Trojan.nebuler attaque

Résolu
Utilisateur anonyme -  
 Utilisateur anonyme -
Bonjour, norton me signale que trojan.nebuler (c:/windows/system 32/winwhx32.dll) infecte mon pc mais il n'arrive pas à le retirer. Comment faire pour le supprimer ? Merci.
A voir également:

50 réponses

Précédent
Réponse 21 / 50
Utilisateur anonyme
 
Voici le rapport :

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 06:57:08, on 27/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files2\uTorrent\utorrent.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Adrien\Bureau\1\Nouveau dossier\abcde.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files2\FlashGet\jccatch.dll
O2 - BHO: (no name) - {7C24493F-3D23-4258-9426-42C5FC3B8211} - C:\WINDOWS\system32\mljklif.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {DB2733CF-8378-499F-9370-1ED4CEE0941A} - C:\WINDOWS\system32\sstqp.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files2\FlashGet\getflash.dll
O2 - BHO: (no name) - {F2A892FC-D77D-4AE9-887D-144A3F49ACE0} - C:\WINDOWS\system32\ssqpq.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Flashget] D:\Program Files2\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [µTorrent] "D:\Program Files2\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files2\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files2\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files2\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files2\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.serviceshub.microsoft.com/supportforbusiness/create
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: mljklif - C:\WINDOWS\SYSTEM32\mljklif.dll
O20 - Winlogon Notify: sstqp - C:\WINDOWS\system32\sstqp.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
0
Réponse 22 / 50
Utilisateur anonyme
 
cocher + fixer
------------------------------
O2 - BHO: (no name) - {7C24493F-3D23-4258-9426-42C5FC3B8211} - C:\WINDOWS\system32\mljklif.dll
O2 - BHO: (no name) - {DB2733CF-8378-499F-9370-1ED4CEE0941A} - C:\WINDOWS\system32\sstqp.dll
O2 - BHO: (no name) - {F2A892FC-D77D-4AE9-887D-144A3F49ACE0} - C:\WINDOWS\system32\ssqpq.dll (file missing)

O20 - Winlogon Notify: mljklif - C:\WINDOWS\SYSTEM32\mljklif.dll
O20 - Winlogon Notify: sstqp - C:\WINDOWS\system32\sstqp.dll
------------------------------------
ensuite fais ceci:
https://leblogdeclaude.blogspot.com/2007/04/informatique-procdure-smitfraud.html
colles le rapport.

0
Réponse 23 / 50
Utilisateur anonyme
 
Voici le rapport :

SmitFraudFix v2.197

Rapport fait à 20:58:01,65, 27/06/2007
Executé à partir de C:\Documents and Settings\Adrien\Bureau\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est FAT32
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\acer\Acer eConsole\MediaServerService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files2\uTorrent\utorrent.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files2\FlashGet\flashget.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Messenger\msmsgs.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Adrien


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Adrien\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADRIEN\FAVORIS


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\MW\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B454972F-88A4-4D19-BE8F-C81E0D49E960}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B454972F-88A4-4D19-BE8F-C81E0D49E960}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B454972F-88A4-4D19-BE8F-C81E0D49E960}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 24 / 50
Utilisateur anonyme
 
mets ta machine en mode sans échec.
https://leblogdeclaude.blogspot.com/2007/04/informatique-rebooter-xp-en-mode-sans.html
relance Smitfraud avec l'option 2 cette fois.
Colles le rapport ici.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 50
Utilisateur anonyme
 
Voici le rapport :

SmitFraudFix v2.197

Rapport fait à 19:31:56,89, 02/07/2007
Executé à partir de C:\Documents and Settings\Adrien\Bureau\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est FAT32
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\Program Files\MW\ supprimé

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B454972F-88A4-4D19-BE8F-C81E0D49E960}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B454972F-88A4-4D19-BE8F-C81E0D49E960}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage du registre non souhaité.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 26 / 50
Utilisateur anonyme
 
Bien repostes un Log Hijackthis
0
Réponse 27 / 50
Utilisateur anonyme
 
Voici le log :

