Sujet Précédent Sujet Suivant

[Trojan] Rien a faire

Résolu/Fermé
Bqstien Messages postés 13 Date d'inscription mardi 3 juillet 2007 Statut Membre Dernière intervention 10 avril 2011 - 3 juil. 2007 à 20:53
did71 Messages postés 2187 Date d'inscription vendredi 24 mars 2006 Statut Contributeur sécurité Dernière intervention 30 janvier 2010 - 5 juil. 2007 à 21:25
Bonjour, j'ai eu virus enfin un programme que j'ai ouvert, il m'a fait beug le PC j'ai fait plusieurs scan :

. 2 Spybot
. 1 Avast
. 2 Ad-adware
. 2 Nod32

Beaucoup de problemes ont été amélioré, je suis un playeur CS et c'était injouable ( 600 et + de ping ) avec un pc qui tournait ... en pédalant :P maintenant j'pédale un peu moins et j'ai 50 de ping mais j'ai 20 FPS !!

J'me suis dit " tu devrais réinstallé steam " rien n'y fait j'ai beau fermé tout rien ! Le PC lui ne veut rien entendre défois même il s'arrete pendant 5 - 10sec et reprend, c'est vraiment insuportable !!
Je supose que j'ai un vers, ou alors y'a d'autre trojan etc mais j'ai fait tout ce que j'savais faire.

C'est pourquoi je m'en réfère a votre aide :P

et voici le rapport de de HijackThis :

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:42:44, on 03/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
G:\Program Files\Steam\Steam.exe
C:\WINDOWS\system32\WgaTray.exe
G:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\WINDOWS\system32\wuauclt.exe
F:\FlashFXP\FlashFXP.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Notepad++\notepad++.exe
C:\Documents and Settings\SqkO\Bureau\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.huddi.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fmeteo%2f%3f
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {04BA60C8-0DE8-45C3-8703-F8937851EFC6} - (no file)
O2 - BHO: (no name) - {05763A93-AB24-4536-9D82-2AB578F2A23A} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A7B9383-B2A6-41C8-87D5-D6FC0B4ADD58} - (no file)
O2 - BHO: (no name) - {1A1C6B23-9DC2-4D0F-BEEC-C02EA23CFDE8} - (no file)
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\imsanaxv.dll
O2 - BHO: (no name) - {2E26B6B2-AB45-4D80-8AB5-5455D1B8D0C2} - (no file)
O2 - BHO: (no name) - {40897190-A638-40BF-920E-AE23617255D2} - C:\WINDOWS\system32\sstqn.dll
O2 - BHO: Microsoft MSJava 32 - {43F7497C-7687-4DEA-A057-F21BD81BC896} - C:\WINDOWS\system32\msjava32.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - G:\Program Files\eoRezo\EoAdv\EoRezobho.dll
O2 - BHO: (no name) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7C1E7C27-0F04-493D-8E48-885BE604B097} - (no file)
O2 - BHO: (no name) - {7DF7CEBF-4DD4-498D-9CCB-A052161F0397} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {80F59EB6-5D04-403F-A77D-A57AA35BD4AC} - (no file)
O2 - BHO: (no name) - {8C1DEA52-251B-4D51-A725-6245A27A0A0D} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file)
O2 - BHO: (no name) - {97B9F81E-5B3C-4AF2-B664-353F284003C9} - (no file)
O2 - BHO: (no name) - {9B081111-AB73-42D0-B9F5-8D3302F2AFE2} - (no file)
O2 - BHO: (no name) - {A6807262-1D7A-44AB-947B-23B71E97915C} - C:\WINDOWS\system32\rqromno.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {DFD14A8F-D9CE-40A3-B1FF-DAD1D2A7EE81} - C:\WINDOWS\system32\sstqn.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - F:\FlashFXP\IEFlash.dll
O2 - BHO: (no name) - {E6B5138E-3864-4069-A432-74B77DA43973} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [SC2] C:\WINDOWS\system32\scchk32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Updater Servc] C:\WINDOWS\system32\xpuupdate.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\obenskix.dll",forkonce
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win449.tmp.exe
O4 - HKLM\..\Run: [avast!] F:\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Steam] "f:\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: avast! Antivirus (2).lnk = F:\Alwil Software\Avast4\ashAvast.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O20 - Winlogon Notify: 8àð - 8àð (file missing)
O20 - Winlogon Notify: instcat - C:\WINDOWS\SYSTEM32\instcat.dll
O20 - Winlogon Notify: rqromno - C:\WINDOWS\SYSTEM32\rqromno.dll
O20 - Winlogon Notify: sstqn - C:\WINDOWS\system32\sstqn.dll
O20 - Winlogon Notify: X - X (file missing)
O20 - Winlogon Notify: ¸`p - ¸`p (file missing)
O20 - Winlogon Notify: 𘨠- 𘨠(file missing)
O20 - Winlogon Notify: Ø€ - Ø€ (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\lsrwjbah.exe (file missing)
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - F:\FileZilla Server\FileZilla Server.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
A voir également:

19 réponses

Réponse 1 / 19
did71 Messages postés 2187 Date d'inscription vendredi 24 mars 2006 Statut Contributeur sécurité Dernière intervention 30 janvier 2010 36
3 juil. 2007 à 21:24
bonsoir,

* Télécharge VundoFix.exe (par Atribune) sur ton Bureau:

http://www.atribune.org/public-beta/VundoFix.exe

* Double-clique VundoFix.exe afin de le lancer
* Clique sur le bouton Scan for Vundo
* Lorsque le scan est complété, clique sur le bouton Remove Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
* Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".


a+
0
Réponse 2 / 19
Bqstien Messages postés 13 Date d'inscription mardi 3 juillet 2007 Statut Membre Dernière intervention 10 avril 2011
4 juil. 2007 à 08:33
Bonjour, merci de m'aider :)

Alors voilà le rapport VundoFix :


VundoFix V6.5.4

Checking Java version...

Java version is 1.4.2.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 08:20:36 04/07/2007

Listing files found while scanning....

