Infecté par WIN 32/Agent.BCK cheval de troie
Résolu
aleksandar
Messages postés
55
Date d'inscription
Statut
Membre
Dernière intervention
-
nardino Messages postés 1633 Date d'inscription Statut Membre Dernière intervention -
nardino Messages postés 1633 Date d'inscription Statut Membre Dernière intervention -
Bonjour,je suis infecté par WIN 32/Agent.BCK cheval de troie aidé moi s il vous plait merci d avance.
A voir également:
- Infecté par WIN 32/Agent.BCK cheval de troie
- Power iso 32 bit - Télécharger - Gravure
- 32 bits - Guide
- Win rar - Télécharger - Compression & Décompression
- Clé de produit windows 7 professionnel 32 bits gratuit - Guide
- Télécharger windows 7 32 bits usb - Télécharger - Systèmes d'exploitation
38 réponses
LoadLibrary failed for C:\WINDOWS\system32\ssttt.dll
C:\WINDOWS\system32\ssttt.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\ssttt.dll scheduled to be moved on reboot.
File/Folder C:\WINDOWS\system32\pwljvncv.dll not found.
Created on 10/08/2007 19:14:50
C:\WINDOWS\system32\ssttt.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\ssttt.dll scheduled to be moved on reboot.
File/Folder C:\WINDOWS\system32\pwljvncv.dll not found.
Created on 10/08/2007 19:14:50
Logfile of HijackThis v1.99.1
Scan saved at 19:23:07, on 08/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=6061228
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=6061228
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ECarteBleueBrowserHelper Class - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {6465F3F2-6709-44C1-AD4F-E64E86F95E67} - C:\WINDOWS\system32\ssttt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\xxavppew.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\nhsmhapu.dll",sitypnow
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5308E02B-4ABA-48E4-AA9E-8A7693661473} (GameCtl Class) - http://jeuxenligne.orange.fr/GisActiveX/Ax/GameAx.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.servicesalacarte.orange.fr/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C9E17F58-564C-41C6-989F-AB0FE0D2C9D1} (PopcapLoader Object) - http://jeuxenligne.orange.fr/orange2.0/OnlineHSS/insaniquarium/Popcap.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
Scan saved at 19:23:07, on 08/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=6061228
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=6061228
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ECarteBleueBrowserHelper Class - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {6465F3F2-6709-44C1-AD4F-E64E86F95E67} - C:\WINDOWS\system32\ssttt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\xxavppew.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\nhsmhapu.dll",sitypnow
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5308E02B-4ABA-48E4-AA9E-8A7693661473} (GameCtl Class) - http://jeuxenligne.orange.fr/GisActiveX/Ax/GameAx.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.servicesalacarte.orange.fr/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C9E17F58-564C-41C6-989F-AB0FE0D2C9D1} (PopcapLoader Object) - http://jeuxenligne.orange.fr/orange2.0/OnlineHSS/insaniquarium/Popcap.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
Bonsoir,
Télécharge Combofix de sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Ferme toutes les applications.
- Double-clique sur combofix.exe (ne clique pas sur la fenêtre qui s'ouvre)
- Appuie sur Y pour lancer le scan
- A la fin du scan (cela peut prendre du temps), un rapport sera créé.
- Poste ce rapport dans ton prochain message.
Télécharge Combofix de sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Ferme toutes les applications.
- Double-clique sur combofix.exe (ne clique pas sur la fenêtre qui s'ouvre)
- Appuie sur Y pour lancer le scan
- A la fin du scan (cela peut prendre du temps), un rapport sera créé.
- Poste ce rapport dans ton prochain message.
ComboFix 07-10-07.2 - ivana 2007-10-08 20:15:15.1 - NTFSx86 MINIMAL
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.828 [GMT 2:00]
Running from: C:\Documents and Settings\ivana\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\check_LSA7.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ahkehggg.dll
C:\WINDOWS\system32\axahoupq.ini
C:\WINDOWS\system32\bguwgxou.dll
C:\WINDOWS\system32\caqtnwcn.dll
C:\WINDOWS\system32\cnitlomn.dll
C:\WINDOWS\system32\deaclvnq.ini
C:\WINDOWS\system32\dyumnrae.dll
C:\WINDOWS\system32\earnmuyd.ini
C:\WINDOWS\system32\efuctyjt.ini
C:\WINDOWS\system32\eoywjqot.dll
C:\WINDOWS\system32\etcyrlgx.dll
C:\WINDOWS\system32\ggghekha.ini
C:\WINDOWS\system32\gnyqsvvt.dll
C:\WINDOWS\system32\grwhkwjn.dll
C:\WINDOWS\system32\ibdjthlr.ini
C:\WINDOWS\system32\idbnxeii.dll
C:\WINDOWS\system32\idivsfor.dll
C:\WINDOWS\system32\iiexnbdi.ini
C:\WINDOWS\system32\iqhjcwpw.dll
C:\WINDOWS\system32\jdcvraon.ini
C:\WINDOWS\system32\jdrydksm.dll
C:\WINDOWS\system32\kbjdhwxy.dll
C:\WINDOWS\system32\kviseqtp.ini
C:\WINDOWS\system32\lkfyteop.dll
C:\WINDOWS\system32\mmkdyepr.ini
C:\WINDOWS\system32\mskdyrdj.ini
C:\WINDOWS\system32\ndbteiey.dll
C:\WINDOWS\system32\neceybes.ini
C:\WINDOWS\system32\nhsmhapu.dll
C:\WINDOWS\system32\njwkhwrg.ini
C:\WINDOWS\system32\nmoltinc.ini
C:\WINDOWS\system32\noarvcdj.dll
C:\WINDOWS\system32\nqqueoun.ini
C:\WINDOWS\system32\nuoeuqqn.dll
C:\WINDOWS\system32\poetyfkl.ini
C:\WINDOWS\system32\pqxojtmr.dll
C:\WINDOWS\system32\ptqesivk.dll
C:\WINDOWS\system32\qgarcqov.dll
C:\WINDOWS\system32\qmswqtvt.dll
C:\WINDOWS\system32\qnvlcaed.dll
C:\WINDOWS\system32\qpuohaxa.dll
C:\WINDOWS\system32\rlhtjdbi.dll
C:\WINDOWS\system32\rmtjoxqp.ini
C:\WINDOWS\system32\rofsvidi.ini
C:\WINDOWS\system32\rpeydkmm.dll
C:\WINDOWS\system32\sebyecen.dll
C:\WINDOWS\system32\sfbvfptw.dll
C:\WINDOWS\system32\smsmgmcw.ini
C:\WINDOWS\system32\ssttt.dll
C:\WINDOWS\system32\tjytcufe.dll
C:\WINDOWS\system32\tnbvtwew.dll
C:\WINDOWS\system32\toqjwyoe.ini
C:\WINDOWS\system32\trtudjbr.dll
C:\WINDOWS\system32\tttss.bak1
C:\WINDOWS\system32\tttss.bak1
C:\WINDOWS\system32\tttss.bak1
C:\WINDOWS\system32\tttss.bak2
C:\WINDOWS\system32\tttss.bak2
C:\WINDOWS\system32\tttss.bak2
C:\WINDOWS\system32\tttss.ini
C:\WINDOWS\system32\tttss.ini
C:\WINDOWS\system32\tttss.ini
C:\WINDOWS\system32\tttss.ini2
C:\WINDOWS\system32\tttss.ini2
C:\WINDOWS\system32\tttss.ini2
C:\WINDOWS\system32\tttss.tmp
C:\WINDOWS\system32\tttss.tmp
C:\WINDOWS\system32\tttss.tmp
C:\WINDOWS\system32\tvtqwsmq.ini
C:\WINDOWS\system32\tvvsqyng.ini
C:\WINDOWS\system32\uoxgwugb.ini
C:\WINDOWS\system32\upahmshn.ini
C:\WINDOWS\system32\vaqcnxvv.ini
C:\WINDOWS\system32\vdtyebda.dll
C:\WINDOWS\system32\voqcragq.ini
C:\WINDOWS\system32\vsqncdry.dll
C:\WINDOWS\system32\vvvupyhx.ini
C:\WINDOWS\system32\vvxncqav.dll
C:\WINDOWS\system32\wbkouleb.dll
C:\WINDOWS\system32\wcmgmsms.dll
C:\WINDOWS\system32\wewtvbnt.ini
C:\WINDOWS\system32\wpwcjhqi.ini
C:\WINDOWS\system32\wtpfvbfs.ini
C:\WINDOWS\system32\xglrycte.ini
C:\WINDOWS\system32\xhypuvvv.dll
C:\WINDOWS\system32\xxavppew.dll
C:\WINDOWS\system32\yeietbdn.ini
C:\WINDOWS\system32\ygrnewty.dll
C:\WINDOWS\system32\yrdcnqsv.ini
C:\WINDOWS\system32\yxwhdjbk.ini
.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-08 to 2007-10-08 ))))))))))))))))))))))))))))))))))))
.