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14:29:30, on 03/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files2\FlashGet\flashget.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files2\uTorrent\utorrent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Adrien\Bureau\1\Nouveau dossier\abcde.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\ddbmufed.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files2\FlashGet\jccatch.dll
O2 - BHO: (no name) - {7C24493F-3D23-4258-9426-42C5FC3B8211} - C:\WINDOWS\system32\mljklif.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EF53CD4C-D7BC-407B-A11A-DF889D50DB18} - C:\WINDOWS\system32\sstqp.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files2\FlashGet\getflash.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Flashget] D:\Program Files2\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\tefjvgrx.dll",forkonce
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [µTorrent] "D:\Program Files2\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files2\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files2\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files2\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files2\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.serviceshub.microsoft.com/supportforbusiness/create
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: mljklif - C:\WINDOWS\SYSTEM32\mljklif.dll
O20 - Winlogon Notify: sstqp - C:\WINDOWS\system32\sstqp.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
0
Réponse 28 / 50
Utilisateur anonyme
 
Cocher + fixer:
----------------------------

O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\ddbmufed.dll

O2 - BHO: (no name) - {7C24493F-3D23-4258-9426-42C5FC3B8211} - C:\WINDOWS\system32\mljklif.dll

O2 - BHO: (no name) - {EF53CD4C-D7BC-407B-A11A-DF889D50DB18} - C:\WINDOWS\system32\sstqp.dl

O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\tefjvgrx.dll",forkonce
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Flashget] D:\Program Files2\FlashGet\flashget.exe /min
O4 - HKCU\..\Run: [µTorrent] "D:\Program Files2\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9


O20 - Winlogon Notify: mljklif - C:\WINDOWS\SYSTEM32\mljklif.dll
O20 - Winlogon Notify: sstqp - C:\WINDOWS\system32\sstqp.dll
---------------------------------
ensuite:
https://leblogdeclaude.blogspot.com/2007/05/procdure-vundofix.html
-----------------------
ensuite:
°- Télécharge Combofix.exe (par sUBs) sur ton Bureau
< http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe >
Double clique sur l'icône combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.


0
Réponse 29 / 50
Utilisateur anonyme
 
Voici le rapport Vundofix :


VundoFix V6.5.1

Checking Java version...

Sun Java not detected
Scan started at 18:05:59 03/07/2007

Listing files found while scanning....

C:\WINDOWS\system32\pqtss.bak1
C:\WINDOWS\system32\pqtss.bak2
C:\WINDOWS\system32\pqtss.ini
C:\WINDOWS\system32\pqtss.ini2
C:\WINDOWS\system32\pqtss.tmp
C:\WINDOWS\system32\sstqp.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\pqtss.bak1
C:\WINDOWS\system32\pqtss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\pqtss.bak2
C:\WINDOWS\system32\pqtss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\pqtss.ini
C:\WINDOWS\system32\pqtss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pqtss.ini2
C:\WINDOWS\system32\pqtss.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\pqtss.tmp
C:\WINDOWS\system32\pqtss.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstqp.dll
C:\WINDOWS\system32\sstqp.dll Has been deleted!

Performing Repairs to the registry.
Done!
0
Réponse 30 / 50
Utilisateur anonyme
 
Voici le rapport Combofix :

"Adrien" - 2007-07-03 18:19:32 - ComboFix 07-07-03.9 - Service Pack 2 [color=red][b]FAT32 [/b][/color]


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\tefjvgrx.dll
C:\WINDOWS\system32\awvtr.dll
C:\WINDOWS\system32\wspwtjfp.dll
C:\WINDOWS\system32\xryqbukm.dll
C:\WINDOWS\system32\mamtquli.dll
C:\WINDOWS\system32\lqxoirao.dll
C:\WINDOWS\system32\ddbmufed.dll
C:\WINDOWS\system32\mevqwpdx.dll
C:\WINDOWS\system32\xrgvjfet.ini
C:\WINDOWS\system32\rtvwa.ini
C:\WINDOWS\system32\rtvwa.bak1
C:\WINDOWS\system32\mkubqyrx.ini
C:\WINDOWS\system32\iluqtmam.ini
C:\WINDOWS\system32\oarioxql.ini
C:\WINDOWS\system32\xdpwqvem.ini
C:\WINDOWS\system32\mljklif.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1.\TEMP


((((((((((((((((((((((((( Files Created from 2007-06-03 to 2007-07-03 )))))))))))))))))))))))))))))))


