Sujet Précédent Sujet Suivant

Ordi infecté par un cheval de troie sur msn

Fermé
Didineg18 - 5 juil. 2007 à 19:09
afideg Messages postés 10517 Date d'inscription lundi 10 octobre 2005 Statut Contributeur sécurité Dernière intervention 12 avril 2022 - 8 juil. 2007 à 00:44
boujour!
Quelqu'un pourrai t il m'aider il y a 4 jours en allant sur msn j'ai cliqué qur un lien qui a fait buggé msn et a envoyer ce lien a tous mes contacts.depuis mon anti virus avg 7.5 detecte un cheval de troi downloader generic 4vol et un worm mais je n arrive pas a m'en débarasser.J'ai essayer de nettoyer mon ordi avec Ccleaner,avg anti spyware, j'ai aussi essayer msnfix mais rien a fair le virus et toujours la.
J'ai donc scanner mon ordi avec bitdefender et ensuite j 'ai lancer hijackthis.
je vous met les rapports obtenus:

BitDefender Online Scanner







Scan report generated at: Fri, Jul 06, 2007 - 18:28:29









Scan path: C:\;D:\;E:\;















Statistics

Time


00:35:07

Files


229714

Folders


5559

Boot Sectors


5

Archives


1610

Packed Files


8067







Results

Identified Viruses


1

Infected Files


2

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


4







Engines Info

Virus Definitions


637149

Engine build


AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)

Scan plugins


14

Archive plugins


38

Unpack plugins


6

E-mail plugins


6

System plugins


1







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GPKB2RA5\linux[1].exe=>(AutoIT)


Infected with: Trojan.Virtumod.IZ

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GPKB2RA5\linux[1].exe=>(AutoIT)


Disinfection failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GPKB2RA5\linux[1].exe=>(AutoIT)


Deleted

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QBUXQ5OB\linux[1].exe=>(AutoIT)


Infected with: Trojan.Virtumod.IZ

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QBUXQ5OB\linux[1].exe=>(AutoIT)


Disinfection failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QBUXQ5OB\linux[1].exe=>(AutoIT)


Deleted







Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:33:00, on 06/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\a-squared free\a2service.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Utimaco\SafeGuard Easy\SgeClient.exe
C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
C:\WINDOWS\system32\SgLogPlayer.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe
C:\Program Files\AOLbox\Gateway\wlancfg.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Utimaco\SafeGuard Easy\uerlkupn.exe
C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Utilisateur\Bureau\test.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\Windows Live Toolbar\stmain.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UERLKUP] C:\Program Files\Utimaco\SafeGuard Easy\uerlkupn.exe
O4 - HKLM\..\Run: [SgeEcView] C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe
O4 - HKLM\..\Run: [EdWizard] C:\Program Files\Utimaco\SafeGuard Easy\EdWizard.exe as
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Interface Chat Voila - http://chat10.x-echo.com/version6/Applet/vchatsign.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: NotLog - C:\WINDOWS\SYSTEM32\SGLogEx.dll
O20 - Winlogon Notify: SGLogNotification - C:\WINDOWS\SYSTEM32\SGLogNotification.dll
O20 - Winlogon Notify: uerclt - C:\WINDOWS\SYSTEM32\uercltn.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SafeGuard Easy Client (SgeClient) - Unknown owner - C:\Program Files\Utimaco\SafeGuard Easy\SgeClient.exe
O23 - Service: SafeGuard Easy Control (SgeCtl) - Utimaco Safeware AG - C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
O23 - Service: SafeGuard SGLOG Player (SgLogPlayer) - Utimaco Safeware AG - C:\WINDOWS\system32\SgLogPlayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: SafeGuard Easy Workstation Server (WksCfgSrv) - Utimaco Safeware AG - C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Unknown owner - C:\Program Files\AOLbox\Gateway\wlancfg.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
A voir également:

75 réponses

Précédent
Réponse 21 / 75
Didineg18
6 juil. 2007 à 19:08
voila ce que j'ai obtenu apres avoir fait analyser le fichier par virustotal


