Probleme de virus
Morice
-
nardino Messages postés 1634 Statut Membre -
nardino Messages postés 1634 Statut Membre -
Bonjour,
Salut a tous voila j'ai un petit probleme de trojan je crois, NOD32 le détecte mais ne peut rien faire... embétant pour un anti-virus...
Donc voila mon scan :
Logfile of HijackThis v1.99.1
Scan saved at 21:48:58, on 05/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Fichiers communs\TerraTec\Remote\TTTvRc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Programme files\eMule\Incoming\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TerraTec Remote Control] "C:\Program Files\Fichiers communs\TerraTec\Remote\TTTvRc.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\gwlcollq.dll",sitypnow
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TrayMin300.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
merci d'avance ciao
Salut a tous voila j'ai un petit probleme de trojan je crois, NOD32 le détecte mais ne peut rien faire... embétant pour un anti-virus...
Donc voila mon scan :
Logfile of HijackThis v1.99.1
Scan saved at 21:48:58, on 05/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Fichiers communs\TerraTec\Remote\TTTvRc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Programme files\eMule\Incoming\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TerraTec Remote Control] "C:\Program Files\Fichiers communs\TerraTec\Remote\TTTvRc.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\gwlcollq.dll",sitypnow
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TrayMin300.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
merci d'avance ciao
A voir également:
- Probleme de virus
- Virus mcafee - Accueil - Piratage
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
- Ordinateur bloqué virus - Accueil - Arnaque
29 réponses
Bonsoir.
Télécharge Combofix de sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Ferme toutes les fenêtres
- Double-clique sur combofix.exe (ne clique pas sur la fenêtre qui s'ouvre)
- Appuie sur Y pour lancer le scan
- A la fin du scan (cela peut prendre du temps), un rapport sera créé.
- Poste ce rapport dans ton prochain message.
Télécharge Combofix de sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Ferme toutes les fenêtres
- Double-clique sur combofix.exe (ne clique pas sur la fenêtre qui s'ouvre)
- Appuie sur Y pour lancer le scan
- A la fin du scan (cela peut prendre du temps), un rapport sera créé.
- Poste ce rapport dans ton prochain message.
Bonjour,
Voila le rapport combofix:
ComboFix 07-10-12.4 - Propri‚taire 2007-10-15 18:35:00.2 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.630 [GMT 2:00]
Running from: C:\Documents and Settings\Propri‚taire\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Hammer.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ddcyw.dll
C:\WINDOWS\system32\ixbhyoew.ini
C:\WINDOWS\system32\stbwfeqa.dll
C:\WINDOWS\system32\weoyhbxi.dll
C:\WINDOWS\system32\wycdd.bak1
C:\WINDOWS\system32\wycdd.bak1
C:\WINDOWS\system32\wycdd.bak1
C:\WINDOWS\system32\wycdd.bak2
C:\WINDOWS\system32\wycdd.bak2
C:\WINDOWS\system32\wycdd.bak2
C:\WINDOWS\system32\wycdd.ini
C:\WINDOWS\system32\wycdd.ini
C:\WINDOWS\system32\wycdd.ini
C:\WINDOWS\system32\wycdd.ini2
C:\WINDOWS\system32\wycdd.ini2
C:\WINDOWS\system32\wycdd.ini2
C:\WINDOWS\system32\wycdd.tmp
C:\WINDOWS\system32\wycdd.tmp
C:\WINDOWS\system32\wycdd.tmp
.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-15 to 2007-10-15 ))))))))))))))))))))))))))))))))))))
.