2007-07-03 18:18 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-03 10:49 <REP> d-------- C:\Program Files\Netineo Light
2007-07-02 20:54 <REP> d-------- C:\DOCUME~1\Adrien\APPLIC~1\TVSM
2007-07-02 20:27 192,512 --a------ C:\WINDOWS\system32\drivers\gptv.sys
2007-07-02 20:12 <REP> d-------- C:\Program Files\SHOUTcast
2007-07-02 19:28 <REP> d-------- C:\WINDOWS\pss
2007-07-02 18:30 <REP> d-------- C:\Program Files\Netineo
2007-07-01 17:33 528 --a------ C:\WINDOWS\eReg.dat
2007-07-01 17:33 <REP> d-------- C:\Program Files\Maxis
2007-07-01 11:11 811,008 --a------ C:\WINDOWS\system32\cximagecrt.dll
2007-07-01 11:11 2,236,514 --a------ C:\WINDOWS\system32\cximagecrtd.dll
2007-07-01 11:11 2,031,616 --a------ C:\WINDOWS\system32\libmySQL.dll
2007-06-29 18:49 <REP> d-------- C:\Program Files\DJ show
2007-06-28 18:36 <REP> d-------- C:\DOCUME~1\Adrien\APPLIC~1\vlc
2007-06-28 18:35 <REP> d-------- C:\Program Files\Neuf
2007-06-27 20:58 3,780 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-27 20:57 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-06-27 20:57 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-06-26 12:54 <REP> d--h----- C:\VundoFix Backups
2007-06-26 08:21 0 --a------ C:\WINDOWS\system32\bdtthoip.exe
2007-06-25 14:10 28,672 -ra------ C:\WINDOWS\system32\VModes.exe
2007-06-25 14:09 <REP> d-------- C:\Program Files\S3
2007-06-25 13:49 9,216 --a------ C:\WINDOWS\system32\drivers\videX32.sys
2007-06-25 13:49 52,224 --a------ C:\WINDOWS\system32\drivers\ViPrt.sys
2007-06-25 13:49 331,184 --------- C:\WINDOWS\system32\difxapi.dll
2007-06-25 13:49 17,920 --a------ C:\WINDOWS\system32\vIdeInst.dll
2007-06-25 13:49 16,896 --a------ C:\WINDOWS\system32\drivers\ViBus.sys
2007-06-25 13:43 <REP> d-------- C:\Program Files\Lavalys
2007-06-25 08:59 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2007-06-25 08:59 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2007-06-25 08:55 <REP> d-------- C:\Program Files\TV Giant
2007-06-24 20:52 <REP> d-------- C:\Program Files\URUSoft
2007-06-24 13:38 0 --a------ C:\WINDOWS\system32\winopn32.dll
2007-06-23 20:55 <REP> d--hs---- C:\FOUND.002
2007-06-22 17:54 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-06-21 19:47 <REP> d-------- C:\Program Files\SpywareBlaster
2007-06-21 07:23 <REP> d-------- C:\Program Files\CCleaner
2007-06-20 19:51 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-18 21:06 <REP> d-------- C:\DOCUME~1\Adrien\APPLIC~1\CyberLink
2007-06-18 21:04 <REP> d-------- C:\Program Files\Catalencoder
2007-06-18 20:33 <REP> d-------- C:\Program Files\DVD Shrink
2007-06-18 20:33 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2007-06-17 18:39 <REP> d-------- C:\DOCUME~1\Adrien\APPLIC~1\Opera
2007-06-17 18:34 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-06-17 18:34 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
2007-06-17 17:05 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-06-17 17:03 <REP> d-------- C:\Program Files\Navilog1
2007-06-15 14:52 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-06-15 14:40 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2007-06-15 14:40 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2007-06-15 14:37 <REP> d-------- C:\Program Files\Bonjour
2007-06-15 14:19 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2007-06-14 19:53 <REP> d--h----- C:\Deckard