2007-10-08 20:14 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-07 19:09 <REP> d-------- C:\Program Files\iPod
2007-10-07 19:08 30,336 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2007-10-06 17:59 19 --a------ C:\WINDOWS\popcinfo.dat
2007-10-06 17:36 <REP> d-------- C:\Documents and Settings\ivana\Application Data\Zylom
2007-10-06 17:35 <REP> d-------- C:\Program Files\Zylom Games
2007-10-05 23:10 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2007-10-05 23:10 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2007-10-05 23:10 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2007-10-05 23:10 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2007-10-05 23:10 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-10-05 23:10 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2007-10-05 23:10 <REP> d--h----- C:\Documents and Settings\Administrateur\Application Data\Gtek
2007-10-05 23:10 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2007-10-05 23:10 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ATI
2007-10-05 22:58 <REP> d-------- C:\VundoFix Backups
2007-10-05 22:41 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2007-10-05 21:29 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-05 21:02 <REP> d-------- C:\Program Files\Yahoo!
2007-10-05 21:02 <REP> d-------- C:\Program Files\CCleaner
2007-09-28 22:45 502,208 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-09-28 22:45 270,336 --a------ C:\WINDOWS\system32\imon.dll
2007-09-26 17:50 <REP> d-------- C:\WINDOWS\ERUNT
2007-09-24 18:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-09-24 18:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-09-24 15:16 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-09-23 19:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-09-23 17:05 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-09-23 17:05 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2007-09-23 17:05 <REP> d-------- C:\WINDOWS\AU_Backup
2007-09-23 17:04 <REP> d-------- C:\WINDOWS\AU_Temp
2007-09-23 17:02 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-09-23 17:02 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-09-23 17:02 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-09-23 17:02 <REP> d-------- C:\WINDOWS\AU_Log
2007-09-22 06:29 33,792 --a------ C:\WINDOWS\system32\yayayvw.dll.vir
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-07 19:12 --------- d-------- C:\Program Files\Apple Software Update
2007-10-07 19:10 --------- d-------- C:\Program Files\iTunes
2007-10-07 13:08 --------- d-------- C:\Program Files\Google
2007-10-07 13:08 --------- d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-09-27 18:05 --------- d-------- C:\Program Files\PokerChamps
2007-09-27 18:01 --------- d-------- C:\Program Files\IKEA HomePlanner
2007-09-22 14:14 --------- d-------- C:\Program Files\eMule
2007-08-24 23:48 --------- d-------- C:\Program Files\QuickTime
2007-08-24 23:47 --------- d-------- C:\Program Files\Fichiers communs\Apple
2007-08-24 23:47 --------- d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-08-16 21:14 --------- d-------- C:\Program Files\MSXML 4.0
1995-09-20 15:16 456976 --a------ C:\Program Files\Fichiers communs\dao3032.dll
--------- C:\Program Files\Hijackthis Version Française
2007-06-09 13:13:41 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
2007-02-16 19:56:23 168 --sh--r C:\WINDOWS\system32\A95D9052E3.sys
2007-02-16 19:56:34 7,670 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 09:15]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 19:41]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 07:20]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 18:50]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 18:50]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 17:00 C:\WINDOWS\stsystra.exe]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 17:57]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-12 17:59]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-09-28 22:44]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-07 13:08]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Dell Network Assistant.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Dell Network Assistant.lnk
backup=C:\WINDOWS\pss\Dell Network Assistant.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eCarteBleue-CLEO]
"C:\Program Files\e-Carte Bleue\LCL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe" /dontopenmycards
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]
"C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
"C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt.sys
R2 wsppkt;Wireless Security Protocol;C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-07 17:05:45 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-08 20:19:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-08 20:20:43 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-08 20:20
.