2007-10-15 18:33 389,184 --a------ C:\WINDOWS\system32\wbhemuqc.exe
2007-10-15 18:33 339,968 --a------ C:\WINDOWS\system32\vyxuysjj.dll
2007-10-15 18:31 <REP> C:\Documents and Settings\Propriétaire\Recent
2007-10-15 18:12 389,184 --a------ C:\WINDOWS\system32\bgutlvyo.exe
2007-10-15 18:12 339,968 --a------ C:\WINDOWS\system32\eekjnqkl.dll
2007-10-15 14:04 339,968 --a------ C:\WINDOWS\system32\vifymdtb.dll
2007-10-15 14:03 389,184 --a------ C:\WINDOWS\system32\iffynifo.exe
2007-10-15 13:00 389,184 --a------ C:\WINDOWS\system32\xtqhsutt.exe
2007-10-15 13:00 339,968 --a------ C:\WINDOWS\system32\albnojrb.dll
2007-10-14 20:37 339,968 --a------ C:\WINDOWS\system32\xgaszoll.dll
2007-10-14 20:36 389,184 --a------ C:\WINDOWS\system32\qlrbgpbc.exe
2007-10-14 20:33 339,968 --a------ C:\WINDOWS\system32\iefizlmy.dll
2007-10-14 20:32 389,184 --a------ C:\WINDOWS\system32\psrbymnw.exe
2007-10-14 19:35 <REP> d--h----- C:\Documents and Settings\Administrateur.PROPRI-2C8F1C50\Voisinage r‚seau
2007-10-14 19:35 <REP> d--h----- C:\Documents and Settings\Administrateur.PROPRI-2C8F1C50\Voisinage d'impression
2007-10-14 19:35 <REP> d--h----- C:\Documents and Settings\Administrateur.PROPRI-2C8F1C50\ModŠles
2007-10-14 19:35 <REP> d-------- C:\Documents and Settings\Administrateur.PROPRI-2C8F1C50\Mes documents
2007-10-14 19:35 <REP> dr------- C:\Documents and Settings\Administrateur.PROPRI-2C8F1C50\Menu D‚marrer
2007-10-14 19:35 <REP> d-------- C:\Documents and Settings\Administrateur.PROPRI-2C8F1C50\Favoris
2007-10-14 19:35 <REP> d-------- C:\Documents and Settings\Administrateur.PROPRI-2C8F1C50\Bureau
2007-10-14 19:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-10-14 19:23 389,184 --a------ C:\WINDOWS\system32\vapywwpm.exe
2007-10-14 19:00 <REP> d-------- C:\VundoFix Backups
2007-10-14 18:56 2,556 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-14 18:55 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-14 18:55 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-14 18:55 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-14 18:55 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-14 18:55 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-13 19:03 389,184 --a------ C:\WINDOWS\system32\rwbxgdba.exe
2007-10-13 19:03 339,968 --a------ C:\WINDOWS\system32\sgaunhwh.dll.vir
2007-10-10 18:49 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-06 18:49 <REP> d-------- C:\Program Files\Trend Micro
2007-10-04 20:18 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-10-04 20:18 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-10-04 20:18 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-10-04 20:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-09-27 12:37 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-26 20:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-09-25 22:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-09-19 17:55 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-09-19 17:55 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-09-19 17:55 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-09-19 17:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-09-17 20:53 <REP> d--h----- C:\WINDOWS\PIF
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-15 16:38 7,340,032 ----a-w C:\Documents and Settings\Propriétaire\ntuser.dat
2007-10-07 11:05 --------- d-----w C:\Program Files\Virtual Skipper 4
2007-10-07 10:41 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-06 17:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-06 17:00 --------- d-----w C:\Program Files\Java
2007-10-05 17:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-25 20:22 --------- d-----w C:\Program Files\pouchinTv
2007-09-13 15:46 --------- d-----w C:\Program Files\Gamenext
2007-09-13 15:46 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media
2007-09-13 06:38 --------- d-----w C:\Program Files\MSN Messenger
2007-09-11 17:14 --------- d-----w C:\Program Files\Azureus
2007-08-22 10:22 --------- d-----w C:\Program Files\K!TV
2007-08-21 19:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2007-08-21 16:25 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-20 15:26 --------- d-----w C:\Program Files\Fichiers communs\Apple
2007-08-20 15:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-08-20 15:21 --------- d-----w C:\Program Files\QuickTime
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 17:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2006-10-27 17:27:59 182,816 --sha-w C:\WINDOWS\fidbox.dat
2006-01-22 03:38:05 185,649 --sha-r C:\WINDOWS\system32\patcher.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-10-15 18:33 339968 --a------ C:\WINDOWS\system32\vyxuysjj.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\vyxuysjj.dll [2007-10-15 18:33 339968]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\vyxuysjj.dll [2007-10-15 18:33 339968]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 11:22]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 11:22 C:\WINDOWS\system32\nvmctray.dll]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"TerraTec Remote Control"="C:\Program Files\Fichiers communs\TerraTec\Remote\TTTvRc.exe" [2006-08-25 08:53]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-06-09 16:37]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-10-01 20:33]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-10-04 20:17]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vyxuysjj]
vyxuysjj.dll 2007-10-15 18:33 339968 C:\WINDOWS\system32\vyxuysjj.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbjt32]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddcyw.dll
R3 3xHybrid;TerraTec BDA capture service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
S3 DSDrv4;DSDrv4;\??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys
S3 USB28xxBGA;Pinnacle PCTV DVB-T USB Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-09-24 15:18:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-15 18:40:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-15 18:41:30 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-10 18:56
C:\ComboFix2.txt ... 2007-10-10 18:56
.
