De L'Aide S.V.P. ( trojan & virus )
Pierletop
-
gaston77 Messages postés 495 Statut Membre -
gaston77 Messages postés 495 Statut Membre -
Bonjour,
Deouis quelques temps j'ai un problème de virus ou trojan ( Security Toolbar & Fotomoto )
Je vous envoi mes copies/coller de ( HJT - VUNDO - COMBO FIX )
Merci d'avance de votre aide
Logfile of HijackThis v1.99.1
Scan saved at 12:19:40, on 2007-11-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\sofhtupt.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Moi\Mes documents\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.qc.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\ttfkuhmo.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Internet Cleaner - {45819E58-6E84-4A5D-BD65-A706981E5BE8} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Internet Cleaner - {45819E58-6E84-4A5D-BD65-A706981E5BE8} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://chat.msn.com/controls/msnchat45.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: DomainService - - C:\WINDOWS\system32\sofhtupt.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Documents and Settings\Moi\Mes documents\Spy Doctor\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Documents and Settings\Moi\Mes documents\Spy Doctor\Spyware Doctor\swdsvc.exe
VundoFix V6.5.4
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Scan started at 11:50:03 2007-11-12
Listing files found while scanning....
No infected files were found.
VundoFix V6.5.4
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Scan started at 11:52:07 2007-11-12
Listing files found while scanning....
No infected files were found.
Beginning removal...
ComboFix 07-11-08.1 - Moi 2007-11-12 11:55:54.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.147 [GMT -5:00]
Running from: C:\Documents and Settings\Moi\Mes documents\Trojan Remover\Combo Fix\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Autres\Favoris\Online Security Guide.lnk
C:\Favoris\Online Security Guide.lnk
C:\Program Files\Fichiers communs\{38C96~1
C:\Program Files\Fichiers communs\{48C96~1
C:\Program Files\Fichiers communs\{48C96~1\system.dll
C:\Program Files\Fichiers communs\{48C96~2
C:\Program Files\Fichiers communs\{48C96~2\system.dll
C:\Program Files\Fichiers communs\{48C96~3
C:\Program Files\Fichiers communs\{48C96~3\system.dll
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\History\search
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fCOe
C:\Temp\fCOe\tOasF.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\hosts
C:\WINDOWS\system32\a3
C:\WINDOWS\system32\bdeeg.bak1
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\dccdd.ini
C:\WINDOWS\system32\dccdd.ini2
C:\WINDOWS\system32\ddcyv.dll
C:\WINDOWS\system32\ddeeg.bak1
C:\WINDOWS\system32\ddeeg.ini
C:\WINDOWS\system32\ddeeg.ini2
C:\WINDOWS\system32\ddeeg.tmp
C:\WINDOWS\system32\djgelmeo.ini
C:\WINDOWS\system32\djgelmeo.ini2
C:\WINDOWS\system32\g1
C:\WINDOWS\system32\g1\caws83122.exe
C:\WINDOWS\system32\geedd.dll
C:\WINDOWS\system32\ghngiykk.dllbox
C:\WINDOWS\system32\hhkmp.bak1
C:\WINDOWS\system32\hhkmp.ini2
C:\WINDOWS\system32\hhkmp.tmp
C:\WINDOWS\system32\jkijgegm.dllbox
C:\WINDOWS\system32\klnmp.bak1
C:\WINDOWS\system32\klnmp.bak2
C:\WINDOWS\system32\klnmp.ini2
C:\WINDOWS\system32\oTt04e
C:\WINDOWS\system32\oTt04e\oTt04e1080.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qrqss.bak1
C:\WINDOWS\system32\qrqss.ini
C:\WINDOWS\system32\qtutv.bak1
C:\WINDOWS\system32\qtutv.bak2
C:\WINDOWS\system32\qtutv.ini2
C:\WINDOWS\system32\qtutv.tmp
C:\WINDOWS\system32\vxtspwjj.dllbox
C:\WINDOWS\system32\wpjemapw.dllbox
C:\WINDOWS\system32\z1
C:\WINDOWS\TTC-4444.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CLIENT_IP-IPX
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-12 to 2007-11-12 ))))))))))))))))))))))))))))))))))))
.