Complete scanning result of "uercltn.dll", received in VirusTotal at 07.06.2007, 18:58:37 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.7.7.0 07.06.2007 no virus found
AntiVir 7.4.0.39 07.06.2007 no virus found
Authentium 4.93.8 07.06.2007 no virus found
Avast 4.7.997.0 07.06.2007 no virus found
AVG 7.5.0.476 07.06.2007 no virus found
BitDefender 7.2 07.06.2007 no virus found
CAT-QuickHeal 9.00 07.06.2007 no virus found
ClamAV devel-20070416 07.06.2007 no virus found
DrWeb 4.33 07.06.2007 no virus found
eSafe 7.0.15.0 07.05.2007 no virus found
eTrust-Vet 30.8.3767 07.06.2007 no virus found
Ewido 4.0 07.06.2007 no virus found
FileAdvisor 1 07.06.2007 no virus found
Fortinet 2.91.0.0 07.06.2007 no virus found
F-Prot 4.3.2.48 07.06.2007 no virus found
F-Secure 6.70.13260.0 07.06.2007 no virus found
Ikarus T3.1.1.8 07.06.2007 no virus found
Kaspersky 4.0.2.24 07.06.2007 no virus found
McAfee 5069 07.06.2007 no virus found
Microsoft 1.2704 07.06.2007 no virus found
NOD32v2 2382 07.06.2007 no virus found
Norman 5.80.02 07.06.2007 no virus found
Panda 9.0.0.4 07.06.2007 no virus found
Sophos 4.19.0 07.06.2007 no virus found
Sunbelt 2.2.907.0 07.06.2007 no virus found
Symantec 10 07.06.2007 no virus found
TheHacker 6.1.6.143 07.05.2007 no virus found
VBA32 3.12.0.2 07.06.2007 no virus found
VirusBuster 4.3.23:9 07.06.2007 no virus found
Webwasher-Gateway 6.0.1 07.06.2007 no virus found

Aditional Information
File size: 81920 bytes
MD5: 5b58de24bc91b3ca83734168649613df
0
Réponse 22 / 75
moK´s@ Messages postés 4399 Date d'inscription mardi 18 octobre 2005 Statut Membre Dernière intervention 2 novembre 2007 89
6 juil. 2007 à 19:20
bon bah c´est ok, albert avais raison...

passe ceci pour voir:

telecharge :

http://www.techsupportforum.com/sectools/combofix.exe

tu le télécharge sur ton bureau.

desactive ton anti virus et autre protection pas le par feu.

click sur combofix.exe et suis les instructions a l´ecran.

quand il aura terminé il va produire un log, poste le dans ta prochaine reponse.

ps : ne click pas avec ta sourie pendant qu´il effectue le scan et les réparations...

@+
0
Réponse 23 / 75
Didineg18
6 juil. 2007 à 19:32
j'ai cliqué sur le lien que tu m'a mis pour telecharger cumbofix mais il me met ca

You have used an invalid url to download ComboFix.exe. Please be advised that these are the correct links to use

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

http://download.bleepingcomputer.com/sUBs/ComboFix.exe



je vais essayé un des 2 liens proposé
0
Réponse 24 / 75
moK´s@ Messages postés 4399 Date d'inscription mardi 18 octobre 2005 Statut Membre Dernière intervention 2 novembre 2007 89
6 juil. 2007 à 19:33
ok oui le miens date un peu...
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 75
afideg Messages postés 10517 Date d'inscription lundi 10 octobre 2005 Statut Contributeur sécurité Dernière intervention 12 avril 2022 602
6 juil. 2007 à 19:38
Re,

Télécharge Combofix.exe (par sUBs) sur ton Bureau
< http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe >
Double clique sur l'icône combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.
Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis.