--- E O F ---
Voila le rapport combofix:
ComboFix 07-10-12.4 - Propri‚taire 2007-10-15 18:35:00.2 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.630 [GMT 2:00]
Running from: C:\Documents and Settings\Propri‚taire\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Hammer.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ddcyw.dll
C:\WINDOWS\system32\ixbhyoew.ini
C:\WINDOWS\system32\stbwfeqa.dll
C:\WINDOWS\system32\weoyhbxi.dll
C:\WINDOWS\system32\wycdd.bak1
C:\WINDOWS\system32\wycdd.bak1
C:\WINDOWS\system32\wycdd.bak1
C:\WINDOWS\system32\wycdd.bak2
C:\WINDOWS\system32\wycdd.bak2
C:\WINDOWS\system32\wycdd.bak2
C:\WINDOWS\system32\wycdd.ini
C:\WINDOWS\system32\wycdd.ini
C:\WINDOWS\system32\wycdd.ini
C:\WINDOWS\system32\wycdd.ini2
C:\WINDOWS\system32\wycdd.ini2
C:\WINDOWS\system32\wycdd.ini2
C:\WINDOWS\system32\wycdd.tmp
C:\WINDOWS\system32\wycdd.tmp
C:\WINDOWS\system32\wycdd.tmp
.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-15 to 2007-10-15 ))))))))))))))))))))))))))))))))))))
.
2007-10-15 18:33 389,184 --a------ C:\WINDOWS\system32\wbhemuqc.exe
2007-10-15 18:33 339,968 --a------ C:\WINDOWS\system32\vyxuysjj.dll
2007-10-15 18:31 <REP> C:\Documents and Settings\Propriétaire\Recent
2007-10-15 18:12 389,184 --a------ C:\WINDOWS\system32\bgutlvyo.exe
2007-10-15 18:12 339,968 --a------ C:\WINDOWS\system32\eekjnqkl.dll
2007-10-15 14:04 339,968 --a------ C:\WINDOWS\system32\vifymdtb.dll
2007-10-15 14:03 389,184 --a------ C:\WINDOWS\system32\iffynifo.exe
2007-10-15 13:00 389,184 --a------ C:\WINDOWS\system32\xtqhsutt.exe
2007-10-15 13:00 339,968 --a------ C:\WINDOWS\system32\albnojrb.dll
2007-10-14 20:37 339,968 --a------ C:\WINDOWS\system32\xgaszoll.dll
2007-10-14 20:36 389,184 --a------ C:\WINDOWS\system32\qlrbgpbc.exe
2007-10-14 20:33 339,968 --a------ C:\WINDOWS\system32\iefizlmy.dll
2007-10-14 20:32 389,184 --a------ C:\WINDOWS\system32\psrbymnw.exe
2007-10-14 19:35 <REP> d--h----- C:\Documents and Settings\Administrateur.PROPRI-2C8F1C50\Voisinage r‚seau
2007-10-14 19:35 <REP> d--h----- C:\Documents and Settings\Administrateur.PROPRI-2C8F1C50\Voisinage d'impression
2007-10-14 19:35 <REP> d--h----- C:\Documents and Settings\Administrateur.PROPRI-2C8F1C50\ModŠles
2007-10-14 19:35 <REP> d-------- C:\Documents and Settings\Administrateur.PROPRI-2C8F1C50\Mes documents
2007-10-14 19:35 <REP> dr------- C:\Documents and Settings\Administrateur.PROPRI-2C8F1C50\Menu D‚marrer
2007-10-14 19:35 <REP> d-------- C:\Documents and Settings\Administrateur.PROPRI-2C8F1C50\Favoris
2007-10-14 19:35 <REP> d-------- C:\Documents and Settings\Administrateur.PROPRI-2C8F1C50\Bureau
2007-10-14 19:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-10-14 19:23 389,184 --a------ C:\WINDOWS\system32\vapywwpm.exe
2007-10-14 19:00 <REP> d-------- C:\VundoFix Backups
2007-10-14 18:56 2,556 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-14 18:55 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-14 18:55 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-14 18:55 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-14 18:55 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-14 18:55 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-13 19:03 389,184 --a------ C:\WINDOWS\system32\rwbxgdba.exe
2007-10-13 19:03 339,968 --a------ C:\WINDOWS\system32\sgaunhwh.dll.vir
2007-10-10 18:49 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-06 18:49 <REP> d-------- C:\Program Files\Trend Micro