2007-11-12 11:53 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-12 11:50 <REP> d-------- C:\VundoFix Backups
2007-11-12 11:34 89,664 --------- C:\WINDOWS\system32\qgtjnlda.dll
2007-11-12 11:32 81,472 --a------ C:\WINDOWS\system32\wcvibfvc.dll
2007-11-12 03:11 89,664 --------- C:\WINDOWS\system32\dleefhwo.dll
2007-11-12 03:09 81,472 --a------ C:\WINDOWS\system32\ccfusygv.dll
2007-11-12 01:32 71,232 --a------ C:\WINDOWS\system32\vcsxstcn.exe
2007-11-12 01:31 71,232 --a------ C:\WINDOWS\system32\trbiwmbw.exe
2007-11-11 22:03 79,936 --a------ C:\WINDOWS\system32\yqnempbn.dll
2007-11-11 18:46 79,936 --a------ C:\WINDOWS\system32\xrvpmvgr.dll
2007-11-11 06:46 79,936 --a------ C:\WINDOWS\system32\agopldcc.dll
2007-11-10 21:19 81,472 --a------ C:\WINDOWS\system32\bfagdupj.dll
2007-11-10 21:13 85,056 --a------ C:\WINDOWS\system32\lidytmib.dll
2007-11-10 21:04 81,472 --a------ C:\WINDOWS\system32\yaypcoxb.dll
2007-11-10 20:39 <REP> d-------- C:\Program Files\MSN Messenger
2007-11-09 16:00 <REP> d-------- C:\Documents and Settings\Moi\Application Data\PC Tools
2007-11-08 21:38 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-11-08 21:38 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-11-08 21:38 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-11-08 21:38 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-11-07 22:38 79,936 --a------ C:\WINDOWS\system32\brsidabn.dll
2007-11-07 22:36 86,080 --a------ C:\WINDOWS\system32\oemlegjd.dll
2007-11-07 22:17 86,080 --a------ C:\WINDOWS\system32\vbwkjnos.dll
2007-11-07 22:17 79,936 --a------ C:\WINDOWS\system32\dakfkjrt.dll
2007-11-07 19:45 79,936 --a------ C:\WINDOWS\system32\vcxnvoor.dll
2007-11-07 15:35 79,936 --a------ C:\WINDOWS\system32\oipeasjf.dll
2007-11-07 15:26 79,936 --a------ C:\WINDOWS\system32\lodapwoy.dll
2007-11-07 15:25 79,936 --a------ C:\WINDOWS\system32\vhimpobu.dll
2007-11-07 15:25 79,936 --a------ C:\WINDOWS\system32\kihcqdmh.dll
2007-11-07 15:23 79,936 --a------ C:\WINDOWS\system32\ivuacrhe.dll
2007-11-07 15:22 79,936 --a------ C:\WINDOWS\system32\rnhtsoev.dll
2007-11-07 14:58 86,080 --a------ C:\WINDOWS\system32\najwcfsj.dll
2007-11-05 23:39 83,008 --a------ C:\WINDOWS\system32\gutiijwi.dll
2007-11-05 23:10 83,008 --a------ C:\WINDOWS\system32\qdeidnbm.dll
2007-11-05 23:07 85,568 --a------ C:\WINDOWS\system32\edsvyusl.dll
2007-11-05 21:50 83,008 --a------ C:\WINDOWS\system32\sgkctvgc.dll
2007-11-05 20:24 83,008 --a------ C:\WINDOWS\system32\jdcotouo.dll
2007-11-05 16:38 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-05 16:36 <REP> d-------- C:\Documents and Settings\Moi\Application Data\Simply Super Software
2007-11-05 16:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2007-11-05 16:36 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2007-11-05 16:36 153,088 --a------ C:\WINDOWS\system32\unrar3.dll
2007-11-05 16:36 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2007-11-05 16:36 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2007-11-05 14:37 269 --a------ C:\WINDOWS\system32\4496.bat
2007-11-05 14:36 <REP> d--hs---- C:\WINDOWS\UGllcnJlIExhdXJlbmRlYXU
2007-11-05 14:36 <REP> d-------- C:\Temp
2007-11-05 14:36 35,328 --a------ C:\WINDOWS\system32\ssqqqnk.dll
2007-11-05 14:36 0 --a------ C:\WINDOWS\system32\taskkill.exe
2007-11-05 13:28 <REP> d-------- C:\Program Files\Acoustica Mixcraft
2007-10-30 14:49 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2007-10-30 00:09 <REP> d-------- C:\Program Files\Fichiers communs\SureThing Shared
2007-10-24 22:48 <REP> d-------- C:\Program Files\MSXML 4.0
2007-10-23 15:00 <REP> d-------- C:\Program Files\Fichiers communs\MAGIX Shared
2007-10-23 15:00 85,504 --a------ C:\WINDOWS\system32\HtmlWH.dll
2007-10-23 15:00 49,152 --a------ C:\WINDOWS\system32\INETWH32.dll
2007-10-23 14:59 <REP> d-------- C:\WINDOWS\system32\MAGIX
2007-10-23 14:59 643,072 --a------ C:\WINDOWS\system32\mgxoschk.dll
2007-10-23 13:19 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-10-15 23:53 58,904 --a------ C:\WINDOWS\system32\is4tray.dll
2007-10-15 21:06 <REP> d-------- C:\EPSON
2007-10-15 14:30 <REP> d-------- C:\Documents and Settings\Moi\Application Data\Smart Panel
2007-10-15 14:27 <REP> d-------- C:\Program Files\Fichiers communs\Python