C:\windows\system32\awutmipu.ini
C:\windows\system32\biwpbare.ini
C:\windows\system32\dwsbvaov.ini
C:\windows\system32\dwwwupnk.ini
C:\windows\system32\efcdcda.dll
C:\windows\system32\erabpwib.dll
C:\windows\system32\gshhvlru.dll
C:\WINDOWS\system32\imsanaxv.dll
C:\windows\system32\knpuwwwd.dll
C:\windows\system32\mhrljhwu.ini
C:\windows\system32\nqtss.bak1
C:\windows\system32\nqtss.bak2
C:\windows\system32\nqtss.ini
C:\windows\system32\nqtss.ini2
C:\windows\system32\nqtss.tmp
C:\windows\system32\obenskix.dll
C:\windows\system32\oocfhoyo.dll
C:\windows\system32\oyohfcoo.ini
C:\windows\system32\rqromno.dll
C:\windows\system32\rqrrqom.dll
C:\WINDOWS\system32\sstqn.dll
C:\windows\system32\upimtuwa.dll
C:\windows\system32\urlvhhsg.ini
C:\WINDOWS\system32\uwhjlrhm.dll
C:\windows\system32\voavbswd.dll
C:\windows\system32\xiksnebo.ini

Beginning removal...

Attempting to delete C:\windows\system32\awutmipu.ini
C:\windows\system32\awutmipu.ini Has been deleted!

Attempting to delete C:\windows\system32\biwpbare.ini
C:\windows\system32\biwpbare.ini Has been deleted!

Attempting to delete C:\windows\system32\dwsbvaov.ini
C:\windows\system32\dwsbvaov.ini Has been deleted!

Attempting to delete C:\windows\system32\dwwwupnk.ini
C:\windows\system32\dwwwupnk.ini Has been deleted!

Attempting to delete C:\windows\system32\efcdcda.dll
C:\windows\system32\efcdcda.dll Has been deleted!

Attempting to delete C:\windows\system32\erabpwib.dll
C:\windows\system32\erabpwib.dll Has been deleted!

Attempting to delete C:\windows\system32\gshhvlru.dll
C:\windows\system32\gshhvlru.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\imsanaxv.dll
C:\WINDOWS\system32\imsanaxv.dll Has been deleted!

Attempting to delete C:\windows\system32\knpuwwwd.dll
C:\windows\system32\knpuwwwd.dll Has been deleted!

Attempting to delete C:\windows\system32\mhrljhwu.ini
C:\windows\system32\mhrljhwu.ini Has been deleted!

Attempting to delete C:\windows\system32\nqtss.bak1
C:\windows\system32\nqtss.bak1 Has been deleted!

Attempting to delete C:\windows\system32\nqtss.bak2
C:\windows\system32\nqtss.bak2 Has been deleted!

Attempting to delete C:\windows\system32\nqtss.ini
C:\windows\system32\nqtss.ini Has been deleted!

Attempting to delete C:\windows\system32\nqtss.ini2
C:\windows\system32\nqtss.ini2 Has been deleted!

Attempting to delete C:\windows\system32\nqtss.tmp
C:\windows\system32\nqtss.tmp Has been deleted!

Attempting to delete C:\windows\system32\obenskix.dll
C:\windows\system32\obenskix.dll Has been deleted!

Attempting to delete C:\windows\system32\oocfhoyo.dll
C:\windows\system32\oocfhoyo.dll Has been deleted!

Attempting to delete C:\windows\system32\oyohfcoo.ini
C:\windows\system32\oyohfcoo.ini Has been deleted!

Attempting to delete C:\windows\system32\rqromno.dll
C:\windows\system32\rqromno.dll Has been deleted!

Attempting to delete C:\windows\system32\rqrrqom.dll
C:\windows\system32\rqrrqom.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstqn.dll
C:\WINDOWS\system32\sstqn.dll Has been deleted!

Attempting to delete C:\windows\system32\upimtuwa.dll
C:\windows\system32\upimtuwa.dll Has been deleted!

Attempting to delete C:\windows\system32\urlvhhsg.ini
C:\windows\system32\urlvhhsg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\uwhjlrhm.dll
C:\WINDOWS\system32\uwhjlrhm.dll Has been deleted!


Après j'te donne le rapport HijackThis :

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 08:31:11, on 04/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\SqkO\Bureau\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.huddi.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fmeteo%2f%3f
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {04BA60C8-0DE8-45C3-8703-F8937851EFC6} - (no file)
O2 - BHO: (no name) - {05763A93-AB24-4536-9D82-2AB578F2A23A} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A7B9383-B2A6-41C8-87D5-D6FC0B4ADD58} - (no file)
O2 - BHO: (no name) - {1A1C6B23-9DC2-4D0F-BEEC-C02EA23CFDE8} - (no file)
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - (no file)
O2 - BHO: (no name) - {2E26B6B2-AB45-4D80-8AB5-5455D1B8D0C2} - (no file)
O2 - BHO: (no name) - {40897190-A638-40BF-920E-AE23617255D2} - (no file)
O2 - BHO: Microsoft MSJava 32 - {43F7497C-7687-4DEA-A057-F21BD81BC896} - C:\WINDOWS\system32\msjava32.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - G:\Program Files\eoRezo\EoAdv\EoRezobho.dll
O2 - BHO: (no name) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7C1E7C27-0F04-493D-8E48-885BE604B097} - (no file)
O2 - BHO: (no name) - {7DF7CEBF-4DD4-498D-9CCB-A052161F0397} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {80F59EB6-5D04-403F-A77D-A57AA35BD4AC} - (no file)
O2 - BHO: (no name) - {8C1DEA52-251B-4D51-A725-6245A27A0A0D} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file)
O2 - BHO: (no name) - {97B9F81E-5B3C-4AF2-B664-353F284003C9} - (no file)
O2 - BHO: (no name) - {9B081111-AB73-42D0-B9F5-8D3302F2AFE2} - (no file)
O2 - BHO: (no name) - {A6807262-1D7A-44AB-947B-23B71E97915C} - C:\WINDOWS\system32\rqromno.dll (file missing)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {C84DBF69-5EC2-4F01-8769-067F7ACBA200} - C:\WINDOWS\system32\sstqn.dll (file missing)
O2 - BHO: (no name) - {DFD14A8F-D9CE-40A3-B1FF-DAD1D2A7EE81} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - F:\FlashFXP\IEFlash.dll
O2 - BHO: (no name) - {E6B5138E-3864-4069-A432-74B77DA43973} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [SC2] C:\WINDOWS\system32\scchk32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Updater Servc] C:\WINDOWS\system32\xpuupdate.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win449.tmp.exe
O4 - HKLM\..\Run: [avast!] F:\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\ykqoufwi.dll",forkonce
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Steam] "f:\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: avast! Antivirus (2).lnk = F:\Alwil Software\Avast4\ashAvast.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O20 - Winlogon Notify: 8àð - 8àð (file missing)
O20 - Winlogon Notify: instcat - C:\WINDOWS\SYSTEM32\instcat.dll
O20 - Winlogon Notify: rqromno - C:\WINDOWS\
O20 - Winlogon Notify: sstqn - C:\WINDOWS\
O20 - Winlogon Notify: X - X (file missing)
O20 - Winlogon Notify: ¸`p - ¸`p (file missing)
O20 - Winlogon Notify: 𘨠- 𘨠(file missing)
O20 - Winlogon Notify: Ø€ - Ø€ (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\lsrwjbah.exe (file missing)
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - F:\FileZilla Server\FileZilla Server.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
0
Réponse 3 / 19
Bqstien Messages postés 13 Date d'inscription mardi 3 juillet 2007 Statut Membre Dernière intervention 10 avril 2011
4 juil. 2007 à 12:50
J'dois faire quoi maintenant ?
0
Réponse 4 / 19
did71 Messages postés 2187 Date d'inscription vendredi 24 mars 2006 Statut Contributeur sécurité Dernière intervention 30 janvier 2010 36
4 juil. 2007 à 20:17
Bonsoir,