--- E O F ---
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.828 [GMT 2:00]
Running from: C:\Documents and Settings\ivana\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\check_LSA7.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ahkehggg.dll
C:\WINDOWS\system32\axahoupq.ini
C:\WINDOWS\system32\bguwgxou.dll
C:\WINDOWS\system32\caqtnwcn.dll
C:\WINDOWS\system32\cnitlomn.dll
C:\WINDOWS\system32\deaclvnq.ini
C:\WINDOWS\system32\dyumnrae.dll
C:\WINDOWS\system32\earnmuyd.ini
C:\WINDOWS\system32\efuctyjt.ini
C:\WINDOWS\system32\eoywjqot.dll
C:\WINDOWS\system32\etcyrlgx.dll
C:\WINDOWS\system32\ggghekha.ini
C:\WINDOWS\system32\gnyqsvvt.dll
C:\WINDOWS\system32\grwhkwjn.dll
C:\WINDOWS\system32\ibdjthlr.ini
C:\WINDOWS\system32\idbnxeii.dll
C:\WINDOWS\system32\idivsfor.dll
C:\WINDOWS\system32\iiexnbdi.ini
C:\WINDOWS\system32\iqhjcwpw.dll
C:\WINDOWS\system32\jdcvraon.ini
C:\WINDOWS\system32\jdrydksm.dll
C:\WINDOWS\system32\kbjdhwxy.dll
C:\WINDOWS\system32\kviseqtp.ini
C:\WINDOWS\system32\lkfyteop.dll
C:\WINDOWS\system32\mmkdyepr.ini
C:\WINDOWS\system32\mskdyrdj.ini
C:\WINDOWS\system32\ndbteiey.dll
C:\WINDOWS\system32\neceybes.ini
C:\WINDOWS\system32\nhsmhapu.dll
C:\WINDOWS\system32\njwkhwrg.ini
C:\WINDOWS\system32\nmoltinc.ini
C:\WINDOWS\system32\noarvcdj.dll
C:\WINDOWS\system32\nqqueoun.ini
C:\WINDOWS\system32\nuoeuqqn.dll
C:\WINDOWS\system32\poetyfkl.ini
C:\WINDOWS\system32\pqxojtmr.dll
C:\WINDOWS\system32\ptqesivk.dll
C:\WINDOWS\system32\qgarcqov.dll
C:\WINDOWS\system32\qmswqtvt.dll
C:\WINDOWS\system32\qnvlcaed.dll
C:\WINDOWS\system32\qpuohaxa.dll
C:\WINDOWS\system32\rlhtjdbi.dll
C:\WINDOWS\system32\rmtjoxqp.ini
C:\WINDOWS\system32\rofsvidi.ini
C:\WINDOWS\system32\rpeydkmm.dll
C:\WINDOWS\system32\sebyecen.dll
C:\WINDOWS\system32\sfbvfptw.dll
C:\WINDOWS\system32\smsmgmcw.ini
C:\WINDOWS\system32\ssttt.dll
C:\WINDOWS\system32\tjytcufe.dll
C:\WINDOWS\system32\tnbvtwew.dll
C:\WINDOWS\system32\toqjwyoe.ini
C:\WINDOWS\system32\trtudjbr.dll
C:\WINDOWS\system32\tttss.bak1
C:\WINDOWS\system32\tttss.bak1
C:\WINDOWS\system32\tttss.bak1
C:\WINDOWS\system32\tttss.bak2
C:\WINDOWS\system32\tttss.bak2
C:\WINDOWS\system32\tttss.bak2
C:\WINDOWS\system32\tttss.ini
C:\WINDOWS\system32\tttss.ini
C:\WINDOWS\system32\tttss.ini
C:\WINDOWS\system32\tttss.ini2
C:\WINDOWS\system32\tttss.ini2
C:\WINDOWS\system32\tttss.ini2
C:\WINDOWS\system32\tttss.tmp
C:\WINDOWS\system32\tttss.tmp
C:\WINDOWS\system32\tttss.tmp
C:\WINDOWS\system32\tvtqwsmq.ini
C:\WINDOWS\system32\tvvsqyng.ini
C:\WINDOWS\system32\uoxgwugb.ini
C:\WINDOWS\system32\upahmshn.ini
C:\WINDOWS\system32\vaqcnxvv.ini
C:\WINDOWS\system32\vdtyebda.dll
C:\WINDOWS\system32\voqcragq.ini
C:\WINDOWS\system32\vsqncdry.dll
C:\WINDOWS\system32\vvvupyhx.ini
C:\WINDOWS\system32\vvxncqav.dll
C:\WINDOWS\system32\wbkouleb.dll
C:\WINDOWS\system32\wcmgmsms.dll
C:\WINDOWS\system32\wewtvbnt.ini
C:\WINDOWS\system32\wpwcjhqi.ini
C:\WINDOWS\system32\wtpfvbfs.ini
C:\WINDOWS\system32\xglrycte.ini
C:\WINDOWS\system32\xhypuvvv.dll
C:\WINDOWS\system32\xxavppew.dll
C:\WINDOWS\system32\yeietbdn.ini
C:\WINDOWS\system32\ygrnewty.dll
C:\WINDOWS\system32\yrdcnqsv.ini
C:\WINDOWS\system32\yxwhdjbk.ini
.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-08 to 2007-10-08 ))))))))))))))))))))))))))))))))))))
.
2007-10-08 20:14 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-07 19:09 <REP> d-------- C:\Program Files\iPod
2007-10-07 19:08 30,336 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2007-10-06 17:59 19 --a------ C:\WINDOWS\popcinfo.dat
2007-10-06 17:36 <REP> d-------- C:\Documents and Settings\ivana\Application Data\Zylom
2007-10-06 17:35 <REP> d-------- C:\Program Files\Zylom Games
2007-10-05 23:10 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2007-10-05 23:10 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2007-10-05 23:10 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2007-10-05 23:10 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2007-10-05 23:10 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-10-05 23:10 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2007-10-05 23:10 <REP> d--h----- C:\Documents and Settings\Administrateur\Application Data\Gtek
2007-10-05 23:10 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2007-10-05 23:10 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ATI
2007-10-05 22:58 <REP> d-------- C:\VundoFix Backups
2007-10-05 22:41 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2007-10-05 21:29 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-05 21:02 <REP> d-------- C:\Program Files\Yahoo!
2007-10-05 21:02 <REP> d-------- C:\Program Files\CCleaner
2007-09-28 22:45 502,208 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-09-28 22:45 270,336 --a------ C:\WINDOWS\system32\imon.dll
2007-09-26 17:50 <REP> d-------- C:\WINDOWS\ERUNT
2007-09-24 18:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-09-24 18:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-09-24 15:16 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-09-23 19:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-09-23 17:05 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-09-23 17:05 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2007-09-23 17:05 <REP> d-------- C:\WINDOWS\AU_Backup
2007-09-23 17:04 <REP> d-------- C:\WINDOWS\AU_Temp
2007-09-23 17:02 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-09-23 17:02 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-09-23 17:02 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-09-23 17:02 <REP> d-------- C:\WINDOWS\AU_Log
2007-09-22 06:29 33,792 --a------ C:\WINDOWS\system32\yayayvw.dll.vir
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-07 19:12 --------- d-------- C:\Program Files\Apple Software Update
2007-10-07 19:10 --------- d-------- C:\Program Files\iTunes
2007-10-07 13:08 --------- d-------- C:\Program Files\Google
2007-10-07 13:08 --------- d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-09-27 18:05 --------- d-------- C:\Program Files\PokerChamps
2007-09-27 18:01 --------- d-------- C:\Program Files\IKEA HomePlanner
2007-09-22 14:14 --------- d-------- C:\Program Files\eMule
2007-08-24 23:48 --------- d-------- C:\Program Files\QuickTime
2007-08-24 23:47 --------- d-------- C:\Program Files\Fichiers communs\Apple
2007-08-24 23:47 --------- d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-08-16 21:14 --------- d-------- C:\Program Files\MSXML 4.0
1995-09-20 15:16 456976 --a------ C:\Program Files\Fichiers communs\dao3032.dll
--------- C:\Program Files\Hijackthis Version Française
2007-06-09 13:13:41 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
2007-02-16 19:56:23 168 --sh--r C:\WINDOWS\system32\A95D9052E3.sys
2007-02-16 19:56:34 7,670 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 09:15]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 19:41]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 07:20]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 18:50]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 18:50]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 17:00 C:\WINDOWS\stsystra.exe]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 17:57]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-12 17:59]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-09-28 22:44]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-07 13:08]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Dell Network Assistant.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Dell Network Assistant.lnk
backup=C:\WINDOWS\pss\Dell Network Assistant.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eCarteBleue-CLEO]
"C:\Program Files\e-Carte Bleue\LCL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe" /dontopenmycards
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]
"C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
"C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt.sys
R2 wsppkt;Wireless Security Protocol;C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-07 17:05:45 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-08 20:19:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-08 20:20:43 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-08 20:20
.