2007-10-15 14:27 708,696 --a------ C:\WINDOWS\system32\python21.dll
2007-10-15 14:27 290,919 --a------ C:\WINDOWS\system32\pythoncom21.dll
2007-10-15 14:27 57,344 --a------ C:\WINDOWS\system32\PyWinTypes21.dll
2007-10-15 14:25 <REP> d-------- C:\Program Files\SEIKO EPSON Corp
2007-10-15 14:25 96,768 --a------ C:\WINDOWS\SlantAdj.dll
2007-10-15 14:25 73,216 --a------ C:\WINDOWS\ADE.DLL
2007-10-15 14:25 3,136 --a------ C:\WINDOWS\Ade001.bin
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-12 05:08 --------- d-----w C:\Program Files\Macromedia
2007-11-12 04:58 --------- d-----w C:\Program Files\Fichiers communs\Macromedia
2007-11-10 14:21 --------- d-----w C:\Documents and Settings\Moi\Application Data\LimeWire
2007-11-09 04:07 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-09 04:05 --------- d-----w C:\Program Files\Services en ligne
2007-11-07 02:48 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-07 02:47 --------- d-----w C:\Program Files\Shockwave.com
2007-11-07 02:37 --------- d-----w C:\Program Files\BoontyGames
2007-11-05 21:38 --------- d-----w C:\Documents and Settings\Moi\Application Data\GetRightToGo
2007-11-05 21:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-05 19:39 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2007-10-30 20:00 69,632 ----a-w C:\WINDOWS\AutoUpdateWin31.dll
2007-10-30 19:59 32,768 ----a-w C:\WINDOWS\AutoUpdateWin33.exe
2007-10-23 19:57 --------- d-----w C:\Documents and Settings\Moi\Application Data\RagTime
2007-10-16 02:16 --------- d-----w C:\Documents and Settings\Moi\Application Data\EPSON
2007-10-16 00:50 --------- d-----w C:\Program Files\Smart Panel
2007-10-15 19:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-02 15:47 81,920 ------r C:\WINDOWS\bwUnin-6.1.4.36-8876480L.exe
2007-10-02 15:47 --------- d-----w C:\Program Files\Logitech
2007-10-02 15:45 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2007-10-02 04:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Banner Maker Pro for Flash
2007-09-27 13:25 --------- d-----w C:\Documents and Settings\Moi\Application Data\U3
2007-09-27 13:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-09-25 02:59 --------- d-----w C:\Documents and Settings\Moi\Application Data\AntsSoft
2007-09-24 19:01 --------- d-----w C:\Program Files\Google
2007-09-24 18:58 --------- d-----w C:\Program Files\EPSON
2007-09-23 03:57 --------- d-----w C:\Program Files\Java
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-02 13:43 282,624 ----a-w C:\Program Files\TTC.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D6EA07D-A1ED-4549-B912-590053C71F14}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2010EFE0-92C4-4EBE-A5B8-FFD8515B2E0E}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3DCDF84A-1C7C-4D3C-9866-53E65DC5EB74}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{535d468c-fe83-4d70-80cd-4d473177bc6d}]
2007-11-12 11:32 81472 --a------ C:\WINDOWS\system32\wcvibfvc.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B07562B6-C85E-449D-877F-86AD2740988E}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B5E03107-4AD4-4378-B93A-2A8C0C053147}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCC73622-F72D-4277-803C-D65565A0947F}]
2007-11-05 14:36 35328 --a------ C:\WINDOWS\system32\ssqqqnk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F042A021-0724-4BF7-A1A3-0DFCD14558BA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"48c96f37"="C:\WINDOWS\system32\qgtjnlda.dll" [2007-11-12 11:34]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BCC73622-F72D-4277-803C-D65565A0947F}"= C:\WINDOWS\system32\ssqqqnk.dll [2007-11-05 14:36 35328]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqqqnk]
ssqqqnk.dll 2007-11-05 14:36 35328 C:\WINDOWS\system32\ssqqqnk.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\geedd.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^taskmgr.VIR]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^YourScreen.lnk]
backup=C:\WINDOWS\pss\YourScreen.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Moi^Menu Démarrer^Programmes^Démarrage^Event Reminder.lnk]
backup=C:\WINDOWS\pss\Event Reminder.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\[u]0[/u]mcamcap]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\48c96f37]