* Relance Vundofix
* Ne clique pas sur "Scan for a vundo"
* Clique droit au milieu de la fenêtre
* Clique sur Add more files ?
* Copie/colle les fichiers ci-dessous ( un par case) :

C:\WINDOWS\system32\ykqoufwi.dll
C:\WINDOWS\SYSTEM32\instcat.dll

* Clique sur Add files
* Ensuite clique sur Close Windows
* Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
* Si l'outils demande un redémarrage, accepte
* Poste le rapport Vundofix, ainsi qu'un nouveau log hijackthis

a+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 19
Bqstien Messages postés 13 Date d'inscription mardi 3 juillet 2007 Statut Membre Dernière intervention 10 avril 2011
4 juil. 2007 à 20:32
Bijour, merci de me répondre

Mais j'comprend pas la derniere phrase tu veux un scna VundoFix ?
0
Réponse 6 / 19
Bqstien Messages postés 13 Date d'inscription mardi 3 juillet 2007 Statut Membre Dernière intervention 10 avril 2011
4 juil. 2007 à 20:49
Salut,

Voilà le rapport VundoFix après le reboot :

VundoFix V6.5.4

Checking Java version...

Java version is 1.4.2.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 20:24:24 04/07/2007

Listing files found while scanning....

C:\WINDOWS\system32\ykqoufwi.dll

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\instcat.dll
C:\WINDOWS\SYSTEM32\instcat.dll Has been deleted!

Performing Repairs to the registry.
Done!

Et ensuite le rapport HiJackThis :

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:48:54, on 04/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\SqkO\Bureau\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.huddi.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fmeteo%2f%3f
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {04BA60C8-0DE8-45C3-8703-F8937851EFC6} - (no file)
O2 - BHO: (no name) - {05763A93-AB24-4536-9D82-2AB578F2A23A} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A7B9383-B2A6-41C8-87D5-D6FC0B4ADD58} - (no file)
O2 - BHO: (no name) - {1A1C6B23-9DC2-4D0F-BEEC-C02EA23CFDE8} - (no file)
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - (no file)
O2 - BHO: (no name) - {2E26B6B2-AB45-4D80-8AB5-5455D1B8D0C2} - (no file)
O2 - BHO: (no name) - {40897190-A638-40BF-920E-AE23617255D2} - (no file)
O2 - BHO: Microsoft MSJava 32 - {43F7497C-7687-4DEA-A057-F21BD81BC896} - C:\WINDOWS\system32\msjava32.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - G:\Program Files\eoRezo\EoAdv\EoRezobho.dll
O2 - BHO: (no name) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7C1E7C27-0F04-493D-8E48-885BE604B097} - (no file)
O2 - BHO: (no name) - {7DF7CEBF-4DD4-498D-9CCB-A052161F0397} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {80F59EB6-5D04-403F-A77D-A57AA35BD4AC} - (no file)
O2 - BHO: (no name) - {8C1DEA52-251B-4D51-A725-6245A27A0A0D} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file)
O2 - BHO: (no name) - {97B9F81E-5B3C-4AF2-B664-353F284003C9} - (no file)
O2 - BHO: (no name) - {9B081111-AB73-42D0-B9F5-8D3302F2AFE2} - (no file)
O2 - BHO: (no name) - {A6807262-1D7A-44AB-947B-23B71E97915C} - C:\WINDOWS\system32\rqromno.dll (file missing)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {C84DBF69-5EC2-4F01-8769-067F7ACBA200} - C:\WINDOWS\system32\sstqn.dll (file missing)
O2 - BHO: (no name) - {DFD14A8F-D9CE-40A3-B1FF-DAD1D2A7EE81} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - F:\FlashFXP\IEFlash.dll
O2 - BHO: (no name) - {E6B5138E-3864-4069-A432-74B77DA43973} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [SC2] C:\WINDOWS\system32\scchk32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Updater Servc] C:\WINDOWS\system32\xpuupdate.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win449.tmp.exe
O4 - HKLM\..\Run: [avast!] F:\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\ykqoufwi.dll",forkonce
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Steam] "f:\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: avast! Antivirus (2).lnk = F:\Alwil Software\Avast4\ashAvast.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O20 - Winlogon Notify: 8àð - 8àð (file missing)
O20 - Winlogon Notify: instcat - C:\WINDOWS\
O20 - Winlogon Notify: rqromno - C:\WINDOWS\
O20 - Winlogon Notify: sstqn - C:\WINDOWS\
O20 - Winlogon Notify: X - X (file missing)
O20 - Winlogon Notify: ¸`p - ¸`p (file missing)
O20 - Winlogon Notify: 𘨠- 𘨠(file missing)
O20 - Winlogon Notify: Ø€ - Ø€ (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\lsrwjbah.exe (file missing)
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - F:\FileZilla Server\FileZilla Server.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
0
Réponse 7 / 19
did71 Messages postés 2187 Date d'inscription vendredi 24 mars 2006 Statut Contributeur sécurité Dernière intervention 30 janvier 2010 36
4 juil. 2007 à 20:50
re,

ne lance pas vundofix comme la première fois et suis la manip, avec add more files!