--- E O F ---
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bonsoir.
Sur ce site: https://virusscan.jotti.org/
= Virusscan.jotti-maxi 15mb
C:\WINDOWS\popcinfo.dat
C:\WINDOWS\system32\imon.dll
C:\WINDOWS\vsapi32.dll
C:\WINDOWS\AU_Temp
C:\WINDOWS\system32\yayayvw.dll.vir
Tu fais analyser les fichiers suivant et tu enregistres les rapports que tu postes dans la prochaine réponse.
Nous allons en venir à bout.
Sur ce site: https://virusscan.jotti.org/
= Virusscan.jotti-maxi 15mb
C:\WINDOWS\popcinfo.dat
C:\WINDOWS\system32\imon.dll
C:\WINDOWS\vsapi32.dll
C:\WINDOWS\AU_Temp
C:\WINDOWS\system32\yayayvw.dll.vir
Tu fais analyser les fichiers suivant et tu enregistres les rapports que tu postes dans la prochaine réponse.
Nous allons en venir à bout.
pour ce fichier:C:\WINDOWS\system32\yayayvw.dll.vir le rapport et le suivant
Service load: 0% 100%
File: yayayvw.dll.vir_
Status: INFECTED/MALWARE
MD5: fbbcda5777dc2f69750e4a4e73909d77
Packers detected: -
Bit9 reports: File not found
Scanner results
Scan taken on 08 Oct 2007 20:36:21 (GMT)
A-Squared Found Adware.Win32.Virtumonde.vq
AntiVir Found TR/Vundo.DNG
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Trojan.Vundo.DNG
ClamAV Found Adware.Virtumonde-141
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found Trojan.Win32.Pakes.ei
NOD32 Found nothing
Norman Virus Control Found W32/Vundo.T
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
Service load: 0% 100%
File: yayayvw.dll.vir_
Status: INFECTED/MALWARE
MD5: fbbcda5777dc2f69750e4a4e73909d77
Packers detected: -
Bit9 reports: File not found
Scanner results
Scan taken on 08 Oct 2007 20:36:21 (GMT)
A-Squared Found Adware.Win32.Virtumonde.vq
AntiVir Found TR/Vundo.DNG
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Trojan.Vundo.DNG
ClamAV Found Adware.Virtumonde-141
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found Trojan.Win32.Pakes.ei
NOD32 Found nothing
Norman Virus Control Found W32/Vundo.T
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
Et pour ce fichier C:\WINDOWS\AU_Temp le site ne le scanne pas il me dit:The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file
JE T ENVOI CE RAPPORT JE NE C EST PAS SI JE TE L AI DEJA ENVOYER
[code]
2007-09-22 06:35 310880 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ssttt.dll.vir
2007-09-22 19:24 812525 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tttss.bak1.vir
2007-09-24 14:30 86080 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\rpeydkmm.dll.vir
2007-09-25 07:30 693988 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mmkdyepr.ini.vir
2007-09-25 07:40 820451 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tttss.ini.vir
2007-09-25 13:39 820511 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tttss.tmp.vir
2007-09-26 14:50 84032 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\eoywjqot.dll.vir
2007-09-26 15:42 693679 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\toqjwyoe.ini.vir
2007-09-26 15:51 84032 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\qmswqtvt.dll.vir
2007-09-26 16:06 693421 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tvtqwsmq.ini.vir
2007-09-26 18:06 693661 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\earnmuyd.ini.vir
2007-09-26 18:06 84032 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\dyumnrae.dll.vir
2007-09-26 21:11 84032 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\etcyrlgx.dll.vir
2007-09-26 21:17 693439 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\xglrycte.ini.vir
2007-09-26 21:19 84032 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\lkfyteop.dll.vir
2007-09-26 21:20 693421 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\poetyfkl.ini.vir
2007-09-26 22:23 693541 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wewtvbnt.ini.vir
2007-09-26 22:23 84032 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tnbvtwew.dll.vir
2007-09-28 14:26 85056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wcmgmsms.dll.vir
2007-09-28 15:53 693559 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\smsmgmcw.ini.vir
2007-09-28 21:22 85056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\qnvlcaed.dll.vir
2007-09-28 21:26 693472 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\deaclvnq.ini.vir
2007-09-28 22:45 85056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ygrnewty.dll.vir
2007-09-29 00:02 85056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\gnyqsvvt.dll.vir
2007-09-29 00:08 694321 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tvvsqyng.ini.vir
2007-09-29 09:08 84032 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ptqesivk.dll.vir
2007-09-29 10:15 693679 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\kviseqtp.ini.vir
2007-09-29 10:19 84032 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\noarvcdj.dll.vir
2007-09-29 17:15 693551 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\jdcvraon.ini.vir
2007-10-01 14:13 87104 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\kbjdhwxy.dll.vir
2007-10-01 14:52 693679 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\yxwhdjbk.ini.vir
2007-10-01 15:46 87104 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\jdrydksm.dll.vir
2007-10-01 18:01 693439 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mskdyrdj.ini.vir
2007-10-01 21:29 87104 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tjytcufe.dll.vir
2007-10-01 21:56 693439 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\efuctyjt.ini.vir
2007-10-02 10:35 85056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ndbteiey.dll.vir
2007-10-02 17:36 693559 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\yeietbdn.ini.vir
2007-10-02 17:45 77376 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vdtyebda.dll.vir
2007-10-03 11:15 693661 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wpwcjhqi.ini.vir
2007-10-03 11:15 86080 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\iqhjcwpw.dll.vir
2007-10-03 18:08 86080 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vvxncqav.dll.vir
2007-10-03 18:36 693439 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vaqcnxvv.ini.vir
2007-10-03 18:41 693421 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ggghekha.ini.vir
2007-10-03 18:41 86080 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ahkehggg.dll.vir
2007-10-04 07:14 85056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\sebyecen.dll.vir
2007-10-04 09:48 693712 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\neceybes.ini.vir
2007-10-04 15:15 693661 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wtpfvbfs.ini.vir
2007-10-04 15:15 85056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\sfbvfptw.dll.vir
2007-10-04 15:49 85056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\idbnxeii.dll.vir
2007-10-04 18:47 693533 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\iiexnbdi.ini.vir
2007-10-05 13:41 693661 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\rofsvidi.ini.vir
2007-10-05 13:41 87104 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\idivsfor.dll.vir
2007-10-05 14:03 693421 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\axahoupq.ini.vir
2007-10-05 14:03 87104 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\qpuohaxa.dll.vir
