14 19:23 -------- d-------- C:\Documents and Settings\metal.kanar\Application Data\Identities
2006-10-14 19:05 -------- d--h----- C:\Program Files\WindowsUpdate
2006-10-14 19:04 -------- d-------- C:\Program Files\Messenger
2006-10-14 18:39 -------- d-------- C:\Program Files\GameSpy Arcade
2006-10-13 00:27 -------- d-------- C:\Program Files\ESET
2006-10-12 23:43 -------- d-------- C:\Program Files\Sunbelt Software
2006-10-12 23:06 -------- d-------- C:\Program Files\VirtualDJ
2006-10-12 20:09 -------- d-------- C:\Program Files\Movie Maker
2006-10-12 20:09 -------- d-------- C:\Program Files\Internet Explorer
2006-10-12 20:08 -------- d-------- C:\Program Files\NetMeeting
2006-10-12 20:07 -------- d-------- C:\Program Files\Outlook Express
2006-10-12 20:07 -------- d-------- C:\Program Files\Fichiers communs\System
2006-10-12 18:14 -------- d-------- C:\Program Files\support.com
2006-10-12 00:33 -------- d-------- C:\Program Files\Fichiers communs\Ahead
2006-10-12 00:32 -------- d-------- C:\Program Files\Nero
2006-09-29 18:13 -------- d-------- C:\Program Files\Maxthon
2006-09-28 19:23 -------- d-------- C:\Program Files\Nouveau dossier
2006-09-27 19:15 -------- d-------- C:\Program Files\Macromedia
2006-09-27 14:22 -------- d-------- C:\Program Files\Ahead
2006-09-26 14:08 -------- d-------- C:\Program Files\Webteh
2006-09-26 00:52 -------- d-------- C:\Program Files\ASUS
2006-09-26 00:48 -------- d-------- C:\Program Files\VIA
2006-09-26 00:44 -------- d-------- C:\Program Files\AMD
2006-09-25 18:49 -------- d-------- C:\Program Files\MUSK Codec Pack Lite!
2006-09-25 17:52 -------- d-------- C:\Program Files\Windows Live Toolbar
2006-09-25 16:41 -------- d-------- C:\Program Files\ComPlus Applications
2006-09-14 13:32 -------- d-------- C:\Program Files\Wanadoo
2006-09-11 12:33 -------- d-------- C:\Program Files\Bauhaus
2006-09-05 15:39 -------- d-------- C:\Program Files\vso
2006-09-05 01:44 -------- d-------- C:\Program Files\BlackIsle
2006-08-26 20:51 -------- d-------- C:\Program Files\Trust
2006-08-02 22:30 278528 --a------ C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Fichiers communs\\Ahead\\lib\\NMBgMonitor.exe\""
"eMuleAutoStart"="C:\\coincoin\\eMule\\emule.exe -AutoStart"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Gigaget"="\"C:\\Program Files\\Giganology\\Gigaget\\GigagetShell.exe\" /s"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"NeroFilterCheck"="C:\\WINDOWS\\System32\\NeroCheck.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"Smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"SNPSTD2"="C:\\WINDOWS\\vsnpstd2.exe"
"Repair Registry Pro"="C:\\Program Files\\Repair Registry Pro\\RepairRegistryPro.exe -s"
"Winamp Agent"="C:\\WINDOWS\\System32\\winamp.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,04,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,06,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{3A947772-3B29-41DB-A436-4B5CAAECE2F6}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjifge
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtsqq

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

Completion time: 06-10-26 1:33:47.98
C:\ComboFix.txt ... 06-10-26 01:33







SmitFraudFix v2.113

Rapport fait à 1:39:18,03, 26/10/2006
Executé à partir de C:\Documents and Settings\metal.kanar\Bureau\anti v solution\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\keyboard1.dat PRESENT !
C:\WINDOWS\newname.dat PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\metal.kanar


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\metal.kanar\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\METAL~1.KAN\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin








Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 26/10/2006 01:50:05


Attempting to delete infected files...

Making registry repairs.


Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrateurs - Succeeded
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 18
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
26 oct. 2006 à 10:11
Slt,

Pour avancer

Fais l'option 2 de smitfraud
stp

Télécharge ceci: (merci a S!RI pour ce programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
TUTO :: http://siri.urz.free.fr/Fix/SmitfraudFix.php

Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.
----------------------------------------------------------------------------
Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
Relance le programme Smitfraud,
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum

========================================
Refais un Hitjackthis

A++
0
Réponse 6 / 18
lucie
26 oct. 2006 à 14:01
qSmitFraudFix v2.113

Rapport fait à 13:46:13,95, 26/10/2006
Executé à partir de C:\Documents and Settings\metal.kanar\Bureau\anti v solution\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» C:\

C:\drsmartload?.exe PRESENT !
C:\drsmartload??.exe PRESENT !
C:\drsmartload???.exe PRESENT !
C:\drsmartload????.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\keyboard1.dat PRESENT !
C:\WINDOWS\newname.dat PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\metal.kanar


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\metal.kanar\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\METAL~1.KAN\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin



----------------------------------------------





SmitFraudFix v2.113

Rapport fait à 13:51:52,40, 26/10/2006
Executé à partir de C:\Documents and Settings\metal.kanar\Bureau\anti v solution\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\drsmartload?.exe supprimé
C:\WINDOWS\keyboard1.dat supprimé
C:\WINDOWS\newname.dat supprimé

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin






Logfile of HijackThis v1.99.1
Scan saved at 13:55:08, on 26/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\System32\gigagetbho_v10.dll
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\System32\ljvuyexr.dll
O2 - BHO: (no name) - {3A947772-3B29-41DB-A436-4B5CAAECE2F6} - C:\WINDOWS\System32\ljjifge.dll
O2 - BHO: (no name) - {7135F278-0364-4768-8D21-F8B61929BDF3} - C:\WINDOWS\System32\vtsqq.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Gigaget] "C:\Program Files\Giganology\Gigaget\GigagetShell.exe" /s
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [Repair Registry Pro] C:\Program Files\Repair Registry Pro\RepairRegistryPro.exe -s
O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [eMuleAutoStart] C:\coincoin\eMule\emule.exe -AutoStart
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .m4v: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ljjifge - C:\WINDOWS\SYSTEM32\ljjifge.dll
O20 - Winlogon Notify: vtsqq - C:\WINDOWS\System32\vtsqq.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LSA Shel (Export Version) - Unknown owner - C:\WINDOWS\lsass.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
0
Réponse 7 / 18
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
26 oct. 2006 à 14:37
Hitjackthis en mode normal stp
0
Réponse 8 / 18
lucie
26 oct. 2006 à 16:38
Logfile of HijackThis v1.99.1
Scan saved at 16:35:40, on 26/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\lsass.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Giganology\Gigaget\GigagetShell.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\vsnpstd2.exe
C:\WINDOWS\System32\winamp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\System32\gigagetbho_v10.dll
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\System32\ljvuyexr.dll
O2 - BHO: (no name) - {3A947772-3B29-41DB-A436-4B5CAAECE2F6} - C:\WINDOWS\System32\ljjifge.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {B7736116-1CD7-4520-BDA9-852FD7CDB64C} - C:\WINDOWS\System32\vtsqq.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Gigaget] "C:\Program Files\Giganology\Gigaget\GigagetShell.exe" /s
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [Repair Registry Pro] C:\Program Files\Repair Registry Pro\RepairRegistryPro.exe -s
O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [eMuleAutoStart] C:\coincoin\eMule\emule.exe -AutoStart
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .m4v: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ljjifge - C:\WINDOWS\SYSTEM32\ljjifge.dll
O20 - Winlogon Notify: vtsqq - C:\WINDOWS\System32\vtsqq.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LSA Shel (Export Version) - Unknown owner - C:\WINDOWS\lsass.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
0
Réponse 9 / 18
lucie
26 oct. 2006 à 18:24
Je continue a subir des attaques!!!
0
Réponse 10 / 18
did71 Messages postés 2187 Date d'inscription vendredi 24 mars 2006 Statut Contributeur sécurité Dernière intervention 30 janvier 2010 36
26 oct. 2006 à 18:47
Bonjour Lucie,

On continue la désinfection!