Voix tu add more files?

a+
0
Réponse 8 / 19
Bqstien Messages postés 13 Date d'inscription mardi 3 juillet 2007 Statut Membre Dernière intervention 10 avril 2011
4 juil. 2007 à 21:01
Bah c'est s'que j'ai !
Tant pis j'le refais :

Alors le rapport VundiFix ( rien n'a changer même pas la date :O )

VundoFix V6.5.4

Checking Java version...

Java version is 1.4.2.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 20:24:24 04/07/2007

Listing files found while scanning....

C:\WINDOWS\system32\ykqoufwi.dll

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\instcat.dll
C:\WINDOWS\SYSTEM32\instcat.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Performing Repairs to the registry.
Done!

( le rapport n'a pas du ce faire ... )

Maintenant de rapport HiJackThis :

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:01:36, on 04/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\SqkO\Bureau\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.huddi.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fmeteo%2f%3f
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {04BA60C8-0DE8-45C3-8703-F8937851EFC6} - (no file)
O2 - BHO: (no name) - {05763A93-AB24-4536-9D82-2AB578F2A23A} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A7B9383-B2A6-41C8-87D5-D6FC0B4ADD58} - (no file)
O2 - BHO: (no name) - {1A1C6B23-9DC2-4D0F-BEEC-C02EA23CFDE8} - (no file)
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - (no file)
O2 - BHO: (no name) - {2E26B6B2-AB45-4D80-8AB5-5455D1B8D0C2} - (no file)
O2 - BHO: (no name) - {40897190-A638-40BF-920E-AE23617255D2} - (no file)
O2 - BHO: Microsoft MSJava 32 - {43F7497C-7687-4DEA-A057-F21BD81BC896} - C:\WINDOWS\system32\msjava32.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - G:\Program Files\eoRezo\EoAdv\EoRezobho.dll
O2 - BHO: (no name) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7C1E7C27-0F04-493D-8E48-885BE604B097} - (no file)
O2 - BHO: (no name) - {7DF7CEBF-4DD4-498D-9CCB-A052161F0397} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {80F59EB6-5D04-403F-A77D-A57AA35BD4AC} - (no file)
O2 - BHO: (no name) - {8C1DEA52-251B-4D51-A725-6245A27A0A0D} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file)
O2 - BHO: (no name) - {97B9F81E-5B3C-4AF2-B664-353F284003C9} - (no file)
O2 - BHO: (no name) - {9B081111-AB73-42D0-B9F5-8D3302F2AFE2} - (no file)
O2 - BHO: (no name) - {A6807262-1D7A-44AB-947B-23B71E97915C} - C:\WINDOWS\system32\rqromno.dll (file missing)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {C84DBF69-5EC2-4F01-8769-067F7ACBA200} - C:\WINDOWS\system32\sstqn.dll (file missing)
O2 - BHO: (no name) - {DFD14A8F-D9CE-40A3-B1FF-DAD1D2A7EE81} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - F:\FlashFXP\IEFlash.dll
O2 - BHO: (no name) - {E6B5138E-3864-4069-A432-74B77DA43973} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [SC2] C:\WINDOWS\system32\scchk32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Updater Servc] C:\WINDOWS\system32\xpuupdate.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win449.tmp.exe
O4 - HKLM\..\Run: [avast!] F:\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Steam] "f:\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: avast! Antivirus (2).lnk = F:\Alwil Software\Avast4\ashAvast.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O20 - Winlogon Notify: 8àð - 8àð (file missing)
O20 - Winlogon Notify: instcat - C:\WINDOWS\
O20 - Winlogon Notify: rqromno - C:\WINDOWS\
O20 - Winlogon Notify: sstqn - C:\WINDOWS\
O20 - Winlogon Notify: X - X (file missing)
O20 - Winlogon Notify: ¸`p - ¸`p (file missing)
O20 - Winlogon Notify: 𘨠- 𘨠(file missing)
O20 - Winlogon Notify: Ø€ - Ø€ (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\lsrwjbah.exe (file missing)
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - F:\FileZilla Server\FileZilla Server.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
0
Réponse 9 / 19
did71 Messages postés 2187 Date d'inscription vendredi 24 mars 2006 Statut Contributeur sécurité Dernière intervention 30 janvier 2010 36
4 juil. 2007 à 21:04
re,

c'était bien ceci que je voulais, le ménage est bien commencé mais on continue!

Télécharge ComboFix (par sUBs) d'un de ces liens sur ton bureau:

http://www.techsupportforum.com/sectools/combofix.exe

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Double clique combofix.exe et suis les invites

Poste le rapport!

a+
0
Réponse 10 / 19
Bqstien Messages postés 13 Date d'inscription mardi 3 juillet 2007 Statut Membre Dernière intervention 10 avril 2011
4 juil. 2007 à 21:33
Re,


Voilà le rapport ( OMG :P ) de ComboFix :

"SqkO" - 2007-07-04 21:19:35 - ComboFix 07-07-04.4 - Service Pack 2 [color=red][b]FAT32 [/b][/color]


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\dialerexe.ini
C:\WINDOWS\system32\drivers\asc3550u.sys
C:\WINDOWS\system32\xpdx.sys


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_ASC3550U
-------\LEGACY_DOMAINSERVICE
-------\asc3550u
-------\DomainService
-------\xpdx


((((((((((((((((((((((((( Files Created from 2007-06-04 to 2007-07-04 )))))))))))))))))))))))))))))))