2007-10-05 14:19 87104 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\bguwgxou.dll.vir
2007-10-05 22:01 693439 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\uoxgwugb.ini.vir
2007-10-05 22:07 87104 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\cnitlomn.dll.vir
2007-10-05 22:39 693533 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\nmoltinc.ini.vir
2007-10-05 22:45 87104 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\trtudjbr.dll.vir
2007-10-05 23:40 76352 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wbkouleb.dll.vir
2007-10-05 23:46 87104 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\caqtnwcn.dll.vir
2007-10-06 00:14 693421 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\rmtjoxqp.ini.vir
2007-10-06 00:14 87104 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\pqxojtmr.dll.vir
2007-10-06 23:45 693421 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ibdjthlr.ini.vir
2007-10-06 23:45 85056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\rlhtjdbi.dll.vir
2007-10-06 23:47 77376 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\xxavppew.dll.vir
2007-10-07 01:05 693421 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\yrdcnqsv.ini.vir
2007-10-07 01:05 85056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vsqncdry.dll.vir
2007-10-07 09:19 86080 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\qgarcqov.dll.vir
2007-10-07 09:20 693661 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\voqcragq.ini.vir
2007-10-07 16:49 86080 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\nuoeuqqn.dll.vir
2007-10-07 16:52 693670 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\nqqueoun.ini.vir
2007-10-08 15:02 693781 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\njwkhwrg.ini.vir
2007-10-08 15:02 85056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\grwhkwjn.dll.vir
2007-10-08 15:21 85056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\xhypuvvv.dll.vir
2007-10-08 15:34 693533 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vvvupyhx.ini.vir
2007-10-08 19:17 555033 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tttss.bak2.vir
2007-10-08 19:20 4174 --a------ C:\Qoobox\Quarantine\C\WINDOWS\cookies.ini.vir
2007-10-08 19:20 693721 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\upahmshn.ini.vir
2007-10-08 19:20 83520 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\nhsmhapu.dll.vir
2007-10-08 20:17 560 --a------ C:\Qoobox\Quarantine\catchme.log
2007-10-08 20:17 820511 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tttss.ini2.vir
2007-10-08 20:17 845026 --a------ C:\Qoobox\Quarantine\catchme2007-10-08_201911.50.zip
2007-10-08 20:18 1218 --a------ C:\Qoobox\Quarantine\C\check_LSA7.txt.vir
Structure du dossier
Le num‚ro de s‚rie du volume est 78E3-F613
C:\QOOBOX\QUARANTINE
| catchme.log
| catchme2007-10-08_201911.50.zip
|
+---C
| | check_LSA7.txt.vir
| |
| \---WINDOWS
| | cookies.ini.vir
| |
| \---system32
| ahkehggg.dll.vir
| axahoupq.ini.vir
| bguwgxou.dll.vir
| caqtnwcn.dll.vir
| cnitlomn.dll.vir
| deaclvnq.ini.vir
| dyumnrae.dll.vir
| earnmuyd.ini.vir
| efuctyjt.ini.vir
| eoywjqot.dll.vir
| etcyrlgx.dll.vir
| ggghekha.ini.vir
| gnyqsvvt.dll.vir
| grwhkwjn.dll.vir
| ibdjthlr.ini.vir
| idbnxeii.dll.vir
| idivsfor.dll.vir
| iiexnbdi.ini.vir
| iqhjcwpw.dll.vir
| jdcvraon.ini.vir
| jdrydksm.dll.vir
| kbjdhwxy.dll.vir
| kviseqtp.ini.vir
| lkfyteop.dll.vir
| mmkdyepr.ini.vir
| mskdyrdj.ini.vir
| ndbteiey.dll.vir
| neceybes.ini.vir
| nhsmhapu.dll.vir
| njwkhwrg.ini.vir
| nmoltinc.ini.vir
| noarvcdj.dll.vir
| nqqueoun.ini.vir
| nuoeuqqn.dll.vir
| poetyfkl.ini.vir
| pqxojtmr.dll.vir
| ptqesivk.dll.vir
| qgarcqov.dll.vir
| qmswqtvt.dll.vir
| qnvlcaed.dll.vir
| qpuohaxa.dll.vir
| rlhtjdbi.dll.vir
| rmtjoxqp.ini.vir
| rofsvidi.ini.vir
| rpeydkmm.dll.vir
| sebyecen.dll.vir
| sfbvfptw.dll.vir
| smsmgmcw.ini.vir
| ssttt.dll.vir
| tjytcufe.dll.vir
| tnbvtwew.dll.vir
| toqjwyoe.ini.vir
| trtudjbr.dll.vir
| tttss.bak1.vir
| tttss.bak2.vir
| tttss.ini.vir
| tttss.ini2.vir
| tttss.tmp.vir
| tvtqwsmq.ini.vir
| tvvsqyng.ini.vir
| uoxgwugb.ini.vir
| upahmshn.ini.vir
| vaqcnxvv.ini.vir
| vdtyebda.dll.vir
| voqcragq.ini.vir
| vsqncdry.dll.vir
| vvvupyhx.ini.vir
| vvxncqav.dll.vir
| wbkouleb.dll.vir
| wcmgmsms.dll.vir
| wewtvbnt.ini.vir
| wpwcjhqi.ini.vir
| wtpfvbfs.ini.vir
| xglrycte.ini.vir
| xhypuvvv.dll.vir
| xxavppew.dll.vir
| yeietbdn.ini.vir
| ygrnewty.dll.vir
| yrdcnqsv.ini.vir
| yxwhdjbk.ini.vir
|
\---Registry_backups
[/code]
[code]
2007-09-22 06:35 310880 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ssttt.dll.vir
2007-09-22 19:24 812525 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tttss.bak1.vir
2007-09-24 14:30 86080 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\rpeydkmm.dll.vir
2007-09-25 07:30 693988 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mmkdyepr.ini.vir
2007-09-25 07:40 820451 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tttss.ini.vir
2007-09-25 13:39 820511 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tttss.tmp.vir
2007-09-26 14:50 84032 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\eoywjqot.dll.vir
2007-09-26 15:42 693679 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\toqjwyoe.ini.vir
2007-09-26 15:51 84032 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\qmswqtvt.dll.vir
2007-09-26 16:06 693421 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tvtqwsmq.ini.vir
2007-09-26 18:06 693661 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\earnmuyd.ini.vir
2007-09-26 18:06 84032 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\dyumnrae.dll.vir
2007-09-26 21:11 84032 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\etcyrlgx.dll.vir
2007-09-26 21:17 693439 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\xglrycte.ini.vir
2007-09-26 21:19 84032 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\lkfyteop.dll.vir
2007-09-26 21:20 693421 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\poetyfkl.ini.vir
2007-09-26 22:23 693541 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wewtvbnt.ini.vir
2007-09-26 22:23 84032 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tnbvtwew.dll.vir
2007-09-28 14:26 85056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wcmgmsms.dll.vir
2007-09-28 15:53 693559 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\smsmgmcw.ini.vir
2007-09-28 21:22 85056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\qnvlcaed.dll.vir
2007-09-28 21:26 693472 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\deaclvnq.ini.vir
2007-09-28 22:45 85056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ygrnewty.dll.vir
2007-09-29 00:02 85056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\gnyqsvvt.dll.vir
2007-09-29 00:08 694321 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tvvsqyng.ini.vir
2007-09-29 09:08 84032 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ptqesivk.dll.vir
2007-09-29 10:15 693679 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\kviseqtp.ini.vir
2007-09-29 10:19 84032 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\noarvcdj.dll.vir
2007-09-29 17:15 693551 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\jdcvraon.ini.vir
2007-10-01 14:13 87104 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\kbjdhwxy.dll.vir