2007-06-10 11:54 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-06-10 11:54 <REP> dr-h----- C:\DOCUME~1\Adrien\APPLIC~1\SecuROM
2007-06-10 11:33 <REP> d-------- C:\Program Files\Alcohol Soft
2007-06-10 11:27 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-06-09 13:33 <REP> d-------- C:\DOCUME~1\Adrien\APPLIC~1\Media Player Classic
2007-06-09 13:32 <REP> d-------- C:\Program Files\Real Alternative
2007-06-09 13:32 <REP> d-------- C:\Program Files\Media Player Classic
2007-06-09 13:32 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
2007-06-09 13:32 <REP> d-------- C:\DOCUME~1\Adrien\APPLIC~1\Real
2007-06-08 19:03 <REP> d-------- C:\Program Files\Fichiers communs\L&H
2007-06-06 19:35 <REP> d-------- C:\Program Files\CamStudio
2007-06-06 08:09 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\River Past G5
2007-06-06 08:09 <REP> d-------- C:\DOCUME~1\Adrien\APPLIC~1\River Past G5
2007-06-04 19:52 <REP> d-------- C:\Program Files\VIA
2007-06-04 19:37 <REP> d-------- C:\DOCUME~1\Adrien\APPLIC~1\gtopala
2007-06-04 19:09 <REP> d--hs---- C:\FOUND.001
2007-06-04 18:01 <REP> d--hs---- C:\FOUND.000
2007-06-03 20:15 <REP> d-------- C:\DOCUME~1\Adrien\APPLIC~1\Help
2007-06-03 16:58 <REP> d-------- C:\Program Files\Windows Defender
2007-06-03 15:27 <REP> d-------- C:\DOCUME~1\Adrien\APPLIC~1\OfficeUpdate12
2007-06-03 15:23 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-01 15:56:26 12,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-06-29 16:50:00 34,304 ----a-w C:\WINDOWS\system32\RCHTXFR.DLL
2007-06-29 16:49:28 290,816 ------w C:\WINDOWS\Setup1.exe
2007-06-27 15:50:02 77,014 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-06-27 15:50:02 472,378 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-05-30 12:16:34 -------- d-----w C:\Program Files\Google Video
2007-05-29 16:50:28 -------- d-----w C:\Program Files\Bullfrog
2007-05-28 16:04:32 -------- d-----w C:\Program Files\QuickTime
2007-05-28 13:04:40 -------- d-----w C:\DOCUME~1\Adrien\APPLIC~1\AdobeUM
2007-05-26 18:02:26 -------- d-----w C:\Program Files\MakeHuman
2007-05-26 10:28:28 2,402 ----a-w C:\WINDOWS\unins000.dat
2007-05-26 10:28:22 714,199 ----a-w C:\WINDOWS\unins000.exe
2007-05-24 05:26:04 -------- d-----w C:\DOCUME~1\Adrien\APPLIC~1\EoRezo
2007-05-20 15:19:40 286,720 ----a-w C:\WINDOWS\iun507.exe
2007-05-20 12:50:50 -------- d-----w C:\Program Files\Vignette
2007-05-20 12:50:42 74,752 ------w C:\WINDOWS\ST6UNST.EXE
2007-05-20 12:10:08 -------- d-----w C:\Program Files\AceIt
2007-05-20 12:09:08 -------- d-----w C:\Program Files\Route_Riter
2007-05-20 12:06:14 -------- d-----w C:\Program Files\Convoi150
2007-05-20 11:20:38 -------- d-----w C:\Program Files\Microsoft Games
2007-05-20 10:13:00 -------- d-----w C:\Program Files\MSN Messenger
2007-05-20 09:19:42 -------- d-----w C:\Program Files\Common Files
2007-05-20 09:19:40 -------- d-----w C:\Program Files\PC Camera
2007-05-20 09:00:16 -------- d-----w C:\Program Files\Google
2007-05-20 09:00:16 -------- d-----w C:\DOCUME~1\Adrien\APPLIC~1\Google
2007-05-20 07:31:40 -------- d-----w C:\Program Files\USBToolbox
2007-05-20 07:25:34 113,561 ----a-w C:\WINDOWS\hpoins07.dat
2007-05-20 07:23:48 -------- d-----w C:\Program Files\Fichiers communs\HP
2007-05-20 07:22:36 -------- d-----w C:\Program Files\Hewlett-Packard
2007-05-20 07:21:44 -------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard
2007-05-20 07:15:44 -------- d-----w C:\Program Files\HP
2007-05-20 07:10:48 -------- d-----w C:\DOCUME~1\Adrien\APPLIC~1\HP
2007-05-19 16:52:18 -------- d-----w C:\Program Files\EA GAMES
2007-05-19 16:30:52 -------- d-----w C:\Program Files\MSXML 4.0
2007-05-19 16:30:18 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-05-19 14:56:42 -------- d-----w C:\Program Files\DivX
2007-05-19 14:03:20 -------- d-----w C:\Program Files\SymNetDrv
2007-05-19 13:41:32 -------- d-----w C:\DOCUME~1\Adrien\APPLIC~1\XnView
2007-05-19 13:37:48 -------- d-----w C:\DOCUME~1\Adrien\APPLIC~1\uTorrent
2007-05-19 13:37:36 -------- d-----w C:\Program Files\Microsoft Encarta
2007-05-19 13:34:04 -------- d-----w C:\Program Files\Microsoft AutoRoute
2007-05-19 13:28:40 -------- d-----w C:\Program Files\Microsoft Works Suite 2003
2007-05-19 13:19:02 -------- d-----w C:\Program Files\Microsoft Works
2007-05-19 13:17:56 -------- d-----w C:\Program Files\Microsoft.NET
2007-05-19 13:01:48 -------- d-----w C:\Program Files\Fichiers communs\ArcSoft
2007-05-16 15:13:54 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-28 09:21:02 1,900,544 ----a-w C:\WINDOWS\system32\vticd.dll
2007-04-28 09:16:08 3,565,440 ----a-w C:\WINDOWS\system32\vtdisp.dll
2007-04-26 11:32:32 544,768 ----a-w C:\WINDOWS\system32\VTovrlay.dll
2007-04-25 14:22:36 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-25 13:50:00 327,680 ----a-w C:\WINDOWS\system32\VTInfo2.dll
2007-04-25 13:41:26 176,128 ----a-w C:\WINDOWS\system32\VTTrayp.exe
2007-04-25 13:24:58 647,168 ----a-w C:\WINDOWS\system32\VTDisply.dll
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 04:28:18 462,848 ----a-w C:\WINDOWS\system32\VTGamma2.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-11 09:04:16 524,288 ----a-w C:\WINDOWS\opuc.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2004-12-14 01:56 63136 --a------ c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
2007-05-16 11:03 94308 --a------ D:\Program Files2\FlashGet\jccatch.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
2005-08-30 15:39 218736 --a------ C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF53CD4C-D7BC-407B-A11A-DF889D50DB18}]
C:\WINDOWS\system32\sstqp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
2007-05-16 07:05 163840 --a------ D:\Program Files2\FlashGet\getflash.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-02-21 16:29]
"eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-06-20 09:03]
"AGRSMMSG"="AGRSMMSG.exe" [2004-04-13 12:49 C:\WINDOWS\AGRSMMSG.exe]
"VTTimer"="VTTimer.exe" [2006-09-14 18:54 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2007-04-25 15:41 C:\WINDOWS\system32\VTTrayp.exe]
"AspireService"="C:\Program Files\Acer\Acer eMode Management\AspireService.exe" [2005-06-04 12:40]
"MediaSync"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe" [2005-06-01 14:25]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-05-19 16:03]
"Cmaudio"="cmicnfg.cpl" []
"SoundMan"="SOUNDMAN.EXE" [2005-06-08 08:31 C:\WINDOWS\SOUNDMAN.EXE]
"Flashget"="D:\Program Files2\FlashGet\flashget.exe" [2007-05-16 15:02]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"@"="" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00]
"µTorrent"="D:\Program Files2\uTorrent\utorrent.exe" [2007-02-15 22:17]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]