rundll32.exe "C:\WINDOWS\system32\oemlegjd.dll",b
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CommandosBELSetup.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\CTFMON.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
DevDetect.exe -autorun
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Evidence Eliminator]
C:\Documents and Settings\Moi\Mes documents\Utilitaires\Evidence Eliminator\Evidence Eliminator\ee.exe /m
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
HDAShCut.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon04]
C:\WINDOWS\system32\hphmon04.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD04]
"C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstaFinderK]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InteliSys]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Invisible Secrets 4]
C:\DOCUME~1\Moi\MESDOC~1\UTILIT~1\INVISI~1\INVISI~1\invtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Documents and Settings\Moi\Mes documents\Utilitaires\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KazaaBooster]
aaDisabled
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
Logi_MwX.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
p2pnetworking.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCShield]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpStopperFreeEdition]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ReJf5vH]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Security]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SemanticInsight]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shell]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
"C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Street_Legal_Racing_Redline.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfAccuracy]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTray]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TacticalOpsSetup.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tbon]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trickler]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\trioService]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updater]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
C:\Program Files\Logitech\iTouch\iTouch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ze Calculator]
C:\Documents and Settings\Moi\Mes documents\Utilitaires\Argent Convertisseur\Calculator.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NVSvc"=2 (0x2)
"Boonty Games"=3 (0x3)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)
R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys
S3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys
S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys
S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-12 12:08:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-12 12:10:48 - machine was rebooted
.
--- E O F ---
Pierletop
Deouis quelques temps j'ai un problème de virus ou trojan ( Security Toolbar & Fotomoto )
Je vous envoi mes copies/coller de ( HJT - VUNDO - COMBO FIX )
Merci d'avance de votre aide
Logfile of HijackThis v1.99.1
Scan saved at 12:19:40, on 2007-11-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\sofhtupt.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Moi\Mes documents\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.qc.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\ttfkuhmo.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Internet Cleaner - {45819E58-6E84-4A5D-BD65-A706981E5BE8} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Internet Cleaner - {45819E58-6E84-4A5D-BD65-A706981E5BE8} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://chat.msn.com/controls/msnchat45.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: DomainService - - C:\WINDOWS\system32\sofhtupt.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Documents and Settings\Moi\Mes documents\Spy Doctor\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Documents and Settings\Moi\Mes documents\Spy Doctor\Spyware Doctor\swdsvc.exe
VundoFix V6.5.4
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Scan started at 11:50:03 2007-11-12
Listing files found while scanning....