+ le rapport C:\QOOBOX\---Quarantine
0
Réponse 26 / 75
Didineg18
6 juil. 2007 à 19:42
voici le log de combofix

"Utilisateur" - 2007-07-07 19:33:02 - ComboFix 07-07-04.4 - Service Pack 2


((((((((((((((((((((((((( Files Created from 2007-06-07 to 2007-07-07 )))))))))))))))))))))))))))))))


2007-07-07 19:32 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-07 01:40 <REP> d-------- C:\WINDOWS\LastGood
2007-07-07 01:39 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
2007-07-07 01:39 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
2007-07-06 21:13 <REP> d-------- C:\Program Files\Lavasoft
2007-07-06 21:13 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-07-06 21:13 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-06 19:49 <REP> d-------- C:\Program Files\Navilog1
2007-07-06 17:50 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-07-06 16:59 <REP> d-------- C:\Program Files\CCleaner
2007-07-06 13:47 <REP> d-------- C:\VundoFix Backups
2007-07-06 13:17 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-07-06 02:55 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-04 18:16 271,010 --a------ C:\CRC-CT4.exe
2007-07-03 23:35 <REP> d-------- C:\Program Files\a-squared Free
2007-06-23 17:41 <REP> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-18 17:33 <REP> d-------- C:\Program Files\Windows Live


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-07 16:26:37 -------- d-----w C:\Program Files\eChanblard
2007-07-07 01:37:28 -------- d-----w C:\DOCUME~1\UTILIS~1\APPLIC~1\OpenOffice.org2
2007-07-05 14:47:51 -------- d-----w C:\Program Files\MSN Messenger
2007-07-03 23:34:04 -------- d-----w C:\Program Files\Macrogaming
2007-06-18 15:33:03 -------- d-----w C:\Program Files\Messenger Plus! Live
2007-06-13 11:18:24 -------- d-----w C:\Program Files\TuneUp Utilities 2006
2007-06-04 13:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 13:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 13:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-22 20:21:42 -------- d-----w C:\Program Files\iTunes
2007-05-22 20:21:33 -------- d-----w C:\Program Files\iPod
2007-05-22 20:19:04 -------- d-----w C:\Program Files\QuickTime
2007-05-22 19:46:51 -------- d-----w C:\Program Files\Apple Software Update
2007-05-17 11:09:54 51,568 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 20:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 20:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-13 13:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2006-06-07 11:09 399352 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-08-31 20:33 322368 --a------ C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]
2006-10-11 00:25 142848 --a------ C:\Program Files\Windows Live Toolbar\stmain.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
2006-10-11 00:26 544032 --a------ C:\Program Files\Windows Live Toolbar\msntb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-12-13 14:43]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-12-13 14:38]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-08 11:17]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-08 11:17]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 08:27]
"QCWLICON"="C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2005-03-18 03:07]
"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-03-03 17:10]
"TpShocks"="TpShocks.exe" [2005-01-24 11:25 C:\WINDOWS\system32\TpShocks.exe]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-04 18:39]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-01-21 01:00]
"UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-07-27 22:18]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-21 13:21]
"UERLKUP"="C:\Program Files\Utimaco\SafeGuard Easy\uerlkupn.exe" [2005-06-17 11:05]
"SgeEcView"="C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe" [2005-06-08 18:48]
"EdWizard"="C:\Program Files\Utimaco\SafeGuard Easy\EdWizard.exe" [2005-06-08 18:28]
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2004-04-08 05:25]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-21 19:38]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 11:25]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-10-28 16:25]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"DisableRegedit"=0 (0x0)
"NoFind"=0 (0x0)
"NoRun"=0 (0x0)
"NoDesktop"=0 (0x0)
"NoControlPanel"=0 (0x0)
"NoClose"=0 (0x0)
"StartMenuLogOff"=0 (0x0)
"HideClock"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NotLog]
SGLogEx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SGLogNotification]
SGLogNotification.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\uerclt]
uercltn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5723792-df52-11db-bf1b-00038a000015}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

*Newly Created Service* - USNJSVC
*Newly Created Service* - WLSETUPSVC

Contents of the 'Scheduled Tasks' folder
2007-07-03 19:46:03 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-06 15:18:45 C:\WINDOWS\tasks\Maintenance en 1 clic.job
2007-07-07 16:12:55 C:\WINDOWS\tasks\PMTask.job
2007-07-07 17:11:01 C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-07 19:36:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-07 19:36:59

--- E O F ---
0
Réponse 27 / 75
Didineg18
6 juil. 2007 à 19:43
et voici le log de hijackthis