Contents of the 'Scheduled Tasks' folder
2007-06-22 18:00:20 C:\WINDOWS\tasks\Norton AntiVirus - Analyser mon ordinateur - Adrien.job
2007-07-03 16:12:32 C:\WINDOWS\tasks\MP Scheduled Scan.job

**************************************************************************

catchme 0.3.914 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-03 18:26:25
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-03 18:29:02 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-03 18:29

--- E O F ---
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\tefjvgrx.dll
C:\WINDOWS\system32\awvtr.dll
C:\WINDOWS\system32\wspwtjfp.dll
C:\WINDOWS\system32\xryqbukm.dll
C:\WINDOWS\system32\mamtquli.dll
C:\WINDOWS\system32\lqxoirao.dll
C:\WINDOWS\system32\ddbmufed.dll
C:\WINDOWS\system32\mevqwpdx.dll
C:\WINDOWS\system32\xrgvjfet.ini
C:\WINDOWS\system32\rtvwa.ini
C:\WINDOWS\system32\rtvwa.bak1
C:\WINDOWS\system32\mkubqyrx.ini
C:\WINDOWS\system32\iluqtmam.ini
C:\WINDOWS\system32\oarioxql.ini
C:\WINDOWS\system32\xdpwqvem.ini
C:\WINDOWS\system32\mljklif.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1.\TEMP


((((((((((((((((((((((((( Files Created from 2007-06-03 to 2007-07-03 )))))))))))))))))))))))))))))))
0
Réponse 31 / 50
Utilisateur anonyme
 
Après avoir fait ce combofix, l'heure ne s'affiche plus sur la barre des tâches (celle où il y a démarrer).
0
Réponse 32 / 50
Utilisateur anonyme
 
Tiens....curieux ça ?
Jamais vu ce soucis avec l'outil....à moins que des fichiers étaient altérés par le virus, et virer ?
Bien, à part le fait que l'heure ne veut plus s'afficher, comment va ce PC ?
(on verra ça après)
0
Réponse 33 / 50
Dri60
 
Non, j'ai redémarrer le pc et l'heure est revenue.
0
Réponse 34 / 50
Utilisateur anonyme
 
ok,
refaits ceci:
https://leblogdeclaude.blogspot.com/2007/03/informatique-procdure-navifix.html
postes le log
0
Réponse 35 / 50
Utilisateur anonyme
 
Voici le log :

Search Navipromo version 2.0.3 commencé le 26/06/2007 à 11:03:46,81

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 08.06.2007 a 17h00 by IL-MAFIOSO

Executé en mode normal

*** Recherche Programmes installes ***




*** Recherche dossiers dans C:\WINDOWS ***




*** Recherche dossiers dans C:\Program Files ***




*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\Adrien\Application Data ***



*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
https://www.f-secure.com/en


F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================

Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of April, 2007.
Version information: 2.2.1061.

[+] Started on 06/26/07 at 11:03:51.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items .................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 06/26/07 at 11:04:11 (return code = 0).


*** Recherche fichiers ***




*** Recherche cles registre ***


Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]



Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]



Recherche Clé Magic Control



*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

C:\WINDOWS\system32\qpqss.bak1 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\qpqss.bak2 trouvé ! infection Vundo possible non traité par cet outil !

2)Recherche Heuristique :
*
**
***
****
*****
******
*******
********


*** Analyse Terminé le 26/06/2007 à 11:04:30,50 ***
Search Navipromo version 2.0.5 commencé le 2007-07-05 à 18:56:24.31

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 01.07.2007 a 12h00 by IL-MAFIOSO

Executé en mode normal

*** Recherche Programmes installes ***




*** Recherche dossiers dans C:\WINDOWS ***




*** Recherche dossiers dans C:\Program Files ***




*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\Adrien\Application Data ***



*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
https://www.f-secure.com/en


F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================

Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of October, 2007.
Version information: 2.2.1064.

[+] Started on 07/05/07 at 18:56:27.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items ................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 07/05/07 at 18:56:44 (return code = 0).


*** Recherche fichiers ***




*** Recherche cles registre ***


Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]



Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]



Recherche Clé Magic Control



*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:


2)Recherche Heuristique :
*
**
***
****
*****
******
*******
********

3)Recherche Certificats :


*** Analyse Terminé le 2007-07-05 à 18:57:06.89 ***
0
Réponse 36 / 50
Utilisateur anonyme
 
Bien, fait ceci:
https://leblogdeclaude.blogspot.com/2007/05/procdure-vundofix.html
0
Réponse 37 / 50
Utilisateur anonyme
 
Il n'a rien trouvé.
0
Réponse 38 / 50
Utilisateur anonyme
 
C'est bon signe, en fait.
Bien, à ce point refais un log Hijackthis.
merci.
0
Réponse 39 / 50
Utilisateur anonyme
 
Voici le log :