2007-07-04 21:16 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-04 08:20 <REP> d-------- C:\VundoFix Backups
2007-07-02 08:09 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-07-02 08:09 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-07-02 08:09 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-06-29 17:14 <REP> d-------- C:\Program Files\ContraVirus
2007-06-29 17:07 <REP> d--hs---- C:\FOUND.013
2007-06-28 21:47 <REP> d--hs---- C:\FOUND.012
2007-06-28 19:45 <REP> d-------- C:\DOCUME~1\SqkO\APPLIC~1\??stem32
2007-06-28 18:38 <REP> d-------- C:\Program Files\Windows Installer Clean Up
2007-06-28 18:37 <REP> d-------- C:\Program Files\MSECACHE
2007-06-26 13:34 <REP> d--hs---- C:\FOUND.009
2007-06-21 22:17 5,745 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-06-21 11:38 <REP> d-------- C:\DOCUME~1\SqkO\Incomplete
2007-06-21 11:35 <REP> d-------- C:\DOCUME~1\SqkO\APPLIC~1\LimeWire
2007-06-18 18:16 <REP> d--hs---- C:\FOUND.008
2007-06-06 15:38 <REP> d--hs---- C:\FOUND.007


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-28 17:45:28 -------- d-----w C:\DOCUME~1\SqkO\APPLIC~1\??stem32
2007-06-26 12:12:44 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2007-06-21 20:21:50 66,995 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2007-06-02 11:17:20 -------- d-----w C:\Program Files\Windows Live
2007-05-21 16:09:04 22 ----a-w C:\Program Files\zipnew.dat
2007-05-21 16:09:04 20 ----a-w C:\Program Files\rarnew.dat
2007-05-18 11:16:10 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-04-29 09:51:30 21,840 ----a-w C:\WINDOWS\system32\SIntfNT.dll
2007-04-29 09:51:30 17,212 ----a-w C:\WINDOWS\system32\SIntf32.dll
2007-04-29 09:51:30 12,067 ----a-w C:\WINDOWS\system32\SIntf16.dll
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 68,440 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 20:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 20:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-09 15:09:44 77,312 ----a-w C:\WINDOWS\system32\TWAIN_32.DLL
2007-04-09 15:09:44 69,632 ----a-w C:\WINDOWS\system32\TWUNK_32.EXE
2007-04-09 15:09:44 48,560 ----a-w C:\WINDOWS\system32\TWUNK_16.EXE
2005-10-19 16:39:58 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{04BA60C8-0DE8-45C3-8703-F8937851EFC6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05763A93-AB24-4536-9D82-2AB578F2A23A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2003-05-15 00:47 50376 --a------ C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A7B9383-B2A6-41C8-87D5-D6FC0B4ADD58}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1A1C6B23-9DC2-4D0F-BEEC-C02EA23CFDE8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1F6581D5-AA53-4b73-A6F9-41420C6B61F1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E26B6B2-AB45-4D80-8AB5-5455D1B8D0C2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40897190-A638-40BF-920E-AE23617255D2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43F7497C-7687-4DEA-A057-F21BD81BC896}]
2006-07-05 12:56 108032 --a------ C:\WINDOWS\system32\msjava32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]
2007-01-25 10:22 106496 --a------ G:\Program Files\eoRezo\EoAdv\EoRezobho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2006-11-09 15:21 440056 --a------ C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C1E7C27-0F04-493D-8E48-885BE604B097}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7DF7CEBF-4DD4-498D-9CCB-A052161F0397}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{80F59EB6-5D04-403F-A77D-A57AA35BD4AC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8C1DEA52-251B-4D51-A725-6245A27A0A0D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-07-07 12:29 324416 --a------ C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97B9F81E-5B3C-4AF2-B664-353F284003C9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B081111-AB73-42D0-B9F5-8D3302F2AFE2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6807262-1D7A-44AB-947B-23B71E97915C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C84DBF69-5EC2-4F01-8769-067F7ACBA200}]
C:\WINDOWS\system32\sstqn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DFD14A8F-D9CE-40A3-B1FF-DAD1D2A7EE81}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}]
2006-03-31 22:27 191096 --a------ F:\FlashFXP\IEFlash.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E6B5138E-3864-4069-A432-74B77DA43973}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-07-02 08:07]
"avast!"="F:\ALWILS~1\Avast4\ashDisp.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"SpybotSD TeaTimer"="F:\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 02:04]
"Steam"="f:\steam\steam.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\8àð]
8àð

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\instcat]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqromno]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sstqn]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\wbsrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\X]
X

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\¸`p]
¸`p

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ð˜¨]
ð˜¨

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Ø€]
Ø€

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
"au"=C:\Program Files\Dealio\DealioAU.exe
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
UxTuneUp


HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub

Contents of the 'Scheduled Tasks' folder
2007-07-04 16:36:10 C:\WINDOWS\tasks\Symantec NetDetect.job
2007-06-29 15:21:48 C:\WINDOWS\tasks\Maintenance en 1 clic.job
2007-05-08 05:57:04 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\dialerexe.ini
C:\WINDOWS\system32\drivers\asc3550u.sys
C:\WINDOWS\system32\xpdx.sys


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_ASC3550U
-------\LEGACY_DOMAINSERVICE
-------\asc3550u
-------\DomainService
-------\xpdx


((((((((((((((((((((((((( Files Created from 2007-06-04 to 2007-07-04 )))))))))))))))))))))))))))))))