Télécharge VundoFix.exe (par Atribune) sur ton Bureau:

http://www.atribune.org/public-beta/VundoFix.exe

Double-clique VundoFix.exe afin de le lancer
Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
Clique sur le bouton Scan for Vundo
Lorsque le scan est complété, clique sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK

Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

a+
0
Réponse 11 / 18
lucie
26 oct. 2006 à 23:53
VundoFix V6.2.6

Checking Java version...

Java version is 1.5.0.6

Java version is 1.5.0.7

Scan started at 21:10:50 26/10/2006

Listing files found while scanning....

C:\WINDOWS\system32\awtqnkh.dll
C:\WINDOWS\system32\cbxwvwx.dll
C:\WINDOWS\system32\cbxyvsr.dll
C:\WINDOWS\system32\ddcyayv.dll
C:\WINDOWS\system32\khfedee.dll
C:\WINDOWS\system32\ljjifge.dll
C:\WINDOWS\system32\ljvuyexr.dll
C:\WINDOWS\system32\mljjjhf.dll
C:\WINDOWS\system32\nnnnkll.dll
C:\WINDOWS\system32\qomkheb.dll
C:\WINDOWS\system32\vtusttr.dll
C:\WINDOWS\System32\vtsqq.dll
C:\WINDOWS\System32\qqstv.ini
C:\WINDOWS\System32\qqstv.bak1

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtqnkh.dll
C:\WINDOWS\system32\awtqnkh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxwvwx.dll
C:\WINDOWS\system32\cbxwvwx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxyvsr.dll
C:\WINDOWS\system32\cbxyvsr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcyayv.dll
C:\WINDOWS\system32\ddcyayv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfedee.dll
C:\WINDOWS\system32\khfedee.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ljjifge.dll
C:\WINDOWS\system32\ljjifge.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ljvuyexr.dll
C:\WINDOWS\system32\ljvuyexr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljjjhf.dll
C:\WINDOWS\system32\mljjjhf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnnkll.dll
C:\WINDOWS\system32\nnnnkll.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qomkheb.dll
C:\WINDOWS\system32\qomkheb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtusttr.dll
C:\WINDOWS\system32\vtusttr.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\vtsqq.dll
C:\WINDOWS\System32\vtsqq.dll Could not be deleted.

Attempting to delete C:\WINDOWS\System32\qqstv.ini
C:\WINDOWS\System32\qqstv.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\qqstv.bak1
C:\WINDOWS\System32\qqstv.bak1 Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ljjifge.dll
C:\WINDOWS\system32\ljjifge.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\vtsqq.dll
C:\WINDOWS\System32\vtsqq.dll Has been deleted!

Performing Repairs to the registry.
Done!






Logfile of HijackThis v1.99.1
Scan saved at 23:50:12, on 26/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\lsass.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Giganology\Gigaget\GigagetShell.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\vsnpstd2.exe
C:\WINDOWS\System32\winamp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\System32\gigagetbho_v10.dll
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\System32\ljvuyexr.dll (file missing)
O2 - BHO: (no name) - {26DAF2EB-A907-4B43-94A5-C829C03C62C7} - C:\WINDOWS\System32\vtsqq.dll (file missing)
O2 - BHO: (no name) - {3A947772-3B29-41DB-A436-4B5CAAECE2F6} - C:\WINDOWS\System32\ljjifge.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Gigaget] "C:\Program Files\Giganology\Gigaget\GigagetShell.exe" /s
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [Repair Registry Pro] C:\Program Files\Repair Registry Pro\RepairRegistryPro.exe -s
O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [eMuleAutoStart] C:\coincoin\eMule\emule.exe -AutoStart
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .m4v: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LSA Shel (Export Version) - Unknown owner - C:\WINDOWS\lsass.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
0
Réponse 12 / 18
did71 Messages postés 2187 Date d'inscription vendredi 24 mars 2006 Statut Contributeur sécurité Dernière intervention 30 janvier 2010 36
27 oct. 2006 à 21:38
bonsoir lucie,