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19:41:07, on 07/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Utimaco\SafeGuard Easy\SgeClient.exe
C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
C:\WINDOWS\system32\SgLogPlayer.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe
C:\Program Files\AOLbox\Gateway\wlancfg.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Utimaco\SafeGuard Easy\uerlkupn.exe
C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Utilisateur\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\Windows Live Toolbar\stmain.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UERLKUP] C:\Program Files\Utimaco\SafeGuard Easy\uerlkupn.exe
O4 - HKLM\..\Run: [SgeEcView] C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe
O4 - HKLM\..\Run: [EdWizard] C:\Program Files\Utimaco\SafeGuard Easy\EdWizard.exe as
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Interface Chat Voila - http://chat10.x-echo.com/version6/Applet/vchatsign.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: NotLog - C:\WINDOWS\SYSTEM32\SGLogEx.dll
O20 - Winlogon Notify: SGLogNotification - C:\WINDOWS\SYSTEM32\SGLogNotification.dll
O20 - Winlogon Notify: uerclt - C:\WINDOWS\SYSTEM32\uercltn.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SafeGuard Easy Client (SgeClient) - Unknown owner - C:\Program Files\Utimaco\SafeGuard Easy\SgeClient.exe
O23 - Service: SafeGuard Easy Control (SgeCtl) - Utimaco Safeware AG - C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
O23 - Service: SafeGuard SGLOG Player (SgLogPlayer) - Utimaco Safeware AG - C:\WINDOWS\system32\SgLogPlayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: SafeGuard Easy Workstation Server (WksCfgSrv) - Utimaco Safeware AG - C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Unknown owner - C:\Program Files\AOLbox\Gateway\wlancfg.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
0
Réponse 28 / 75
afideg Messages postés 10517 Date d'inscription lundi 10 octobre 2005 Statut Contributeur sécurité Dernière intervention 12 avril 2022 602
6 juil. 2007 à 19:46
Didineg18,

Que fais-tu avec le programme Utimaco ?

S'il te plaît, accepterais-tu de supprimer ta version ComboFix avec laquelle tu viens de faire une analyse; et la remplacer par la version bêta du post # 28 pour vérifier quelque chose .
N'oublie pas le rapport C:\QOOBOX\---> eventuellement :Quarantine

Merci pour ta collaboration
Al.
0
Réponse 29 / 75
Didineg18
6 juil. 2007 à 19:49
Donc je supprime mon combofix et la remplace par la version beta et j relance une analyse avec cette version?
0
afideg Messages postés 10517 Date d'inscription lundi 10 octobre 2005 Statut Contributeur sécurité Dernière intervention 12 avril 2022 602
6 juil. 2007 à 20:01
Re,
oui svp
merci



PS : Que fais-tu avec le programme Utimaco ?
0
Réponse 30 / 75
moK´s@ Messages postés 4399 Date d'inscription mardi 18 octobre 2005 Statut Membre Dernière intervention 2 novembre 2007 89
6 juil. 2007 à 20:00
as tu installé messenger plus avec le sponssor?

rends toi sur ce site et fais analyser ceci :

http://www.virustotal.com/en/virustotalx.html

fichier a faire analyser :

C:\WINDOWS\system32\drivers\AWRTPD.sys

C:\WINDOWS\system32\mucltui.dll

C:\WINDOWS\system32\lsdelete.exe

C:\WINDOWS\system32\muweb.dll

albert pourras surement faire quelque chose pour ca :

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5723792-df52-11db-bf1b-00038a000015}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

avec hijack this coche ceci :

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

quitte tes application et navigateur et fix les lignes ci dessus.

puis lance ceci :

télécharges smitfraudfix :

En image :
http://siri.urz.free.fr/Fix/SmitfraudFix.php

tu doubles cliques sur smitfraudfix.cmd et tu choisi l option 1
cela vas générer un rapport.

Copie/colle le rapport sur le forum stp.