2007-06-28 19:45 <REP> d-------- C:\DOCUME~1\SqkO\APPLIC~1\??stem32


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-28 17:45:28 -------- d-----w C:\DOCUME~1\SqkO\APPLIC~1\??stem32
2007-06-26 12:12:44 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2007-06-21 20:21:50 66,995 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2007-06-02 11:17:20 -------- d-----w C:\Program Files\Windows Live
2007-05-21 16:09:04 22 ----a-w C:\Program Files\zipnew.dat
2007-05-21 16:09:04 20 ----a-w C:\Program Files\rarnew.dat
2007-05-18 11:16:10 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-04-29 09:51:30 21,840 ----a-w C:\WINDOWS\system32\SIntfNT.dll
2007-04-29 09:51:30 17,212 ----a-w C:\WINDOWS\system32\SIntf32.dll
2007-04-29 09:51:30 12,067 ----a-w C:\WINDOWS\system32\SIntf16.dll
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 68,440 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 20:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 20:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-09 15:09:44 77,312 ----a-w C:\WINDOWS\system32\TWAIN_32.DLL
2007-04-09 15:09:44 69,632 ----a-w C:\WINDOWS\system32\TWUNK_32.EXE
2007-04-09 15:09:44 48,560 ----a-w C:\WINDOWS\system32\TWUNK_16.EXE
2005-10-19 16:39:58 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{04BA60C8-0DE8-45C3-8703-F8937851EFC6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05763A93-AB24-4536-9D82-2AB578F2A23A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2003-05-15 00:47 50376 --a------ C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A7B9383-B2A6-41C8-87D5-D6FC0B4ADD58}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1A1C6B23-9DC2-4D0F-BEEC-C02EA23CFDE8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E26B6B2-AB45-4D80-8AB5-5455D1B8D0C2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40897190-A638-40BF-920E-AE23617255D2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43F7497C-7687-4DEA-A057-F21BD81BC896}]
2006-07-05 12:56 108032 --a------ C:\WINDOWS\system32\msjava32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]
2007-01-25 10:22 106496 --a------ G:\Program Files\eoRezo\EoAdv\EoRezobho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2006-11-09 15:21 440056 --a------ C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C1E7C27-0F04-493D-8E48-885BE604B097}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7DF7CEBF-4DD4-498D-9CCB-A052161F0397}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{80F59EB6-5D04-403F-A77D-A57AA35BD4AC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8C1DEA52-251B-4D51-A725-6245A27A0A0D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-07-07 12:29 324416 --a------ C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97B9F81E-5B3C-4AF2-B664-353F284003C9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B081111-AB73-42D0-B9F5-8D3302F2AFE2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C84DBF69-5EC2-4F01-8769-067F7ACBA200}]
C:\WINDOWS\system32\sstqn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DFD14A8F-D9CE-40A3-B1FF-DAD1D2A7EE81}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}]
2006-03-31 22:27 191096 --a------ F:\FlashFXP\IEFlash.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E6B5138E-3864-4069-A432-74B77DA43973}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-07-02 08:07]
"avast!"="F:\ALWILS~1\Avast4\ashDisp.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"SpybotSD TeaTimer"="F:\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 02:04]
"Steam"="f:\steam\steam.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\8àð]
8àð

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqromno]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sstqn]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\wbsrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\X]
X

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\¸`p]
¸`p

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ð˜¨]
ð˜¨

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Ø€]
Ø€

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
"au"=C:\Program Files\Dealio\DealioAU.exe
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
UxTuneUp


HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub

Contents of the 'Scheduled Tasks' folder
2007-07-04 16:36:10 C:\WINDOWS\tasks\Symantec NetDetect.job
2007-06-29 15:21:48 C:\WINDOWS\tasks\Maintenance en 1 clic.job
2007-05-08 05:57:04 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\dialerexe.ini
C:\WINDOWS\system32\drivers\asc3550u.sys
C:\WINDOWS\system32\xpdx.sys


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_ASC3550U
-------\LEGACY_DOMAINSERVICE
-------\asc3550u
-------\DomainService
-------\xpdx


((((((((((((((((((((((((( Files Created from 2007-06-04 to 2007-07-04 )))))))))))))))))))))))))))))))


2007-06-28 19:45 <REP> d-------- C:\DOCUME~1\SqkO\APPLIC~1\??stem32


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-28 17:45:28 -------- d-----w C:\DOCUME~1\SqkO\APPLIC~1\??stem32
2007-06-26 12:12:44 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2007-06-21 20:21:50 66,995 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2007-06-02 11:17:20 -------- d-----w C:\Program Files\Windows Live
2007-05-21 16:09:04 22 ----a-w C:\Program Files\zipnew.dat
2007-05-21 16:09:04 20 ----a-w C:\Program Files\rarnew.dat
2007-05-18 11:16:10 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-04-29 09:51:30 21,840 ----a-w C:\WINDOWS\system32\SIntfNT.dll
2007-04-29 09:51:30 17,212 ----a-w C:\WINDOWS\system32\SIntf32.dll
2007-04-29 09:51:30 12,067 ----a-w C:\WINDOWS\system32\SIntf16.dll
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 68,440 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 20:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 20:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-09 15:09:44 77,312 ----a-w C:\WINDOWS\system32\TWAIN_32.DLL
2007-04-09 15:09:44 69,632 ----a-w C:\WINDOWS\system32\TWUNK_32.EXE
2007-04-09 15:09:44 48,560 ----a-w C:\WINDOWS\system32\TWUNK_16.EXE
2005-10-19 16:39:58 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{04BA60C8-0DE8-45C3-8703-F8937851EFC6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05763A93-AB24-4536-9D82-2AB578F2A23A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2003-05-15 00:47 50376 --a------ C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A7B9383-B2A6-41C8-87D5-D6FC0B4ADD58}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1A1C6B23-9DC2-4D0F-BEEC-C02EA23CFDE8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E26B6B2-AB45-4D80-8AB5-5455D1B8D0C2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40897190-A638-40BF-920E-AE23617255D2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43F7497C-7687-4DEA-A057-F21BD81BC896}]
2006-07-05 12:56 108032 --a------ C:\WINDOWS\system32\msjava32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]
2007-01-25 10:22 106496 --a------ G:\Program Files\eoRezo\EoAdv\EoRezobho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2006-11-09 15:21 440056 --a------ C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C1E7C27-0F04-493D-8E48-885BE604B097}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7DF7CEBF-4DD4-498D-9CCB-A052161F0397}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{80F59EB6-5D04-403F-A77D-A57AA35BD4AC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8C1DEA52-251B-4D51-A725-6245A27A0A0D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-07-07 12:29 324416 --a------ C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97B9F81E-5B3C-4AF2-B664-353F284003C9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B081111-AB73-42D0-B9F5-8D3302F2AFE2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C84DBF69-5EC2-4F01-8769-067F7ACBA200}]
C:\WINDOWS\system32\sstqn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DFD14A8F-D9CE-40A3-B1FF-DAD1D2A7EE81}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}]
2006-03-31 22:27 191096 --a------ F:\FlashFXP\IEFlash.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E6B5138E-3864-4069-A432-74B77DA43973}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-07-02 08:07]
"avast!"="F:\ALWILS~1\Avast4\ashDisp.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"SpybotSD TeaTimer"="F:\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 02:04]
"Steam"="f:\steam\steam.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\8àð]
8àð