2007-10-04 20:18 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-10-04 20:18 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-10-04 20:18 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-10-04 20:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-09-27 12:37 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-26 20:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-09-25 22:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-09-19 17:55 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-09-19 17:55 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-09-19 17:55 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-09-19 17:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-09-17 20:53 <REP> d--h----- C:\WINDOWS\PIF
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-15 16:38 7,340,032 ----a-w C:\Documents and Settings\Propriétaire\ntuser.dat
2007-10-07 11:05 --------- d-----w C:\Program Files\Virtual Skipper 4
2007-10-07 10:41 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-06 17:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-06 17:00 --------- d-----w C:\Program Files\Java
2007-10-05 17:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-25 20:22 --------- d-----w C:\Program Files\pouchinTv
2007-09-13 15:46 --------- d-----w C:\Program Files\Gamenext
2007-09-13 15:46 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media
2007-09-13 06:38 --------- d-----w C:\Program Files\MSN Messenger
2007-09-11 17:14 --------- d-----w C:\Program Files\Azureus
2007-08-22 10:22 --------- d-----w C:\Program Files\K!TV
2007-08-21 19:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2007-08-21 16:25 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-20 15:26 --------- d-----w C:\Program Files\Fichiers communs\Apple
2007-08-20 15:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-08-20 15:21 --------- d-----w C:\Program Files\QuickTime
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 17:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2006-10-27 17:27:59 182,816 --sha-w C:\WINDOWS\fidbox.dat
2006-01-22 03:38:05 185,649 --sha-r C:\WINDOWS\system32\patcher.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-10-15 18:33 339968 --a------ C:\WINDOWS\system32\vyxuysjj.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\vyxuysjj.dll [2007-10-15 18:33 339968]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\vyxuysjj.dll [2007-10-15 18:33 339968]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 11:22]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 11:22 C:\WINDOWS\system32\nvmctray.dll]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"TerraTec Remote Control"="C:\Program Files\Fichiers communs\TerraTec\Remote\TTTvRc.exe" [2006-08-25 08:53]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-06-09 16:37]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-10-01 20:33]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-10-04 20:17]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vyxuysjj]
vyxuysjj.dll 2007-10-15 18:33 339968 C:\WINDOWS\system32\vyxuysjj.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbjt32]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddcyw.dll
R3 3xHybrid;TerraTec BDA capture service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
S3 DSDrv4;DSDrv4;\??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys
S3 USB28xxBGA;Pinnacle PCTV DVB-T USB Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-09-24 15:18:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-15 18:40:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-15 18:41:30 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-10 18:56
C:\ComboFix2.txt ... 2007-10-10 18:56
.
--- E O F ---
Ca a l'air pas mal, j'ai plus de pop-up ni message d'erreur depuis plus de 10 minutes!!! trop bien :p
Tu me dira si tout est ok.
Merci bcp pour ta patience.
Ciao bonne soirée.
https://myspace.com/moriceland
Tu me dira si tout est ok.
Merci bcp pour ta patience.