No infected files were found.
VundoFix V6.5.4
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Scan started at 11:52:07 2007-11-12
Listing files found while scanning....
No infected files were found.
Beginning removal...
ComboFix 07-11-08.1 - Moi 2007-11-12 11:55:54.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.147 [GMT -5:00]
Running from: C:\Documents and Settings\Moi\Mes documents\Trojan Remover\Combo Fix\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Autres\Favoris\Online Security Guide.lnk
C:\Favoris\Online Security Guide.lnk
C:\Program Files\Fichiers communs\{38C96~1
C:\Program Files\Fichiers communs\{48C96~1
C:\Program Files\Fichiers communs\{48C96~1\system.dll
C:\Program Files\Fichiers communs\{48C96~2
C:\Program Files\Fichiers communs\{48C96~2\system.dll
C:\Program Files\Fichiers communs\{48C96~3
C:\Program Files\Fichiers communs\{48C96~3\system.dll
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\History\search
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fCOe
C:\Temp\fCOe\tOasF.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\hosts
C:\WINDOWS\system32\a3
C:\WINDOWS\system32\bdeeg.bak1
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\dccdd.ini
C:\WINDOWS\system32\dccdd.ini2
C:\WINDOWS\system32\ddcyv.dll
C:\WINDOWS\system32\ddeeg.bak1
C:\WINDOWS\system32\ddeeg.ini
C:\WINDOWS\system32\ddeeg.ini2
C:\WINDOWS\system32\ddeeg.tmp
C:\WINDOWS\system32\djgelmeo.ini
C:\WINDOWS\system32\djgelmeo.ini2
C:\WINDOWS\system32\g1
C:\WINDOWS\system32\g1\caws83122.exe
C:\WINDOWS\system32\geedd.dll
C:\WINDOWS\system32\ghngiykk.dllbox
C:\WINDOWS\system32\hhkmp.bak1
C:\WINDOWS\system32\hhkmp.ini2
C:\WINDOWS\system32\hhkmp.tmp
C:\WINDOWS\system32\jkijgegm.dllbox
C:\WINDOWS\system32\klnmp.bak1
C:\WINDOWS\system32\klnmp.bak2
C:\WINDOWS\system32\klnmp.ini2
C:\WINDOWS\system32\oTt04e
C:\WINDOWS\system32\oTt04e\oTt04e1080.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qrqss.bak1
C:\WINDOWS\system32\qrqss.ini
C:\WINDOWS\system32\qtutv.bak1
C:\WINDOWS\system32\qtutv.bak2
C:\WINDOWS\system32\qtutv.ini2
C:\WINDOWS\system32\qtutv.tmp
C:\WINDOWS\system32\vxtspwjj.dllbox
C:\WINDOWS\system32\wpjemapw.dllbox
C:\WINDOWS\system32\z1
C:\WINDOWS\TTC-4444.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CLIENT_IP-IPX
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-12 to 2007-11-12 ))))))))))))))))))))))))))))))))))))
.