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqromno]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sstqn]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\wbsrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\X]
X

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\¸`p]
¸`p

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ð˜¨]
ð˜¨

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Ø€]
Ø€

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
"au"=C:\Program Files\Dealio\DealioAU.exe
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
UxTuneUp


HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub

Contents of the 'Scheduled Tasks' folder
2007-07-04 16:36:10 C:\WINDOWS\tasks\Symantec NetDetect.job
2007-06-29 15:21:48 C:\WINDOWS\tasks\Maintenance en 1 clic.job
2007-05-08 05:57:04 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-04 21:31:47
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-04 21:32:12 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-04 21:32

--- E O F ---
0
Réponse 11 / 19
did71 Messages postés 2187 Date d'inscription vendredi 24 mars 2006 Statut Contributeur sécurité Dernière intervention 30 janvier 2010 36
4 juil. 2007 à 22:06
re,

on avance mais il reste des infections et pas très communes!

Télécharge clean.zip

http://www.malekal.com/download/clean.zip

Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
Ouvre le dossier Clean qui se trouve sur ton bureau.
Double-clic sur clean.cmd.
Une fenêtre noire va apparaître, choisis l'option 1.

Poste le rapport qui se trouve ici C:\rapport_clean.txt

a+
0
Réponse 12 / 19
Bqstien Messages postés 13 Date d'inscription mardi 3 juillet 2007 Statut Membre Dernière intervention 10 avril 2011
5 juil. 2007 à 08:29
Salut,

Voilà le rapport Clean :

05/07/2007 a 8:27:52,12

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\bdod.bin FOUND
C:\WINDOWS\system32\SpoonUninstall.exe FOUND
C:\WINDOWS\system32\msjava32.dll FOUND

*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\Fichiers communs\Totem Shared\" FOUND
"C:\Program Files\msn messenger\riched20.dll" FOUND
"C:\Program Files\MyWay\" FOUND
"C:\Program Files\Uninstall.exe" FOUND
"C:\Program Files\VVSN\" FOUND
*** Fin du rapport !

Voilà !
0
Réponse 13 / 19
did71 Messages postés 2187 Date d'inscription vendredi 24 mars 2006 Statut Contributeur sécurité Dernière intervention 30 janvier 2010 36
5 juil. 2007 à 20:17
Bonsoir,

relance cleanzip,

Choisis cette fois l'option 2!

Poste le rapport ensuite ainsi qu'un nouveau rapport hijackthis!

a+
0
Réponse 14 / 19
Bqstien Messages postés 13 Date d'inscription mardi 3 juillet 2007 Statut Membre Dernière intervention 10 avril 2011
5 juil. 2007 à 20:42
Salut,

Voilà le rapport Clean ( option 2 ) :

Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 05/07/2007 a 20:35:46,87

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:

*** Suppression des fichiers dans C:\WINDOWS\

*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\bdod.bin
tentative de suppression de C:\WINDOWS\system32\SpoonUninstall.exe
tentative de suppression de C:\WINDOWS\system32\msjava32.dll

*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\Fichiers communs\Totem Shared\"
tentative de suppression de "C:\Program Files\msn messenger\riched20.dll"
tentative de suppression de "C:\Program Files\MyWay\"
tentative de suppression de "C:\Program Files\Uninstall.exe"
Impossible de supprimer "C:\Program Files\Uninstall.exe"
tentative de suppression de "C:\Program Files\VVSN\"

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !

Et maintenant le rapport HiJackThis ( Vachement raccourci :D ) :

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:42:23, on 05/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
G:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
G:\Program Files\Steam\Steam.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\SqkO\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.huddi.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {04BA60C8-0DE8-45C3-8703-F8937851EFC6} - (no file)
O2 - BHO: (no name) - {05763A93-AB24-4536-9D82-2AB578F2A23A} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A7B9383-B2A6-41C8-87D5-D6FC0B4ADD58} - (no file)
O2 - BHO: (no name) - {1A1C6B23-9DC2-4D0F-BEEC-C02EA23CFDE8} - (no file)
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - (no file)
O2 - BHO: (no name) - {2E26B6B2-AB45-4D80-8AB5-5455D1B8D0C2} - (no file)
O2 - BHO: (no name) - {40897190-A638-40BF-920E-AE23617255D2} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - G:\Program Files\eoRezo\EoAdv\EoRezobho.dll
O2 - BHO: (no name) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7C1E7C27-0F04-493D-8E48-885BE604B097} - (no file)
O2 - BHO: (no name) - {7DF7CEBF-4DD4-498D-9CCB-A052161F0397} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {80F59EB6-5D04-403F-A77D-A57AA35BD4AC} - (no file)
O2 - BHO: (no name) - {8C1DEA52-251B-4D51-A725-6245A27A0A0D} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file)
O2 - BHO: (no name) - {97B9F81E-5B3C-4AF2-B664-353F284003C9} - (no file)
O2 - BHO: (no name) - {9B081111-AB73-42D0-B9F5-8D3302F2AFE2} - (no file)
O2 - BHO: (no name) - {A6807262-1D7A-44AB-947B-23B71E97915C} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {C84DBF69-5EC2-4F01-8769-067F7ACBA200} - C:\WINDOWS\system32\sstqn.dll (file missing)
O2 - BHO: (no name) - {DFD14A8F-D9CE-40A3-B1FF-DAD1D2A7EE81} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - F:\FlashFXP\IEFlash.dll
O2 - BHO: (no name) - {E6B5138E-3864-4069-A432-74B77DA43973} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [avast!] F:\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Steam] "f:\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: avast! Antivirus (2).lnk = F:\Alwil Software\Avast4\ashAvast.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O20 - Winlogon Notify: 8àð - 8àð (file missing)
O20 - Winlogon Notify: instcat - C:\WINDOWS\
O20 - Winlogon Notify: rqromno - C:\WINDOWS\
O20 - Winlogon Notify: sstqn - C:\WINDOWS\
O20 - Winlogon Notify: X - X (file missing)
O20 - Winlogon Notify: ¸`p - ¸`p (file missing)
O20 - Winlogon Notify: 𘨠- 𘨠(file missing)
O20 - Winlogon Notify: Ø€ - Ø€ (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - F:\FileZilla Server\FileZilla Server.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
0
Réponse 15 / 19
did71 Messages postés 2187 Date d'inscription vendredi 24 mars 2006 Statut Contributeur sécurité Dernière intervention 30 janvier 2010 36
5 juil. 2007 à 20:57
re,

relance hijackthis, coche les lignes citées ci dessous et fix checked (toutes fenêtres IE fermées) :