Ciao bonne soirée.
https://myspace.com/moriceland
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Voici le log de hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:18:35, on 15/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Fichiers communs\TerraTec\Remote\TTTvRc.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe
C:\WINDOWS\System32\svchost.exe
E:\Programme files\eMule\emule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\vyxuysjj.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\vyxuysjj.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TerraTec Remote Control] "C:\Program Files\Fichiers communs\TerraTec\Remote\TTTvRc.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TrayMin300.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O20 - Winlogon Notify: vyxuysjj - C:\WINDOWS\SYSTEM32\vyxuysjj.dll
O20 - Winlogon Notify: winbjt32 - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:18:35, on 15/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Fichiers communs\TerraTec\Remote\TTTvRc.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe
C:\WINDOWS\System32\svchost.exe
E:\Programme files\eMule\emule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\vyxuysjj.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\vyxuysjj.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TerraTec Remote Control] "C:\Program Files\Fichiers communs\TerraTec\Remote\TTTvRc.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TrayMin300.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O20 - Winlogon Notify: vyxuysjj - C:\WINDOWS\SYSTEM32\vyxuysjj.dll
O20 - Winlogon Notify: winbjt32 - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
Bonsoir
Il faut repasser VundoFix et Combofix et poster les deux rapports avec un nouveau log Hijackthis.
Il faut repasser VundoFix et Combofix et poster les deux rapports avec un nouveau log Hijackthis.
SAlut, voici le log vundofix:
VundoFix V6.5.10
Checking Java version...
Java version is 1.5.0.11
Scan started at 19:00:56 14/10/2007
Listing files found while scanning....
C:\WINDOWS\system32\amvoosxk.ini
C:\windows\system32\drvtafr.dll
C:\WINDOWS\system32\kxsoovma.dll
C:\windows\system32\ljjgeby.dll
C:\WINDOWS\system32\sgaunhwh.dll
C:\WINDOWS\system32\ufqvblnr.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\amvoosxk.ini
C:\WINDOWS\system32\amvoosxk.ini Has been deleted!
Attempting to delete C:\windows\system32\drvtafr.dll
C:\windows\system32\drvtafr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\kxsoovma.dll
C:\WINDOWS\system32\kxsoovma.dll Has been deleted!
Attempting to delete C:\windows\system32\ljjgeby.dll
C:\windows\system32\ljjgeby.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\ufqvblnr.dll
C:\WINDOWS\system32\ufqvblnr.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\windows\system32\ljjgeby.dll
C:\windows\system32\ljjgeby.dll Could not be deleted.
Performing Repairs to the registry.
Done!
VundoFix V6.5.10
Checking Java version...
Java version is 1.5.0.11
Scan started at 23:08:46 15/10/2007
Listing files found while scanning....
C:\WINDOWS\system32\vyxuysjj.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\vyxuysjj.dll
C:\WINDOWS\system32\vyxuysjj.dll Has been deleted!
Performing Repairs to the registry.
Done!
Le log Combofix:
ComboFix 07-10-12.4 - Propri‚taire 2007-10-15 23:13:24.3 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.655 [GMT 2:00]
Running from: C:\Documents and Settings\Propri‚taire\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-15 to 2007-10-15 ))))))))))))))))))))))))))))))))))))
.
2007-10-15 18:33 389,184 --a------ C:\WINDOWS\system32\wbhemuqc.exe
2007-10-15 18:31 <REP> C:\Documents and Settings\Propriétaire\Recent
2007-10-15 18:12 389,184 --a------ C:\WINDOWS\system32\bgutlvyo.exe
2007-10-15 18:12 339,968 --a------ C:\WINDOWS\system32\eekjnqkl.dll
2007-10-15 14:04 339,968 --a------ C:\WINDOWS\system32\vifymdtb.dll
2007-10-15 14:03 389,184 --a------ C:\WINDOWS\system32\iffynifo.exe
2007-10-15 13:00 389,184 --a------ C:\WINDOWS\system32\xtqhsutt.exe
2007-10-15 13:00 339,968 --a------ C:\WINDOWS\system32\albnojrb.dll
2007-10-14 20:37 339,968 --a------ C:\WINDOWS\system32\xgaszoll.dll
2007-10-14 20:36 389,184 --a------ C:\WINDOWS\system32\qlrbgpbc.exe
2007-10-14 20:33 339,968 --a------ C:\WINDOWS\system32\iefizlmy.dll
2007-10-14 20:32 389,184 --a------ C:\WINDOWS\system32\psrbymnw.exe
2007-10-14 19:35 <REP> d--h----- C:\Documents and Settings\Administrateur.PROPRI-2C8F1C50\Voisinage r‚seau
2007-10-14 19:35 <REP> d--h----- C:\Documents and Settings\Administrateur.PROPRI-2C8F1C50\Voisinage d'impression
2007-10-14 19:35 <REP> d--h----- C:\Documents and Settings\Administrateur.PROPRI-2C8F1C50\ModŠles
2007-10-14 19:35 <REP> d-------- C:\Documents and Settings\Administrateur.PROPRI-2C8F1C50\Mes documents
2007-10-14 19:35 <REP> dr------- C:\Documents and Settings\Administrateur.PROPRI-2C8F1C50\Menu D‚marrer