2007-11-12 11:53 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-12 11:50 <REP> d-------- C:\VundoFix Backups
2007-11-12 11:34 89,664 --------- C:\WINDOWS\system32\qgtjnlda.dll
2007-11-12 11:32 81,472 --a------ C:\WINDOWS\system32\wcvibfvc.dll
2007-11-12 03:11 89,664 --------- C:\WINDOWS\system32\dleefhwo.dll
2007-11-12 03:09 81,472 --a------ C:\WINDOWS\system32\ccfusygv.dll
2007-11-12 01:32 71,232 --a------ C:\WINDOWS\system32\vcsxstcn.exe
2007-11-12 01:31 71,232 --a------ C:\WINDOWS\system32\trbiwmbw.exe
2007-11-11 22:03 79,936 --a------ C:\WINDOWS\system32\yqnempbn.dll
2007-11-11 18:46 79,936 --a------ C:\WINDOWS\system32\xrvpmvgr.dll
2007-11-11 06:46 79,936 --a------ C:\WINDOWS\system32\agopldcc.dll
2007-11-10 21:19 81,472 --a------ C:\WINDOWS\system32\bfagdupj.dll
2007-11-10 21:13 85,056 --a------ C:\WINDOWS\system32\lidytmib.dll
2007-11-10 21:04 81,472 --a------ C:\WINDOWS\system32\yaypcoxb.dll
2007-11-10 20:39 <REP> d-------- C:\Program Files\MSN Messenger
2007-11-09 16:00 <REP> d-------- C:\Documents and Settings\Moi\Application Data\PC Tools
2007-11-08 21:38 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-11-08 21:38 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-11-08 21:38 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-11-08 21:38 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-11-07 22:38 79,936 --a------ C:\WINDOWS\system32\brsidabn.dll
2007-11-07 22:36 86,080 --a------ C:\WINDOWS\system32\oemlegjd.dll
2007-11-07 22:17 86,080 --a------ C:\WINDOWS\system32\vbwkjnos.dll
2007-11-07 22:17 79,936 --a------ C:\WINDOWS\system32\dakfkjrt.dll
2007-11-07 19:45 79,936 --a------ C:\WINDOWS\system32\vcxnvoor.dll
2007-11-07 15:35 79,936 --a------ C:\WINDOWS\system32\oipeasjf.dll
2007-11-07 15:26 79,936 --a------ C:\WINDOWS\system32\lodapwoy.dll
2007-11-07 15:25 79,936 --a------ C:\WINDOWS\system32\vhimpobu.dll
2007-11-07 15:25 79,936 --a------ C:\WINDOWS\system32\kihcqdmh.dll
2007-11-07 15:23 79,936 --a------ C:\WINDOWS\system32\ivuacrhe.dll
2007-11-07 15:22 79,936 --a------ C:\WINDOWS\system32\rnhtsoev.dll
2007-11-07 14:58 86,080 --a------ C:\WINDOWS\system32\najwcfsj.dll
2007-11-05 23:39 83,008 --a------ C:\WINDOWS\system32\gutiijwi.dll
2007-11-05 23:10 83,008 --a------ C:\WINDOWS\system32\qdeidnbm.dll
2007-11-05 23:07 85,568 --a------ C:\WINDOWS\system32\edsvyusl.dll
2007-11-05 21:50 83,008 --a------ C:\WINDOWS\system32\sgkctvgc.dll
2007-11-05 20:24 83,008 --a------ C:\WINDOWS\system32\jdcotouo.dll
2007-11-05 16:38 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-05 16:36 <REP> d-------- C:\Documents and Settings\Moi\Application Data\Simply Super Software
2007-11-05 16:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2007-11-05 16:36 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2007-11-05 16:36 153,088 --a------ C:\WINDOWS\system32\unrar3.dll
2007-11-05 16:36 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2007-11-05 16:36 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2007-11-05 14:37 269 --a------ C:\WINDOWS\system32\4496.bat
2007-11-05 14:36 <REP> d--hs---- C:\WINDOWS\UGllcnJlIExhdXJlbmRlYXU
2007-11-05 14:36 <REP> d-------- C:\Temp
2007-11-05 14:36 35,328 --a------ C:\WINDOWS\system32\ssqqqnk.dll
2007-11-05 14:36 0 --a------ C:\WINDOWS\system32\taskkill.exe
2007-11-05 13:28 <REP> d-------- C:\Program Files\Acoustica Mixcraft
2007-10-30 14:49 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2007-10-30 00:09 <REP> d-------- C:\Program Files\Fichiers communs\SureThing Shared
2007-10-24 22:48 <REP> d-------- C:\Program Files\MSXML 4.0
2007-10-23 15:00 <REP> d-------- C:\Program Files\Fichiers communs\MAGIX Shared
2007-10-23 15:00 85,504 --a------ C:\WINDOWS\system32\HtmlWH.dll
2007-10-23 15:00 49,152 --a------ C:\WINDOWS\system32\INETWH32.dll
2007-10-23 14:59 <REP> d-------- C:\WINDOWS\system32\MAGIX
2007-10-23 14:59 643,072 --a------ C:\WINDOWS\system32\mgxoschk.dll
2007-10-23 13:19 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-10-15 23:53 58,904 --a------ C:\WINDOWS\system32\is4tray.dll
2007-10-15 21:06 <REP> d-------- C:\EPSON
2007-10-15 14:30 <REP> d-------- C:\Documents and Settings\Moi\Application Data\Smart Panel
2007-10-15 14:27 <REP> d-------- C:\Program Files\Fichiers communs\Python