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {04BA60C8-0DE8-45C3-8703-F8937851EFC6} - (no file)
O2 - BHO: (no name) - {05763A93-AB24-4536-9D82-2AB578F2A23A} - (no file)
O2 - BHO: (no name) - {0A7B9383-B2A6-41C8-87D5-D6FC0B4ADD58} - (no file)
O2 - BHO: (no name) - {1A1C6B23-9DC2-4D0F-BEEC-C02EA23CFDE8} - (no file)
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - (no file)
O2 - BHO: (no name) - {2E26B6B2-AB45-4D80-8AB5-5455D1B8D0C2} - (no file)
O2 - BHO: (no name) - {40897190-A638-40BF-920E-AE23617255D2} - (no file)
O2 - BHO: (no name) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)
O2 - BHO: (no name) - {7C1E7C27-0F04-493D-8E48-885BE604B097} - (no file)
O2 - BHO: (no name) - {7DF7CEBF-4DD4-498D-9CCB-A052161F0397} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {80F59EB6-5D04-403F-A77D-A57AA35BD4AC} - (no file)
O2 - BHO: (no name) - {8C1DEA52-251B-4D51-A725-6245A27A0A0D} - (no file)
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file)
O2 - BHO: (no name) - {97B9F81E-5B3C-4AF2-B664-353F284003C9} - (no file)
O2 - BHO: (no name) - {9B081111-AB73-42D0-B9F5-8D3302F2AFE2} - (no file)
O2 - BHO: (no name) - {A6807262-1D7A-44AB-947B-23B71E97915C} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {C84DBF69-5EC2-4F01-8769-067F7ACBA200} - C:\WINDOWS\system32\sstqn.dll (file missing)
O2 - BHO: (no name) - {DFD14A8F-D9CE-40A3-B1FF-DAD1D2A7EE81} - (no file)
O2 - BHO: (no name) - {E6B5138E-3864-4069-A432-74B77DA43973} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O20 - Winlogon Notify: 8àð - 8àð (file missing)
O20 - Winlogon Notify: instcat - C:\WINDOWS\
O20 - Winlogon Notify: rqromno - C:\WINDOWS\
O20 - Winlogon Notify: sstqn - C:\WINDOWS\
O20 - Winlogon Notify: X - X (file missing)
O20 - Winlogon Notify: ¸`p - ¸`p (file missing)
O20 - Winlogon Notify: 𘨠- 𘨠(file missing)
O20 - Winlogon Notify: Ø€ - Ø€ (file missing)

poste un nouveau rapport hijackthis, vachement raccourci cette fois!

a+
0
Réponse 16 / 19
Bqstien Messages postés 13 Date d'inscription mardi 3 juillet 2007 Statut Membre Dernière intervention 10 avril 2011
5 juil. 2007 à 21:07
Salut !!

En effet oui ^^

Voilà le Rapport HiJackThis :

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:07:31, on 05/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
G:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
G:\Program Files\Steam\Steam.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\SqkO\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.huddi.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - G:\Program Files\eoRezo\EoAdv\EoRezobho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - F:\FlashFXP\IEFlash.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [avast!] F:\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Steam] "f:\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: avast! Antivirus (2).lnk = F:\Alwil Software\Avast4\ashAvast.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - F:\FileZilla Server\FileZilla Server.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
0
Réponse 17 / 19
did71 Messages postés 2187 Date d'inscription vendredi 24 mars 2006 Statut Contributeur sécurité Dernière intervention 30 janvier 2010 36
5 juil. 2007 à 21:17
re,

il suffit d'être patient,lol!

le rapport est propre! Comment se comporte le pc?

a+
0
Réponse 18 / 19
Bqstien Messages postés 13 Date d'inscription mardi 3 juillet 2007 Statut Membre Dernière intervention 10 avril 2011
5 juil. 2007 à 21:19
Euh il faudrait que j'le reboot depuis les dernières modifications, mais il a l'air de mieu tourné et sur le jeu je n'ai plus de probleme !!!

Merci pour ton aide je met le topic en Résolu !

@'pluche merci encore ^^
0
Réponse 19 / 19
did71 Messages postés 2187 Date d'inscription vendredi 24 mars 2006 Statut Contributeur sécurité Dernière intervention 30 janvier 2010 36
5 juil. 2007 à 21:25
re,

encore un détail et pas des moindres, c'est la conclusion!

Dénonce ton infection pour faire condamner les auteurs.


Crée un message pour faire avancer les choses sur Malware-Complaints, nous devons être les plus nombreux possibles, alors rends compte de ton infection :

- Voir les règles du forum : https://malwarecomplaints.info/
- Après t'être enregistré à l'aide du bouton en haut se nommant "Register"
Si tu as plus de 13 ans, choisir : "I Agree to these terms and am over or exactly 13 years of age"
Si tu as moins, clique sur : "I Agree to these terms and am under 13 years of age"

Tu as alors sous forme de liste un sujet par type d'infection (Look2Me, Smitfraud, SpywareQuake etc..).
La tienne = VUNDO

---> https://malwarecomplaints.info/

Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas par quoi tu étais infecté(e), crée un message dans le sujet Autres infections
conforme au règle du forum (age, ville, département etc..)


Indique aussi le nom du Forum qui t'a aidé, CCM!

a+
0

Discussions similaires

Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Aide pour un virus
cerise92700 -
MisteryBean -

41 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses
Virus : trojan:win32/wacatac.h!ml
Alky09 -
bazfile -

8 réponses
Comment éliminer manuellement virus trojan?
ballag -
RClog -

12 réponses