2007-10-14 19:35 <REP> d-------- C:\Documents and Settings\Administrateur.PROPRI-2C8F1C50\Favoris
2007-10-14 19:35 <REP> d-------- C:\Documents and Settings\Administrateur.PROPRI-2C8F1C50\Bureau
2007-10-14 19:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-10-14 19:23 389,184 --a------ C:\WINDOWS\system32\vapywwpm.exe
2007-10-14 19:00 <REP> d-------- C:\VundoFix Backups
2007-10-14 18:56 2,556 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-14 18:55 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-14 18:55 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-14 18:55 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-14 18:55 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-14 18:55 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-13 19:03 389,184 --a------ C:\WINDOWS\system32\rwbxgdba.exe
2007-10-13 19:03 339,968 --a------ C:\WINDOWS\system32\sgaunhwh.dll.vir
2007-10-10 18:49 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-06 18:49 <REP> d-------- C:\Program Files\Trend Micro
2007-10-04 20:18 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-10-04 20:18 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-10-04 20:18 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-10-04 20:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-09-27 12:37 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-26 20:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-09-25 22:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-09-19 17:55 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-09-19 17:55 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-09-19 17:55 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-09-19 17:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-09-17 20:53 <REP> d--h----- C:\WINDOWS\PIF
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-15 21:11 7,340,032 ----a-w C:\Documents and Settings\Propriétaire\ntuser.dat
2007-10-07 11:05 --------- d-----w C:\Program Files\Virtual Skipper 4
2007-10-07 10:41 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-06 17:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-06 17:00 --------- d-----w C:\Program Files\Java
2007-10-05 17:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-25 20:22 --------- d-----w C:\Program Files\pouchinTv
2007-09-13 15:46 --------- d-----w C:\Program Files\Gamenext
2007-09-13 15:46 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media
2007-09-13 06:38 --------- d-----w C:\Program Files\MSN Messenger
2007-09-11 17:14 --------- d-----w C:\Program Files\Azureus
2007-08-22 10:22 --------- d-----w C:\Program Files\K!TV
2007-08-21 19:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2007-08-21 16:25 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-20 15:26 --------- d-----w C:\Program Files\Fichiers communs\Apple
2007-08-20 15:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-08-20 15:21 --------- d-----w C:\Program Files\QuickTime
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 17:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2006-10-27 17:27:59 182,816 --sha-w C:\WINDOWS\fidbox.dat
2006-01-22 03:38:05 185,649 --sha-r C:\WINDOWS\system32\patcher.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 11:22]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 11:22 C:\WINDOWS\system32\nvmctray.dll]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"TerraTec Remote Control"="C:\Program Files\Fichiers communs\TerraTec\Remote\TTTvRc.exe" [2006-08-25 08:53]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-06-09 16:37]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-10-01 20:33]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-10-04 20:17]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbjt32]
R3 3xHybrid;TerraTec BDA capture service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
S3 DSDrv4;DSDrv4;\??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys
S3 USB28xxBGA;Pinnacle PCTV DVB-T USB Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-09-24 15:18:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-15 23:15:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-15 23:16:06
C:\ComboFix-quarantined-files.txt ... 2007-10-10 18:56
C:\ComboFix2.txt ... 2007-10-15 18:41
C:\ComboFix3.txt ... 2007-10-10 18:56
.
--- E O F ---
et enfin Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:19:23, on 15/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Fichiers communs\TerraTec\Remote\TTTvRc.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TerraTec Remote Control] "C:\Program Files\Fichiers communs\TerraTec\Remote\TTTvRc.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TrayMin300.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O20 - Winlogon Notify: winbjt32 - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
VundoFix V6.5.10
Checking Java version...
Java version is 1.5.0.11
Scan started at 19:00:56 14/10/2007
Listing files found while scanning....