@+
0
Réponse 31 / 75
Didineg18
6 juil. 2007 à 20:05
Afideg Utimaco c un programme que j'ai sur mon ordi du fait que l'ordi ne m'appartient pas encor c du materiel preté aux etudiant de ma region donc securisé par un mot de passe voila.

sinon voici le nouveau log de combofix


"Utilisateur" - 2007-07-07 19:54:37 - ComboFix 07-07-06 - Service Pack 2


((((((((((((((((((((((((( Files Created from 2007-06-07 to 2007-07-07 )))))))))))))))))))))))))))))))


2007-07-07 19:32 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-07 01:40 <REP> d-------- C:\WINDOWS\LastGood
2007-07-07 01:39 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
2007-07-07 01:39 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
2007-07-06 21:13 <REP> d-------- C:\Program Files\Lavasoft
2007-07-06 21:13 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-07-06 21:13 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-06 19:49 <REP> d-------- C:\Program Files\Navilog1
2007-07-06 17:50 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-07-06 16:59 <REP> d-------- C:\Program Files\CCleaner
2007-07-06 13:47 <REP> d-------- C:\VundoFix Backups
2007-07-06 13:17 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-07-06 02:55 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-04 18:16 271,010 --a------ C:\CRC-CT4.exe
2007-07-03 23:35 <REP> d-------- C:\Program Files\a-squared Free
2007-06-23 17:41 <REP> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-18 17:33 <REP> d-------- C:\Program Files\Windows Live


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-07 16:26:37 -------- d-----w C:\Program Files\eChanblard
2007-07-07 01:37:28 -------- d-----w C:\DOCUME~1\UTILIS~1\APPLIC~1\OpenOffice.org2
2007-07-05 14:47:51 -------- d-----w C:\Program Files\MSN Messenger
2007-07-03 23:34:04 -------- d-----w C:\Program Files\Macrogaming
2007-06-18 15:33:03 -------- d-----w C:\Program Files\Messenger Plus! Live
2007-06-13 11:18:24 -------- d-----w C:\Program Files\TuneUp Utilities 2006
2007-06-04 13:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 13:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 13:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-22 20:21:42 -------- d-----w C:\Program Files\iTunes
2007-05-22 20:21:33 -------- d-----w C:\Program Files\iPod
2007-05-22 20:19:04 -------- d-----w C:\Program Files\QuickTime
2007-05-22 19:46:51 -------- d-----w C:\Program Files\Apple Software Update
2007-05-17 11:09:54 51,568 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 20:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 20:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-13 13:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2006-06-07 11:09 399352 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-08-31 20:33 322368 --a------ C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]
2006-10-11 00:25 142848 --a------ C:\Program Files\Windows Live Toolbar\stmain.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
2006-10-11 00:26 544032 --a------ C:\Program Files\Windows Live Toolbar\msntb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-08 11:17]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-08 11:17]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 08:27]
"QCWLICON"="C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2005-03-18 03:07]
"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-03-03 17:10]
"TpShocks"="TpShocks.exe" [2005-01-24 11:25 C:\WINDOWS\system32\TpShocks.exe]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-04 18:39]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-01-21 01:00]
"UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-07-27 22:18]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-21 13:21]
"UERLKUP"="C:\Program Files\Utimaco\SafeGuard Easy\uerlkupn.exe" [2005-06-17 11:05]
"SgeEcView"="C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe" [2005-06-08 18:48]
"EdWizard"="C:\Program Files\Utimaco\SafeGuard Easy\EdWizard.exe" [2005-06-08 18:28]
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2004-04-08 05:25]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-21 19:38]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 11:25]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-10-28 16:25]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"=0 (0x0)
"NoFind"=0 (0x0)
"NoRun"=0 (0x0)
"NoDesktop"=0 (0x0)
"NoControlPanel"=0 (0x0)
"NoClose"=0 (0x0)
"StartMenuLogOff"=0 (0x0)
"HideClock"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NotLog]
SGLogEx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SGLogNotification]
SGLogNotification.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\uerclt]
uercltn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5723792-df52-11db-bf1b-00038a000015}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

*Newly Created Service* - CATCHME
*Newly Created Service* - USNJSVC
*Newly Created Service* - WLSETUPSVC