1)désinstalle via ajout/suppression de programme :

VSToolbar
Repair Registry Pro

2) relance hijackthis, coche les lignes citées ci dessous et fix checked (toutes fenêtres IE fermées) :


O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\System32\ljvuyexr.dll (file missing)
O2 - BHO: (no name) - {26DAF2EB-A907-4B43-94A5-C829C03C62C7} - C:\WINDOWS\System32\vtsqq.dll (file missing)
O2 - BHO: (no name) - {3A947772-3B29-41DB-A436-4B5CAAECE2F6} - C:\WINDOWS\System32\ljjifge.dll (file missing)
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O4 - HKLM\..\Run: [Repair Registry Pro] C:\Program Files\Repair Registry Pro\RepairRegistryPro.exe -s

3) passe un scan en ligne ici:

http://www.bitdefender.fr/scan8/ie.html

4) poste le rapport bitdefender ainsi qu'un nouvel hijackthis.

a+
0
Réponse 13 / 18
lucie
28 oct. 2006 à 11:49
Logfile of HijackThis v1.99.1
Scan saved at 11:37:22, on 28/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\lsass.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\vsnpstd2.exe
C:\WINDOWS\System32\winamp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\windows\pak.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Giganology\Gigaget\Gigaget.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\System32\gigagetbho_v10.dll
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\System32\ljvuyexr.dll (file missing)
O2 - BHO: (no name) - {26DAF2EB-A907-4B43-94A5-C829C03C62C7} - C:\WINDOWS\System32\vtsqq.dll (file missing)
O2 - BHO: (no name) - {3A947772-3B29-41DB-A436-4B5CAAECE2F6} - C:\WINDOWS\System32\ljjifge.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Gigaget] "C:\Program Files\Giganology\Gigaget\GigagetShell.exe" /s
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [Repair Registry Pro] C:\Program Files\Repair Registry Pro\RepairRegistryPro.exe -s
O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
O4 - HKLM\..\Run: [Services] C:\windows\pak.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [eMuleAutoStart] C:\coincoin\eMule\emule.exe -AutoStart
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .m4v: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LSA Shel (Export Version) - Unknown owner - C:\WINDOWS\lsass.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe




aucune presence de O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll

impossible de lancer le scan bitdefender








Logfile of HijackThis v1.99.1
Scan saved at 11:48:34, on 28/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\lsass.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\vsnpstd2.exe
C:\WINDOWS\System32\winamp.exe
C:\windows\pak.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Giganology\Gigaget\Gigaget.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\System32\gigagetbho_v10.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Gigaget] "C:\Program Files\Giganology\Gigaget\GigagetShell.exe" /s
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
O4 - HKLM\..\Run: [Services] C:\windows\pak.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [eMuleAutoStart] C:\coincoin\eMule\emule.exe -AutoStart
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .m4v: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{4897C1FD-A695-4825-9468-089435E0BD2F}: NameServer = 195.238.2.22 195.238.2.21
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LSA Shel (Export Version) - Unknown owner - C:\WINDOWS\lsass.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
0
Réponse 14 / 18
did71 Messages postés 2187 Date d'inscription vendredi 24 mars 2006 Statut Contributeur sécurité Dernière intervention 30 janvier 2010 36
28 oct. 2006 à 19:00
Bonjour Lucie,

relance hijackthis, coche les lignes citées ci dessous et fix checked (toutes fenêtres IE fermées) :

O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
O4 - HKLM\..\Run: [Services] C:\windows\pak.exe

Vas dans menu démarrer>exécuter> tu écris services.msc> dans la fenêtre qui s'ouvre tu recherches LSA Shel> tu double clic dessus et dans type de démarrage, tu sélectionne désactivé.

Ensuite, Télécharge Killbox sur ton Bureau :

http://www.downloads.subratam.org/KillBox.exe

Double-clique killbox.exe.
Choisis l'option "Delete on reboot".