2007-10-01 14:52 693679 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\yxwhdjbk.ini.vir
2007-10-01 15:46 87104 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\jdrydksm.dll.vir
2007-10-01 18:01 693439 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mskdyrdj.ini.vir
2007-10-01 21:29 87104 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tjytcufe.dll.vir
2007-10-01 21:56 693439 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\efuctyjt.ini.vir
2007-10-02 10:35 85056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ndbteiey.dll.vir
2007-10-02 17:36 693559 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\yeietbdn.ini.vir
2007-10-02 17:45 77376 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vdtyebda.dll.vir
2007-10-03 11:15 693661 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wpwcjhqi.ini.vir
2007-10-03 11:15 86080 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\iqhjcwpw.dll.vir
2007-10-03 18:08 86080 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vvxncqav.dll.vir
2007-10-03 18:36 693439 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vaqcnxvv.ini.vir
2007-10-03 18:41 693421 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ggghekha.ini.vir
2007-10-03 18:41 86080 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ahkehggg.dll.vir
2007-10-04 07:14 85056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\sebyecen.dll.vir
2007-10-04 09:48 693712 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\neceybes.ini.vir
2007-10-04 15:15 693661 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wtpfvbfs.ini.vir
2007-10-04 15:15 85056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\sfbvfptw.dll.vir
2007-10-04 15:49 85056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\idbnxeii.dll.vir
2007-10-04 18:47 693533 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\iiexnbdi.ini.vir
2007-10-05 13:41 693661 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\rofsvidi.ini.vir
2007-10-05 13:41 87104 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\idivsfor.dll.vir
2007-10-05 14:03 693421 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\axahoupq.ini.vir
2007-10-05 14:03 87104 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\qpuohaxa.dll.vir
2007-10-05 14:19 87104 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\bguwgxou.dll.vir
2007-10-05 22:01 693439 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\uoxgwugb.ini.vir
2007-10-05 22:07 87104 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\cnitlomn.dll.vir
2007-10-05 22:39 693533 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\nmoltinc.ini.vir
2007-10-05 22:45 87104 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\trtudjbr.dll.vir
2007-10-05 23:40 76352 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wbkouleb.dll.vir
2007-10-05 23:46 87104 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\caqtnwcn.dll.vir
2007-10-06 00:14 693421 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\rmtjoxqp.ini.vir
2007-10-06 00:14 87104 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\pqxojtmr.dll.vir
2007-10-06 23:45 693421 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ibdjthlr.ini.vir
2007-10-06 23:45 85056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\rlhtjdbi.dll.vir
2007-10-06 23:47 77376 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\xxavppew.dll.vir
2007-10-07 01:05 693421 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\yrdcnqsv.ini.vir
2007-10-07 01:05 85056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vsqncdry.dll.vir
2007-10-07 09:19 86080 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\qgarcqov.dll.vir
2007-10-07 09:20 693661 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\voqcragq.ini.vir
2007-10-07 16:49 86080 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\nuoeuqqn.dll.vir
2007-10-07 16:52 693670 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\nqqueoun.ini.vir
2007-10-08 15:02 693781 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\njwkhwrg.ini.vir
2007-10-08 15:02 85056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\grwhkwjn.dll.vir
2007-10-08 15:21 85056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\xhypuvvv.dll.vir
2007-10-08 15:34 693533 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vvvupyhx.ini.vir
2007-10-08 19:17 555033 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tttss.bak2.vir
2007-10-08 19:20 4174 --a------ C:\Qoobox\Quarantine\C\WINDOWS\cookies.ini.vir
2007-10-08 19:20 693721 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\upahmshn.ini.vir
2007-10-08 19:20 83520 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\nhsmhapu.dll.vir
2007-10-08 20:17 560 --a------ C:\Qoobox\Quarantine\catchme.log
2007-10-08 20:17 820511 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tttss.ini2.vir
2007-10-08 20:17 845026 --a------ C:\Qoobox\Quarantine\catchme2007-10-08_201911.50.zip
2007-10-08 20:18 1218 --a------ C:\Qoobox\Quarantine\C\check_LSA7.txt.vir
Structure du dossier
Le num‚ro de s‚rie du volume est 78E3-F613
C:\QOOBOX\QUARANTINE
| catchme.log
| catchme2007-10-08_201911.50.zip
|
+---C
| | check_LSA7.txt.vir
| |
| \---WINDOWS
| | cookies.ini.vir
| |
| \---system32
| ahkehggg.dll.vir
| axahoupq.ini.vir
| bguwgxou.dll.vir
| caqtnwcn.dll.vir
| cnitlomn.dll.vir
| deaclvnq.ini.vir
| dyumnrae.dll.vir
| earnmuyd.ini.vir
| efuctyjt.ini.vir
| eoywjqot.dll.vir
| etcyrlgx.dll.vir
| ggghekha.ini.vir
| gnyqsvvt.dll.vir
| grwhkwjn.dll.vir
| ibdjthlr.ini.vir
| idbnxeii.dll.vir
| idivsfor.dll.vir
| iiexnbdi.ini.vir
| iqhjcwpw.dll.vir
| jdcvraon.ini.vir
| jdrydksm.dll.vir
| kbjdhwxy.dll.vir
| kviseqtp.ini.vir
| lkfyteop.dll.vir
| mmkdyepr.ini.vir
| mskdyrdj.ini.vir
| ndbteiey.dll.vir
| neceybes.ini.vir
| nhsmhapu.dll.vir
| njwkhwrg.ini.vir
| nmoltinc.ini.vir
| noarvcdj.dll.vir
| nqqueoun.ini.vir
| nuoeuqqn.dll.vir
| poetyfkl.ini.vir
| pqxojtmr.dll.vir
| ptqesivk.dll.vir
| qgarcqov.dll.vir
| qmswqtvt.dll.vir
| qnvlcaed.dll.vir
| qpuohaxa.dll.vir
| rlhtjdbi.dll.vir
| rmtjoxqp.ini.vir
| rofsvidi.ini.vir
| rpeydkmm.dll.vir
| sebyecen.dll.vir
| sfbvfptw.dll.vir
| smsmgmcw.ini.vir
| ssttt.dll.vir
| tjytcufe.dll.vir
| tnbvtwew.dll.vir
| toqjwyoe.ini.vir
| trtudjbr.dll.vir
| tttss.bak1.vir
| tttss.bak2.vir
| tttss.ini.vir
| tttss.ini2.vir
| tttss.tmp.vir
| tvtqwsmq.ini.vir
| tvvsqyng.ini.vir
| uoxgwugb.ini.vir
| upahmshn.ini.vir
| vaqcnxvv.ini.vir
| vdtyebda.dll.vir
| voqcragq.ini.vir
| vsqncdry.dll.vir
| vvvupyhx.ini.vir
| vvxncqav.dll.vir
| wbkouleb.dll.vir
| wcmgmsms.dll.vir
| wewtvbnt.ini.vir
| wpwcjhqi.ini.vir
| wtpfvbfs.ini.vir
| xglrycte.ini.vir
| xhypuvvv.dll.vir
| xxavppew.dll.vir
| yeietbdn.ini.vir
| ygrnewty.dll.vir
| yrdcnqsv.ini.vir
| yxwhdjbk.ini.vir
|
\---Registry_backups
[/code]
Bonsoir,
Script Combofix
- Ouvre le bloc-note et colles-y les lignes écrites en citation ci-dessous :
File::
C:\WINDOWS\system32\ssttt.dll
C:\WINDOWS\system32\yayayvw.dll.vir
Folder::
C:\VundoFix Backups
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssttt.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchIndexer"=-
- Enregistre-le sous CFScript.txt, sur le bureau
- Comme sur l'image présentée ici, fais glisser CFScript.txt dans Combofix.exe
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
- Poste le résultat et un nouveau rapport HijackThis !