Contents of the 'Scheduled Tasks' folder
2007-07-03 19:46:03 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-06 15:18:45 C:\WINDOWS\tasks\Maintenance en 1 clic.job
2007-07-07 16:12:55 C:\WINDOWS\tasks\PMTask.job
2007-07-07 17:11:01 C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-07 19:56:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-07 19:57:43
C:\ComboFix2.txt ... 2007-07-07 19:37

--- E O F ---
0
Réponse 32 / 75
Didineg18
6 juil. 2007 à 20:07
pour le rapport Qoobox il est vide donc je n 'ai rien a poster
0
Réponse 33 / 75
afideg Messages postés 10517 Date d'inscription lundi 10 octobre 2005 Statut Contributeur sécurité Dernière intervention 12 avril 2022 602
6 juil. 2007 à 20:07
Re
Donc, rien en quarantaine .
0
Réponse 34 / 75
moK´s@ Messages postés 4399 Date d'inscription mardi 18 octobre 2005 Statut Membre Dernière intervention 2 novembre 2007 89
6 juil. 2007 à 20:09
re,

et ma manip???
0
Réponse 35 / 75
Didineg18
6 juil. 2007 à 20:11
kel manip Mok'S@?celle de hijackthis ou sur virustotal je peux pas tout faire en meme temps
0
Réponse 36 / 75
moK´s@ Messages postés 4399 Date d'inscription mardi 18 octobre 2005 Statut Membre Dernière intervention 2 novembre 2007 89
6 juil. 2007 à 20:16
oui un a la fois...

celle de virus total

et puis coche les lignes dans hijack this

et puis fais smitfraud
0
Réponse 37 / 75
Didineg18
6 juil. 2007 à 20:58
voila les resultat virustotal


Complete scanning result of "AWRTPD.sys", received in VirusTotal at 07.06.2007, 20:18:57 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.7.7.0 07.06.2007 no virus found
AntiVir 7.4.0.39 07.06.2007 no virus found
Authentium 4.93.8 07.06.2007 no virus found
Avast 4.7.997.0 07.06.2007 no virus found
AVG 7.5.0.476 07.06.2007 no virus found
BitDefender 7.2 07.06.2007 no virus found
CAT-QuickHeal 9.00 07.06.2007 no virus found
ClamAV devel-20070416 07.06.2007 no virus found
DrWeb 4.33 07.06.2007 no virus found
eSafe 7.0.15.0 07.05.2007 no virus found
eTrust-Vet 30.8.3767 07.06.2007 no virus found
Ewido 4.0 07.06.2007 no virus found
FileAdvisor 1 07.06.2007 no virus found
Fortinet 2.91.0.0 07.06.2007 no virus found
F-Prot 4.3.2.48 07.06.2007 no virus found
F-Secure 6.70.13260.0 07.06.2007 no virus found
Ikarus T3.1.1.8 07.06.2007 no virus found
Kaspersky 4.0.2.24 07.06.2007 no virus found
McAfee 5069 07.06.2007 no virus found
Microsoft 1.2704 07.06.2007 no virus found
NOD32v2 2382 07.06.2007 no virus found
Norman 5.80.02 07.06.2007 no virus found
Panda 9.0.0.4 07.06.2007 no virus found
Sophos 4.19.0 07.06.2007 no virus found
Sunbelt 2.2.907.0 07.06.2007 no virus found
Symantec 10 07.06.2007 no virus found
TheHacker 6.1.6.143 07.05.2007 no virus found
VBA32 3.12.0.2 07.06.2007 no virus found
VirusBuster 4.3.23:9 07.06.2007 no virus found
Webwasher-Gateway 6.0.1 07.06.2007 no virus found

Aditional Information
File size: 6272 bytes
MD5: ec018602809b28520caa132cd616bb2a
SHA1: b19ec7c8afbe2411c16f6e0b01eeac251dfc4028