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19:02, on 2007-07-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files2\uTorrent\utorrent.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Adrien\Bureau\1\Nouveau dossier\abcde.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files2\FlashGet\jccatch.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EF53CD4C-D7BC-407B-A11A-DF889D50DB18} - C:\WINDOWS\system32\sstqp.dll (file missing)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files2\FlashGet\getflash.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Flashget] D:\Program Files2\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [µTorrent] "D:\Program Files2\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files2\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files2\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files2\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files2\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.serviceshub.microsoft.com/supportforbusiness/create
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
0
Réponse 40 / 50
Utilisateur anonyme
 
Voici le rapport :

Scanning Report
Saturday, July 07, 2007 09:46:44 - 11:01:04
Computer name: ACER-73356C3771
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\


--------------------------------------------------------------------------------

Result: 85 malware found
NetworkWorm.ABJ (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP52\A0014066.EXE (Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP52\A0014067.EXE (Submitted)
Tracking Cookie (spyware)
System (Disinfected)
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
Trojan-Downloader.Win32.Agent.bls (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP55\A0016554.EXE (Renamed & Submitted)
Trojan-Downloader.Win32.Small.dod (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP53\A0014462.EXE (Renamed & Submitted)
Trojan-Downloader.Win32.Tiny.id (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP59\A0017174.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\7C0F6F88.EXE (Renamed & Submitted)
Trojan.Win32.Agent.aoy (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP58\A0016893.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\0AC471A3 (Renamed & Submitted)
C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\0AC471A3.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\7E721AE8.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\09F329AC.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\65C21E5A.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\075641AF.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\4AFD4E61.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\5886517C.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\446E4073.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\4A123E3E.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\64C612DA.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\22226B9C.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\60145772.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\456A37EE.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\473901F0.EXE (Renamed & Submitted)
Trojan.Win32.Agent.qt (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP52\A0014068.EXE (Renamed & Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP52\A0014069.EXE (Renamed & Submitted)
Trojan.Win32.BHO.bd (virus)
C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\46C645FF.DLL (Renamed & Submitted)
C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\1D5066C4.DLL (Renamed & Submitted)
C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\5409551C.DLL (Renamed & Submitted)
C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\1B6501B8.DLL (Renamed & Submitted)
C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\42A46F19.DLL (Renamed & Submitted)
C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\1D4E5A78.DLL (Renamed & Submitted)
C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\67B61290 (Renamed & Submitted)
Trojan.Win32.BHO.o (virus)
C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\284439C8 (Renamed & Submitted)
Trojan.Win32.Dialer.qn (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP59\A0017212.DLL (Renamed & Submitted)
C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\35705B87.DLL (Renamed & Submitted)
Vundo.gen32 (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP69\A0021149.DLL (Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP69\A0021150.DLL (Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP65\A0018666.DLL (Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP58\A0016904.DLL (Submitted)
C:\DOCUMENTS AND SETTINGS\ADRIEN\BUREAU\1\NOUVEAU DOSSIER\BACKUPS\BACKUP-20070626-105931-193.DLL (Submitted)
W32/BHO.dam (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP65\A0018695.DLL (Submitted)
C:\DOCUMENTS AND SETTINGS\ADRIEN\BUREAU\1\NOUVEAU DOSSIER\BACKUPS\BACKUP-20070703-180455-165.DLL (Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 60243
System: 4844
Not scanned: 4
Actions:
Disinfected: 1
Renamed: 32
Deleted: 0
None: 52
Submitted: 41
Files not scanned:
C:\HIBERFIL.SYS
C:\DOCUMENTS AND SETTINGS\ADRIEN\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS DEFENDER\FILETRACKER\{F78756E7-5428-49CD-98AB-24773F4D40A2}
C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure Libra: 2.4.2, 2007-07-05
F-Secure AVP: 7.0.171, 2007-07-06
F-Secure Orion: 1.2.37, 2007-07-06
F-Secure Blacklight: 1.0.64
F-Secure Draco: 1.0.35, 0260-23-12
F-Secure Pegasus: 1.19.0, 2007-06-04
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
Use Advanced heuristics
0

Discussions similaires

Clip avec des cannards qui attaques des raccailles style techno
Kzonne -
roublin -

4 réponses
Aide svp modification mot de passe impossible attaque par dictionnaire
marvi1 -
marvi1 -

4 réponses
comment regarder l'attaque des titans saison 1 en streaming ?
Loverlord -
Pliphano -

1 réponse
Attaque des titans saison 1en vf
Tonitea99 -
Pierrecastor -

3 réponses