C:\WINDOWS\system32\amvoosxk.ini
C:\windows\system32\drvtafr.dll
C:\WINDOWS\system32\kxsoovma.dll
C:\windows\system32\ljjgeby.dll
C:\WINDOWS\system32\sgaunhwh.dll
C:\WINDOWS\system32\ufqvblnr.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\amvoosxk.ini
C:\WINDOWS\system32\amvoosxk.ini Has been deleted!
Attempting to delete C:\windows\system32\drvtafr.dll
C:\windows\system32\drvtafr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\kxsoovma.dll
C:\WINDOWS\system32\kxsoovma.dll Has been deleted!
Attempting to delete C:\windows\system32\ljjgeby.dll
C:\windows\system32\ljjgeby.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\ufqvblnr.dll
C:\WINDOWS\system32\ufqvblnr.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\windows\system32\ljjgeby.dll
C:\windows\system32\ljjgeby.dll Could not be deleted.
Performing Repairs to the registry.
Done!
VundoFix V6.5.10
Checking Java version...
Java version is 1.5.0.11
Scan started at 23:08:46 15/10/2007
Listing files found while scanning....
C:\WINDOWS\system32\vyxuysjj.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\vyxuysjj.dll
C:\WINDOWS\system32\vyxuysjj.dll Has been deleted!
Performing Repairs to the registry.
Done!
Le log Combofix:
ComboFix 07-10-12.4 - Propri‚taire 2007-10-15 23:13:24.3 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.655 [GMT 2:00]
Running from: C:\Documents and Settings\Propri‚taire\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-15 to 2007-10-15 ))))))))))))))))))))))))))))))))))))
.
2007-10-15 18:33 389,184 --a------ C:\WINDOWS\system32\wbhemuqc.exe
2007-10-15 18:31 <REP> C:\Documents and Settings\Propriétaire\Recent
2007-10-15 18:12 389,184 --a------ C:\WINDOWS\system32\bgutlvyo.exe
2007-10-15 18:12 339,968 --a------ C:\WINDOWS\system32\eekjnqkl.dll
2007-10-15 14:04 339,968 --a------ C:\WINDOWS\system32\vifymdtb.dll
2007-10-15 14:03 389,184 --a------ C:\WINDOWS\system32\iffynifo.exe
2007-10-15 13:00 389,184 --a------ C:\WINDOWS\system32\xtqhsutt.exe
2007-10-15 13:00 339,968 --a------ C:\WINDOWS\system32\albnojrb.dll
2007-10-14 20:37 339,968 --a------ C:\WINDOWS\system32\xgaszoll.dll
2007-10-14 20:36 389,184 --a------ C:\WINDOWS\system32\qlrbgpbc.exe
2007-10-14 20:33 339,968 --a------ C:\WINDOWS\system32\iefizlmy.dll
2007-10-14 20:32 389,184 --a------ C:\WINDOWS\system32\psrbymnw.exe
2007-10-14 19:35 <REP> d--h----- C:\Documents and Settings\Administrateur.PROPRI-2C8F1C50\Voisinage r‚seau
2007-10-14 19:35 <REP> d--h----- C:\Documents and Settings\Administrateur.PROPRI-2C8F1C50\Voisinage d'impression
2007-10-14 19:35 <REP> d--h----- C:\Documents and Settings\Administrateur.PROPRI-2C8F1C50\ModŠles
2007-10-14 19:35 <REP> d-------- C:\Documents and Settings\Administrateur.PROPRI-2C8F1C50\Mes documents
2007-10-14 19:35 <REP> dr------- C:\Documents and Settings\Administrateur.PROPRI-2C8F1C50\Menu D‚marrer
2007-10-14 19:35 <REP> d-------- C:\Documents and Settings\Administrateur.PROPRI-2C8F1C50\Favoris
2007-10-14 19:35 <REP> d-------- C:\Documents and Settings\Administrateur.PROPRI-2C8F1C50\Bureau
2007-10-14 19:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-10-14 19:23 389,184 --a------ C:\WINDOWS\system32\vapywwpm.exe
2007-10-14 19:00 <REP> d-------- C:\VundoFix Backups
2007-10-14 18:56 2,556 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-14 18:55 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-14 18:55 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-14 18:55 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-14 18:55 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-14 18:55 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-13 19:03 389,184 --a------ C:\WINDOWS\system32\rwbxgdba.exe
2007-10-13 19:03 339,968 --a------ C:\WINDOWS\system32\sgaunhwh.dll.vir
2007-10-10 18:49 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-06 18:49 <REP> d-------- C:\Program Files\Trend Micro
2007-10-04 20:18 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-10-04 20:18 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-10-04 20:18 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-10-04 20:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-09-27 12:37 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-26 20:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-09-25 22:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-09-19 17:55 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-09-19 17:55 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-09-19 17:55 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-09-19 17:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-09-17 20:53 <REP> d--h----- C:\WINDOWS\PIF