Script Combofix
- Ouvre le bloc-note et colles-y les lignes écrites en citation ci-dessous :
File::
C:\WINDOWS\system32\ssttt.dll
C:\WINDOWS\system32\yayayvw.dll.vir
Folder::
C:\VundoFix Backups
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssttt.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchIndexer"=-
- Enregistre-le sous CFScript.txt, sur le bureau
- Comme sur l'image présentée ici, fais glisser CFScript.txt dans Combofix.exe
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
- Poste le résultat et un nouveau rapport HijackThis !
ComboFix 07-10-07.2 - ivana 2007-10-08 23:58:51.2 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.557 [GMT 2:00]
Running from: C:\Documents and Settings\ivana\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\ivana\Bureau\CFScript.txt
* Created a new restore point
FILE::
C:\WINDOWS\system32\ssttt.dll
C:\WINDOWS\system32\yayayvw.dll.vir
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\yayayvw.dll.vir
.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-08 to 2007-10-08 ))))))))))))))))))))))))))))))))))))
.
2007-10-08 20:14 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-07 19:09 <REP> d-------- C:\Program Files\iPod
2007-10-07 19:08 30,336 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2007-10-06 17:59 19 --a------ C:\WINDOWS\popcinfo.dat
2007-10-06 17:36 <REP> d-------- C:\Documents and Settings\ivana\Application Data\Zylom
2007-10-06 17:35 <REP> d-------- C:\Program Files\Zylom Games
2007-10-05 23:10 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2007-10-05 23:10 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2007-10-05 23:10 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2007-10-05 23:10 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2007-10-05 23:10 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-10-05 23:10 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2007-10-05 23:10 <REP> d--h----- C:\Documents and Settings\Administrateur\Application Data\Gtek
2007-10-05 23:10 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2007-10-05 23:10 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ATI
2007-10-05 22:41 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2007-10-05 21:29 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-05 21:02 <REP> d-------- C:\Program Files\Yahoo!
2007-10-05 21:02 <REP> d-------- C:\Program Files\CCleaner
2007-09-28 22:45 502,208 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-09-28 22:45 270,336 --a------ C:\WINDOWS\system32\imon.dll
2007-09-26 17:50 <REP> d-------- C:\WINDOWS\ERUNT
2007-09-24 18:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-09-24 18:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-09-24 15:16 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-09-23 19:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-09-23 17:05 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-09-23 17:05 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2007-09-23 17:05 <REP> d-------- C:\WINDOWS\AU_Backup
2007-09-23 17:04 <REP> d-------- C:\WINDOWS\AU_Temp
2007-09-23 17:02 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-09-23 17:02 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-09-23 17:02 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-09-23 17:02 <REP> d-------- C:\WINDOWS\AU_Log
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-07 19:12 --------- d-------- C:\Program Files\Apple Software Update
2007-10-07 19:10 --------- d-------- C:\Program Files\iTunes
2007-10-07 13:08 --------- d-------- C:\Program Files\Google
2007-10-07 13:08 --------- d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-09-27 18:05 --------- d-------- C:\Program Files\PokerChamps
2007-09-27 18:01 --------- d-------- C:\Program Files\IKEA HomePlanner
2007-09-22 14:14 --------- d-------- C:\Program Files\eMule
2007-08-24 23:48 --------- d-------- C:\Program Files\QuickTime
2007-08-24 23:47 --------- d-------- C:\Program Files\Fichiers communs\Apple
2007-08-24 23:47 --------- d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-08-16 21:14 --------- d-------- C:\Program Files\MSXML 4.0
1995-09-20 15:16 456976 --a------ C:\Program Files\Fichiers communs\dao3032.dll
--------- C:\Program Files\Hijackthis Version Française
2007-06-09 13:13:41 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
2007-02-16 19:56:23 168 --sh--r C:\WINDOWS\system32\A95D9052E3.sys
2007-02-16 19:56:34 7,670 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 09:15]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 19:41]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 07:20]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 18:50]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 18:50]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 17:00 C:\WINDOWS\stsystra.exe]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 17:57]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-12 17:59]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-09-28 22:44]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-07 13:08]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Dell Network Assistant.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Dell Network Assistant.lnk
backup=C:\WINDOWS\pss\Dell Network Assistant.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eCarteBleue-CLEO]
"C:\Program Files\e-Carte Bleue\LCL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe" /dontopenmycards
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]
"C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
"C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt.sys
R2 wsppkt;Wireless Security Protocol;C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-07 17:05:45 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-09 00:01:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-09 0:02:31 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-09 00:02
.
--- E O F ---
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.557 [GMT 2:00]
Running from: C:\Documents and Settings\ivana\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\ivana\Bureau\CFScript.txt
* Created a new restore point
FILE::
C:\WINDOWS\system32\ssttt.dll
C:\WINDOWS\system32\yayayvw.dll.vir
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\yayayvw.dll.vir
.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-08 to 2007-10-08 ))))))))))))))))))))))))))))))))))))
.
2007-10-08 20:14 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-07 19:09 <REP> d-------- C:\Program Files\iPod
2007-10-07 19:08 30,336 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2007-10-06 17:59 19 --a------ C:\WINDOWS\popcinfo.dat
2007-10-06 17:36 <REP> d-------- C:\Documents and Settings\ivana\Application Data\Zylom
2007-10-06 17:35 <REP> d-------- C:\Program Files\Zylom Games
2007-10-05 23:10 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2007-10-05 23:10 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2007-10-05 23:10 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2007-10-05 23:10 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2007-10-05 23:10 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-10-05 23:10 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2007-10-05 23:10 <REP> d--h----- C:\Documents and Settings\Administrateur\Application Data\Gtek
2007-10-05 23:10 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2007-10-05 23:10 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ATI
2007-10-05 22:41 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2007-10-05 21:29 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-05 21:02 <REP> d-------- C:\Program Files\Yahoo!