Copie le texte gras ci-bas (sélectionne tout avec ta souris, clic-droit et "Copier") :

C:\WINDOWS\System32\winamp.exe
C:\windows\pak.exe
C:\WINDOWS\lsass.exe

Clique sur le menu 'File' de KillBox (en haut à gauche) et choisis Paste from clipboard

Tous les fichiers doivent maintenant apparaître dans la boîte "Full Path of File to Delete".
Si tu cliques sur la petite flèche à droite de cette boîte, tu devrais y voir tous les fichiers collés !

Clique sur le bouton : All Files(!important!)

Clique maintenant sur le bouton Kill (cercle rouge avec un X blanc)
Killbox va te demander "...Would like to Reboot now ?", clique YES et attends le redémarrage.
Si tu ne reçois pas ce message, redémarre le PC avec le bouton "Démarrer".

ensuite reposte un rapport hijackthis

a+
0
Réponse 15 / 18
lucie
31 oct. 2006 à 00:18
Logfile of HijackThis v1.99.1
Scan saved at 13:09:25, on 30/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Giganology\Gigaget\GigagetShell.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\vsnpstd2.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMIndexStoreSvr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\System32\gigagetbho_v10.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Gigaget] "C:\Program Files\Giganology\Gigaget\GigagetShell.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [eMuleAutoStart] C:\coincoin\eMule\emule.exe -AutoStart
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .m4v: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
0
Réponse 16 / 18
did71 Messages postés 2187 Date d'inscription vendredi 24 mars 2006 Statut Contributeur sécurité Dernière intervention 30 janvier 2010 36
31 oct. 2006 à 00:22
bonsoir,

le rapport est propre!

Comment se comporte le pc?

a+
0
Réponse 17 / 18
FAB.75010
17 déc. 2007 à 23:55
BONSOIR
J AI UN BROBLEME DE VIRUS
POUVEZ VOUS M AIDER
MERCI

Logfile of HijackThis v1.99.1
Scan saved at 23:46:49, on 17/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\??stem\w?auboot.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Router\Router.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {C1D9AD62-69FC-4359-8B2E-4BE672810F9F} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [podytimed] C:\Program Files\ComPlus Applications\podytimed77798.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Ealr] "C:\DOCUME~1\fab\APPLIC~1\SKS~1\rundll.exe" -vt yazb
O4 - HKCU\..\Run: [Ltxvpj] C:\WINDOWS\??stem\w?auboot.exe
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\fab\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\fab\Application Data\Microsoft\Windows\rayiou.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
0
Réponse 18 / 18
princ3ss3-sunshin3
20 janv. 2008 à 14:38
S'il vous plait aidez moi. Voilà g ce satané virus Win32 PurityScan-Q [trj] sur mon ordinateur et avast n'arive pas à le supprimer car il revient à chaque fois. Est ce que quelqu'un pourrai m'aider assez rapidement s'il vous plait???

Jevous post le rapport qui a été fait avec HijackThis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:37:15, on 20/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\patricia\LOCALS~1\Temp\services.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\mrofinu1148.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\WINDOWS\system32\B3B2BAB3BCBEBFB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\Program Files\SPYWAREfighter\SPYWAREfighter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\17PHolmes1148.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\17PHolmes1148.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {58959612-F0BB-49B8-8003-D63C91EC972E} - C:\Program Files\Internet Explorer\merozC:\DOCUME~1\patricia\LOCALS~1\Temp\mst455101.exe.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Flash Player2] C:\DOCUME~1\patricia\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1148.exe 61A847B5BBF72813339F30466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKLM\..\Run: [1C1B231C252728262] B3B2BAB3BCBEBFB.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
0

Discussions similaires

Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
Menaces HackTool:Win32
LeMax5993 -
lisa4777 -

4 réponses
Detection PUA: win32 Installcore
Nat -
bazfile -

13 réponses
PUABundler:Win32/CandyOpen : dangereux ?
joubine -
bazfile -

2 réponses
infecté par HackTool:Win32/AutoKMS
fredo1968 -
fredo1968 -

5 réponses