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-15 21:11 7,340,032 ----a-w C:\Documents and Settings\Propriétaire\ntuser.dat
2007-10-07 11:05 --------- d-----w C:\Program Files\Virtual Skipper 4
2007-10-07 10:41 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-06 17:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-06 17:00 --------- d-----w C:\Program Files\Java
2007-10-05 17:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-25 20:22 --------- d-----w C:\Program Files\pouchinTv
2007-09-13 15:46 --------- d-----w C:\Program Files\Gamenext
2007-09-13 15:46 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media
2007-09-13 06:38 --------- d-----w C:\Program Files\MSN Messenger
2007-09-11 17:14 --------- d-----w C:\Program Files\Azureus
2007-08-22 10:22 --------- d-----w C:\Program Files\K!TV
2007-08-21 19:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2007-08-21 16:25 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-20 15:26 --------- d-----w C:\Program Files\Fichiers communs\Apple
2007-08-20 15:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-08-20 15:21 --------- d-----w C:\Program Files\QuickTime
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 17:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2006-10-27 17:27:59 182,816 --sha-w C:\WINDOWS\fidbox.dat
2006-01-22 03:38:05 185,649 --sha-r C:\WINDOWS\system32\patcher.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 11:22]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 11:22 C:\WINDOWS\system32\nvmctray.dll]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"TerraTec Remote Control"="C:\Program Files\Fichiers communs\TerraTec\Remote\TTTvRc.exe" [2006-08-25 08:53]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-06-09 16:37]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-10-01 20:33]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-10-04 20:17]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbjt32]
R3 3xHybrid;TerraTec BDA capture service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
S3 DSDrv4;DSDrv4;\??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys
S3 USB28xxBGA;Pinnacle PCTV DVB-T USB Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-09-24 15:18:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-15 23:15:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-15 23:16:06
C:\ComboFix-quarantined-files.txt ... 2007-10-10 18:56
C:\ComboFix2.txt ... 2007-10-15 18:41
C:\ComboFix3.txt ... 2007-10-10 18:56
.
--- E O F ---
et enfin Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:19:23, on 15/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Fichiers communs\TerraTec\Remote\TTTvRc.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TerraTec Remote Control] "C:\Program Files\Fichiers communs\TerraTec\Remote\TTTvRc.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TrayMin300.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O20 - Winlogon Notify: winbjt32 - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
Bonsoir,
Il ne faut pas crier victoire, mais il ne reste que ces lignes à fixer dans Hijackthis:
O20 - Winlogon Notify: winbjt32 - C:\WINDOWS\
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
Puis tu redémarre et tu postes un dernier, je l'espère, log Hijackthis.
Tu supprimes :
Combofix
C:\Combofix.txt
Vundofix
C:\Vundofix.txt
Smitfraudfix
Virtumondobegone
OtMoveIt
Pour cela tu lances Otmoveit et tu cliques sur CleanUp, puis dans le popup Cleanup list download successful. Begin cleanup process ?, accepte par Yes.
Il ne faut pas crier victoire, mais il ne reste que ces lignes à fixer dans Hijackthis:
O20 - Winlogon Notify: winbjt32 - C:\WINDOWS\
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
Puis tu redémarre et tu postes un dernier, je l'espère, log Hijackthis.
Tu supprimes :
Combofix
C:\Combofix.txt
Vundofix
C:\Vundofix.txt
Smitfraudfix
Virtumondobegone
OtMoveIt
Pour cela tu lances Otmoveit et tu cliques sur CleanUp, puis dans le popup Cleanup list download successful. Begin cleanup process ?, accepte par Yes.
Salut, j'ai fait comme tu m'as dit, et a priori ça va!!!
Voici le dernier log hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:01:57, on 16/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
Voici le dernier log hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:01:57, on 16/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