2007-10-15 14:27 708,696 --a------ C:\WINDOWS\system32\python21.dll
2007-10-15 14:27 290,919 --a------ C:\WINDOWS\system32\pythoncom21.dll
2007-10-15 14:27 57,344 --a------ C:\WINDOWS\system32\PyWinTypes21.dll
2007-10-15 14:25 <REP> d-------- C:\Program Files\SEIKO EPSON Corp
2007-10-15 14:25 96,768 --a------ C:\WINDOWS\SlantAdj.dll
2007-10-15 14:25 73,216 --a------ C:\WINDOWS\ADE.DLL
2007-10-15 14:25 3,136 --a------ C:\WINDOWS\Ade001.bin
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-12 05:08 --------- d-----w C:\Program Files\Macromedia
2007-11-12 04:58 --------- d-----w C:\Program Files\Fichiers communs\Macromedia
2007-11-10 14:21 --------- d-----w C:\Documents and Settings\Moi\Application Data\LimeWire
2007-11-09 04:07 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-09 04:05 --------- d-----w C:\Program Files\Services en ligne
2007-11-07 02:48 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-07 02:47 --------- d-----w C:\Program Files\Shockwave.com
2007-11-07 02:37 --------- d-----w C:\Program Files\BoontyGames
2007-11-05 21:38 --------- d-----w C:\Documents and Settings\Moi\Application Data\GetRightToGo
2007-11-05 21:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-05 19:39 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2007-10-30 20:00 69,632 ----a-w C:\WINDOWS\AutoUpdateWin31.dll
2007-10-30 19:59 32,768 ----a-w C:\WINDOWS\AutoUpdateWin33.exe
2007-10-23 19:57 --------- d-----w C:\Documents and Settings\Moi\Application Data\RagTime
2007-10-16 02:16 --------- d-----w C:\Documents and Settings\Moi\Application Data\EPSON
2007-10-16 00:50 --------- d-----w C:\Program Files\Smart Panel
2007-10-15 19:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-02 15:47 81,920 ------r C:\WINDOWS\bwUnin-6.1.4.36-8876480L.exe
2007-10-02 15:47 --------- d-----w C:\Program Files\Logitech
2007-10-02 15:45 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2007-10-02 04:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Banner Maker Pro for Flash
2007-09-27 13:25 --------- d-----w C:\Documents and Settings\Moi\Application Data\U3
2007-09-27 13:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-09-25 02:59 --------- d-----w C:\Documents and Settings\Moi\Application Data\AntsSoft
2007-09-24 19:01 --------- d-----w C:\Program Files\Google
2007-09-24 18:58 --------- d-----w C:\Program Files\EPSON
2007-09-23 03:57 --------- d-----w C:\Program Files\Java
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-02 13:43 282,624 ----a-w C:\Program Files\TTC.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D6EA07D-A1ED-4549-B912-590053C71F14}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2010EFE0-92C4-4EBE-A5B8-FFD8515B2E0E}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3DCDF84A-1C7C-4D3C-9866-53E65DC5EB74}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{535d468c-fe83-4d70-80cd-4d473177bc6d}]
2007-11-12 11:32 81472 --a------ C:\WINDOWS\system32\wcvibfvc.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B07562B6-C85E-449D-877F-86AD2740988E}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B5E03107-4AD4-4378-B93A-2A8C0C053147}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCC73622-F72D-4277-803C-D65565A0947F}]
2007-11-05 14:36 35328 --a------ C:\WINDOWS\system32\ssqqqnk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F042A021-0724-4BF7-A1A3-0DFCD14558BA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"48c96f37"="C:\WINDOWS\system32\qgtjnlda.dll" [2007-11-12 11:34]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BCC73622-F72D-4277-803C-D65565A0947F}"= C:\WINDOWS\system32\ssqqqnk.dll [2007-11-05 14:36 35328]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqqqnk]
ssqqqnk.dll 2007-11-05 14:36 35328 C:\WINDOWS\system32\ssqqqnk.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\geedd.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^taskmgr.VIR]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^YourScreen.lnk]
backup=C:\WINDOWS\pss\YourScreen.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Moi^Menu Démarrer^Programmes^Démarrage^Event Reminder.lnk]
backup=C:\WINDOWS\pss\Event Reminder.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\[u]0[/u]mcamcap]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\48c96f37]