Complete scanning result of "mucltui.dll", received in VirusTotal at 07.06.2007, 20:26:52 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.7.7.0 07.06.2007 no virus found
AntiVir 7.4.0.39 07.06.2007 no virus found
Authentium 4.93.8 07.06.2007 no virus found
Avast 4.7.997.0 07.06.2007 no virus found
AVG 7.5.0.476 07.06.2007 no virus found
BitDefender 7.2 07.06.2007 no virus found
CAT-QuickHeal 9.00 07.06.2007 no virus found
ClamAV devel-20070416 07.06.2007 no virus found
DrWeb 4.33 07.06.2007 no virus found
eSafe 7.0.15.0 07.05.2007 no virus found
eTrust-Vet 30.8.3767 07.06.2007 no virus found
Ewido 4.0 07.06.2007 no virus found
FileAdvisor 1 07.06.2007 no virus found
Fortinet 2.91.0.0 07.06.2007 no virus found
F-Prot 4.3.2.48 07.06.2007 no virus found
F-Secure 6.70.13260.0 07.06.2007 no virus found
Ikarus T3.1.1.8 07.06.2007 no virus found
Kaspersky 4.0.2.24 07.06.2007 no virus found
McAfee 5069 07.06.2007 no virus found
Microsoft 1.2704 07.06.2007 no virus found
NOD32v2 2382 07.06.2007 no virus found
Norman 5.80.02 07.06.2007 no virus found
Panda 9.0.0.4 07.06.2007 no virus found
Sophos 4.19.0 07.06.2007 no virus found
Sunbelt 2.2.907.0 07.06.2007 no virus found
Symantec 10 07.06.2007 no virus found
TheHacker 6.1.6.143 07.05.2007 no virus found
VBA32 3.12.0.2 07.06.2007 no virus found
VirusBuster 4.3.23:9 07.06.2007 no virus found
Webwasher-Gateway 6.0.1 07.06.2007 no virus found

Aditional Information
File size: 271224 bytes
MD5: 5a0cd6dc6a03c5bf47ca2c16fe846d0b
SHA1: 1601a1371fbde824609b8d39a216f905875a4fa7




Complete scanning result of "lsdelete.exe", received in VirusTotal at 07.06.2007, 20:41:12 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.7.7.0 07.06.2007 no virus found
AntiVir 7.4.0.39 07.06.2007 no virus found
Authentium 4.93.8 07.06.2007 no virus found
Avast 4.7.997.0 07.06.2007 no virus found
AVG 7.5.0.476 07.06.2007 no virus found
BitDefender 7.2 07.06.2007 no virus found
CAT-QuickHeal 9.00 07.06.2007 no virus found
ClamAV devel-20070416 07.06.2007 no virus found
DrWeb 4.33 07.06.2007 no virus found
eSafe 7.0.15.0 07.05.2007 no virus found
eTrust-Vet 30.8.3767 07.06.2007 no virus found
Ewido 4.0 07.06.2007 no virus found
FileAdvisor 1 07.06.2007 no virus found
Fortinet 2.91.0.0 07.06.2007 no virus found
F-Prot 4.3.2.48 07.06.2007 no virus found
F-Secure 6.70.13260.0 07.06.2007 no virus found
Ikarus T3.1.1.8 07.06.2007 no virus found
Kaspersky 4.0.2.24 07.06.2007 no virus found
McAfee 5069 07.06.2007 no virus found
Microsoft 1.2704 07.06.2007 no virus found
NOD32v2 2382 07.06.2007 no virus found
Norman 5.80.02 07.06.2007 no virus found
Panda 9.0.0.4 07.06.2007 no virus found
Sophos 4.19.0 07.06.2007 no virus found
Sunbelt 2.2.907.0 07.06.2007 no virus found
Symantec 10 07.06.2007 no virus found
TheHacker 6.1.6.143 07.05.2007 no virus found
VBA32 3.12.0.2 07.06.2007 no virus found
VirusBuster 4.3.23:9 07.06.2007 no virus found
Webwasher-Gateway 6.0.1 07.06.2007 no virus found

Aditional Information
File size: 7680 bytes
MD5: 33b97c883430c332c6dfae5d074bd755
SHA1: 174af437e08fc30f06140ef9d879573f4140e12b