2007-10-05 21:02 <REP> d-------- C:\Program Files\CCleaner
2007-09-28 22:45 502,208 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-09-28 22:45 270,336 --a------ C:\WINDOWS\system32\imon.dll
2007-09-26 17:50 <REP> d-------- C:\WINDOWS\ERUNT
2007-09-24 18:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-09-24 18:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-09-24 15:16 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-09-23 19:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-09-23 17:05 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-09-23 17:05 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2007-09-23 17:05 <REP> d-------- C:\WINDOWS\AU_Backup
2007-09-23 17:04 <REP> d-------- C:\WINDOWS\AU_Temp
2007-09-23 17:02 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-09-23 17:02 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-09-23 17:02 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-09-23 17:02 <REP> d-------- C:\WINDOWS\AU_Log
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-07 19:12 --------- d-------- C:\Program Files\Apple Software Update
2007-10-07 19:10 --------- d-------- C:\Program Files\iTunes
2007-10-07 13:08 --------- d-------- C:\Program Files\Google
2007-10-07 13:08 --------- d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-09-27 18:05 --------- d-------- C:\Program Files\PokerChamps
2007-09-27 18:01 --------- d-------- C:\Program Files\IKEA HomePlanner
2007-09-22 14:14 --------- d-------- C:\Program Files\eMule
2007-08-24 23:48 --------- d-------- C:\Program Files\QuickTime
2007-08-24 23:47 --------- d-------- C:\Program Files\Fichiers communs\Apple
2007-08-24 23:47 --------- d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-08-16 21:14 --------- d-------- C:\Program Files\MSXML 4.0
1995-09-20 15:16 456976 --a------ C:\Program Files\Fichiers communs\dao3032.dll
--------- C:\Program Files\Hijackthis Version Française
2007-06-09 13:13:41 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
2007-02-16 19:56:23 168 --sh--r C:\WINDOWS\system32\A95D9052E3.sys
2007-02-16 19:56:34 7,670 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 09:15]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 19:41]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 07:20]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 18:50]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 18:50]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 17:00 C:\WINDOWS\stsystra.exe]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 17:57]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-12 17:59]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-09-28 22:44]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-07 13:08]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Dell Network Assistant.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Dell Network Assistant.lnk
backup=C:\WINDOWS\pss\Dell Network Assistant.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eCarteBleue-CLEO]
"C:\Program Files\e-Carte Bleue\LCL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe" /dontopenmycards
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]
"C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
"C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt.sys
R2 wsppkt;Wireless Security Protocol;C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-07 17:05:45 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-09 00:01:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-09 0:02:31 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-09 00:02
.
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 00:04:31, on 09/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=6061228
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ECarteBleueBrowserHelper Class - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5308E02B-4ABA-48E4-AA9E-8A7693661473} (GameCtl Class) - http://jeuxenligne.orange.fr/GisActiveX/Ax/GameAx.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.servicesalacarte.orange.fr/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C9E17F58-564C-41C6-989F-AB0FE0D2C9D1} (PopcapLoader Object) - http://jeuxenligne.orange.fr/orange2.0/OnlineHSS/insaniquarium/Popcap.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
Scan saved at 00:04:31, on 09/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=6061228
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ECarteBleueBrowserHelper Class - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5308E02B-4ABA-48E4-AA9E-8A7693661473} (GameCtl Class) - http://jeuxenligne.orange.fr/GisActiveX/Ax/GameAx.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.servicesalacarte.orange.fr/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C9E17F58-564C-41C6-989F-AB0FE0D2C9D1} (PopcapLoader Object) - http://jeuxenligne.orange.fr/orange2.0/OnlineHSS/insaniquarium/Popcap.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
Je pense que oui tout va bien je n ai plus aucun probleme je te remercie beaucoup sans toi je n y serai jamais arriver merci encore une fois NARDINO.Juste une question les programmes que tu m a fait telecharger je dois en garder certain ou tous les effacé?
Bonsoir,
Super.
Tu cliques sur OtMoveIt et puis sur le bouton CleanUp.
Puis dans le popup [b]Cleanup list download successful. Begin cleanup process ?[/b], accepte par [b]Yes[/b]
Il va supprimer tout ce qu'il est inutile de conserver et même s'auto-détruire, c'est pas beau çà !
Tu redémarres et voilà.
Pour finir, je te conseille l'installation d'un pare-feu:
http://www.personalfirewall.comodo.com/
Comodo™ Firewall
Et puis la navigation avec Firefox et deux trois extensions:
http://www.mozilla-europe.org/fr/products/firefox/
Mozilla Firefox 2.0
https://addons.mozilla.org/fr/firefox/addon/2497
CookieSafe
https://www.hugedomains.com/domain_profile.cfm?d=geckozone&e=org
NoScript
https://www.hugedomains.com/domain_profile.cfm?d=geckozone&e=org
Adblock
Super.
Tu cliques sur OtMoveIt et puis sur le bouton CleanUp.
Puis dans le popup [b]Cleanup list download successful. Begin cleanup process ?[/b], accepte par [b]Yes[/b]
Il va supprimer tout ce qu'il est inutile de conserver et même s'auto-détruire, c'est pas beau çà !
Tu redémarres et voilà.
Pour finir, je te conseille l'installation d'un pare-feu:
http://www.personalfirewall.comodo.com/
Comodo™ Firewall
Et puis la navigation avec Firefox et deux trois extensions:
http://www.mozilla-europe.org/fr/products/firefox/
Mozilla Firefox 2.0
https://addons.mozilla.org/fr/firefox/addon/2497
CookieSafe
https://www.hugedomains.com/domain_profile.cfm?d=geckozone&e=org
NoScript
https://www.hugedomains.com/domain_profile.cfm?d=geckozone&e=org
Adblock
ok c fait mais il me reste pas mal de programme comme vundofix fixvundo ccleaner avg antispyware hijack combofix j en fait quoi?
Bonjour.
Si tu as bien supprimer OtMoveIt, il doit aussi avoir effacé, VundoFix et Combofix.
Si ce n'est pas le cas fais-le manuellement.
Tu peux conserver AVGAS, Hijackthis et CCleaner.
Un petit nettoyage par semaine avec ce dernier n'est pas inutile.
Tu peux aussi mettre à jour ta version de Adobe Reader:
-Acrobat Reader 8.1.:
https://get2.adobe.com/reader/otherversions/
Décocher Téléchargez également :Adobe Photoshop® Album Édition
Dans Ajout/Suppression des programmes tu supprimes toutes les autres versions.
Si tu as bien supprimer OtMoveIt, il doit aussi avoir effacé, VundoFix et Combofix.
Si ce n'est pas le cas fais-le manuellement.
Tu peux conserver AVGAS, Hijackthis et CCleaner.
Un petit nettoyage par semaine avec ce dernier n'est pas inutile.
Tu peux aussi mettre à jour ta version de Adobe Reader:
-Acrobat Reader 8.1.:
https://get2.adobe.com/reader/otherversions/
Décocher Téléchargez également :Adobe Photoshop® Album Édition
Dans Ajout/Suppression des programmes tu supprimes toutes les autres versions.