rundll32.exe "C:\WINDOWS\system32\oemlegjd.dll",b
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CommandosBELSetup.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\CTFMON.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
DevDetect.exe -autorun
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Evidence Eliminator]
C:\Documents and Settings\Moi\Mes documents\Utilitaires\Evidence Eliminator\Evidence Eliminator\ee.exe /m
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
HDAShCut.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon04]
C:\WINDOWS\system32\hphmon04.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD04]
"C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstaFinderK]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InteliSys]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Invisible Secrets 4]
C:\DOCUME~1\Moi\MESDOC~1\UTILIT~1\INVISI~1\INVISI~1\invtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Documents and Settings\Moi\Mes documents\Utilitaires\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KazaaBooster]
aaDisabled
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
Logi_MwX.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
p2pnetworking.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCShield]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpStopperFreeEdition]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ReJf5vH]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Security]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SemanticInsight]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shell]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
"C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Street_Legal_Racing_Redline.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfAccuracy]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTray]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TacticalOpsSetup.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tbon]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trickler]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\trioService]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updater]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
C:\Program Files\Logitech\iTouch\iTouch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ze Calculator]
C:\Documents and Settings\Moi\Mes documents\Utilitaires\Argent Convertisseur\Calculator.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NVSvc"=2 (0x2)
"Boonty Games"=3 (0x3)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)
R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys
S3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys
S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys
S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-12 12:08:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-12 12:10:48 - machine was rebooted
.
--- E O F ---
Pierletop
A voir également:
- De L'Aide S.V.P. ( trojan & virus )
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Faux message virus iphone ✓ - Forum Virus
- Undisclosed-recipients virus - Guide
1 réponse
Bonjour,
commence par fixé ces cases:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\ttfkuhmo.dll
Ensuite essais cet utilitaire:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Téléchargez VirtumundoBeGone sur votre bureau.
Double-cliquez ensuite sur VirtumundoBeGone.exe et suivez les instructions qui s'affichent à l'écran.
Une fois terminé, redémarrez votre PC.
PS : Ne vous inquiètez pas si vous voyez un écran bleu "Erreur fatale", c'est normal.
Si un rapport est dipo, envoie le s'il te plait.
On fera autre chose ensuite.
Cordialement.
commence par fixé ces cases:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\ttfkuhmo.dll
Ensuite essais cet utilitaire:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Téléchargez VirtumundoBeGone sur votre bureau.
Double-cliquez ensuite sur VirtumundoBeGone.exe et suivez les instructions qui s'affichent à l'écran.
Une fois terminé, redémarrez votre PC.
PS : Ne vous inquiètez pas si vous voyez un écran bleu "Erreur fatale", c'est normal.
Si un rapport est dipo, envoie le s'il te plait.
On fera autre chose ensuite.
Cordialement.