Complete scanning result of "muweb.dll", received in VirusTotal at 07.06.2007, 20:51:31 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.7.7.0 07.06.2007 no virus found
AntiVir 7.4.0.39 07.06.2007 no virus found
Authentium 4.93.8 07.06.2007 no virus found
Avast 4.7.997.0 07.06.2007 no virus found
AVG 7.5.0.476 07.06.2007 no virus found
BitDefender 7.2 07.06.2007 no virus found
CAT-QuickHeal 9.00 07.06.2007 no virus found
ClamAV devel-20070416 07.06.2007 no virus found
DrWeb 4.33 07.06.2007 no virus found
eSafe 7.0.15.0 07.05.2007 no virus found
eTrust-Vet 30.8.3767 07.06.2007 no virus found
Ewido 4.0 07.06.2007 no virus found
FileAdvisor 1 07.06.2007 no virus found
Fortinet 2.91.0.0 07.06.2007 no virus found
F-Prot 4.3.2.48 07.06.2007 no virus found
F-Secure 6.70.13260.0 07.06.2007 no virus found
Ikarus T3.1.1.8 07.06.2007 no virus found
Kaspersky 4.0.2.24 07.06.2007 no virus found
McAfee 5069 07.06.2007 no virus found
Microsoft 1.2704 07.06.2007 no virus found
NOD32v2 2382 07.06.2007 no virus found
Norman 5.80.02 07.06.2007 no virus found
Panda 9.0.0.4 07.06.2007 no virus found
Sophos 4.19.0 07.06.2007 no virus found
Sunbelt 2.2.907.0 07.06.2007 no virus found
Symantec 10 07.06.2007 no virus found
TheHacker 6.1.6.143 07.05.2007 no virus found
VBA32 3.12.0.2 07.06.2007 no virus found
VirusBuster 4.3.23:9 07.06.2007 no virus found
Webwasher-Gateway 6.0.1 07.06.2007 no virus found

Aditional Information
File size: 208248 bytes
MD5: da90d6cee1622d0427b5974c6a4f6b1f
SHA1: dc233cfd8b194952f4b683edb23e508972f49688
0
Réponse 38 / 75
moK´s@ Messages postés 4399 Date d'inscription mardi 18 octobre 2005 Statut Membre Dernière intervention 2 novembre 2007 89
6 juil. 2007 à 21:05
ok c´est cool peux tu poster le rapport smitfraud

et puis fais ceci .

* télécharge AVG Anti-Spyware (ewido)

https://www.avg.com/en-ww/free-antivirus-download
http://www.infos-du-net.com/telecharger/Ewido-Security-Suite,0301-734.html
* tu l'installes

* lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente
si tu n'arrives pas à le mettre à jour prends ici les màj
http://downloads.ewido.net/avgas-signatures-full-current.exe

Sur la page "analyse":
•- tu choisis d'abord l'onglet "paramètres".
- sous « Comment réagir » clic sur « Actions recommandées » et dans le menu déroulant, choisir « Supprimer »

Copie Et colle le rapport ici

Ps : une fois le scan terminé tu supprime bien tout ce qu´il a trouvé.
0
Réponse 39 / 75
Didineg18
6 juil. 2007 à 21:06
voila voila le rapport smitfraud


SmitFraudFix v2.200

Rapport fait à 21:02:28,37, 07/07/2007
Executé à partir de C:\Documents and Settings\Utilisateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Utimaco\SafeGuard Easy\SgeClient.exe
C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
C:\WINDOWS\system32\SgLogPlayer.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe
C:\Program Files\AOLbox\Gateway\wlancfg.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Utimaco\SafeGuard Easy\uerlkupn.exe
C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Utilisateur


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Utilisateur\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\UTILIS~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: 11a/b/g Wireless LAN Mini PCI Adapter II - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{AA0E1F0C-0AF1-4331-A443-F3876B8BE286}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{AA0E1F0C-0AF1-4331-A443-F3876B8BE286}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{AA0E1F0C-0AF1-4331-A443-F3876B8BE286}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 40 / 75
Didineg18
6 juil. 2007 à 21:07
j'ai aussi fais ce que tu m'a dis sur hijackthis
0

Discussions similaires

symboles et écritures pour nick msn
Pando -
roro -

20 réponses