Sujet Précédent Sujet Suivant

SOS trojan win32:bho-kd [trj]

Résolu
davidvictor Messages postés 6 Statut Membre -  
 sebbissy -
Bonjour,
Tout d'abord une bonne année et une bonne santé à tous le forum !!
J'ai un trojan ou virus sur mon ordinateur qui s'appel : Win32:BHO-KD [Trj]
Que me conseillez-vous ? Tout en sachant que j'ai SPYBOT, AVAST et CCLEANER.
Dans l'attente de vous lire, bien cordialement à toutes et à tous.

Davidvictor
A voir également:

25 réponses

Précédent
  • 1
  • 2
Réponse 21 / 25
Athanor
 
This is my log. I hope you can help me too.
Tanks very much

ComboFix 08-01-04.1 - utente 2008-01-05 17:15:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.351 [GMT 1:00]
Eseguito da: C:\ComboFix.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\setup.exe
C:\WINDOWS\system32\drivers\Fjm02.sys

.
((((((((((((((((((((((((( Files Creati Da 2007-12-05 al 2008-01-05 )))))))))))))))))))))))))))))))))))
.

2008-01-05 17:17 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-01-05 17:14 . 2008-01-05 17:14 <DIR> d-------- C:\Programmi\Microsoft SQL Server Compact Edition
2008-01-05 17:12 . 2008-01-03 21:38 1,485,915 --a------ C:\ComboFix.exe
2008-01-05 17:08 . 2008-01-05 17:17 <DIR> d-------- C:\Programmi\Windows Live
2008-01-05 17:08 . 2008-01-05 17:16 <DIR> d--hsc--- C:\Programmi\File comuni\WindowsLiveInstaller
2008-01-05 17:08 . 2008-01-05 17:08 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-01-05 16:46 . 2008-01-05 16:46 <DIR> d-------- C:\Programmi\Microsoft Silverlight
2008-01-05 16:31 . 2007-10-28 04:46 2,402,320 --a------ C:\WLinstaller.exe
2008-01-05 16:09 . 2008-01-05 16:50 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-01-04 16:57 . 2008-01-04 16:57 <DIR> d-------- C:\Documents and Settings\utente\Dati applicazioni\ErrorSmart
2008-01-04 16:56 . 2008-01-04 19:20 <DIR> d-------- C:\Programmi\ErrorSmart
2008-01-04 09:13 . 2007-12-19 09:18 2,690,616 --a------ C:\drivermax.exe
2008-01-02 18:03 . 2008-01-02 18:05 <DIR> d-------- C:\Programmi\NoAdware5.0
2008-01-02 18:00 . 2007-10-16 01:29 2,108,536 --a------ C:\noadware.exe
2008-01-02 17:48 . 2008-01-02 17:58 <DIR> d-------- C:\Programmi\Registry Easy
2008-01-02 17:45 . 2008-01-02 17:45 2,288,832 --a------ C:\RegistryEasy.exe
2008-01-01 16:08 . 2008-01-01 16:08 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\PopCap
2007-12-31 18:11 . 2007-12-17 08:38 21,263,712 --a------ C:\a2FreeSetup.exe
2007-12-30 18:48 . 2007-12-30 18:48 21,760 --a------ C:\WINDOWS\Fjm02.sys
2007-12-30 16:24 . 2008-01-02 18:42 <DIR> d-------- C:\Programmi\a-squared Free
2007-12-29 19:18 . 2007-12-29 19:18 153 --a------ C:\ecotiffpilot.exe
2007-12-28 17:15 . 2007-12-02 23:57 8,913,016 --a------ C:\Windows-KB890830-V1.36.exe
2007-12-28 15:35 . 2006-09-05 17:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-28 12:03 . 2007-10-04 17:18 14,718,496 --a------ C:\IE7-WindowsXP-x86-ita.exe
2007-12-27 15:58 . 2007-12-27 15:58 143 --a------ C:\WINDOWS\WININIT.INI
2007-12-27 14:43 . 19,584 C:\WINDOWS\system32\drivers\gazjwnet.dat
2007-12-27 14:41 . 2004-08-19 14:39 84,992 --a------ C:\WINDOWS\system32\dbghelpo.dll
2007-12-27 14:40 . 2007-12-27 14:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-27 14:40 . 2007-12-27 14:40 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-26 19:05 . 2007-12-19 10:31 689,389,836 --a------ C:\India_2007_2.avi
2007-12-26 10:08 . 2007-09-16 10:46 3,861,320 --a------ C:\eMule0.48a-Installer2.exe
2007-12-23 19:24 . 2007-12-23 19:24 <DIR> d-------- C:\Documents and Settings\utente\Dati applicazioni\Media Player Classic
2007-12-23 19:08 . 2007-12-23 19:08 <DIR> d-------- C:\Documents and Settings\utente\Dati applicazioni\Apple Computer
2007-12-23 19:01 . 2007-12-23 19:02 26 --a------ C:\WINDOWS\system32\satsukidecodersettings.ini
2007-12-23 18:36 . 2007-12-23 18:36 <DIR> d-------- C:\Programmi\Winamp
2007-12-23 18:36 . 2007-12-23 18:38 <DIR> d-------- C:\Programmi\Monkey's Audio
2007-12-23 18:35 . 2006-02-17 19:59 1,307,613 --a------ C:\MAC_401b2.exe
2007-12-22 22:30 . 2007-12-21 13:46 7,335,003 --a------ C:\natale-luci.wmv
2007-12-21 15:39 . 2006-11-08 12:03 5,410,865 --a------ C:\abiword-setup-2.4.6.exe
2007-12-18 16:05 . 2007-12-18 05:34 1,027,111,584 --a------ C:\India_2007_1.avi
2007-12-18 15:31 . 2007-12-18 15:32 <DIR> d-------- C:\Programmi\File comuni\HP
2007-12-18 15:28 . 2007-12-18 15:28 <DIR> d-------- C:\Programmi\Hewlett-Packard
2007-12-18 15:23 . 2007-12-18 16:00 68,923 --a------ C:\WINDOWS\hpoins05.dat
2007-12-18 15:23 . 2004-12-15 00:07 19,696 --------- C:\WINDOWS\hpomdl05.dat
2007-12-17 20:16 . 2007-12-17 20:20 <DIR> d-------- C:\temp\HP_WebRelease
2007-12-17 17:43 . 2004-12-14 19:06 229,376 -ra------ C:\WINDOWS\system32\hpovst08.dll
2007-12-17 17:32 . 2007-12-17 17:52 <DIR> d-------- C:\temp\FixEngine
2007-12-16 19:12 . 2007-12-12 08:13 667,515 --a------ C:\[u]0[/u]1Aug56.zip
2007-12-16 18:53 . 2007-12-16 18:53 <DIR> d-------- C:\Documents and Settings\utente\Dati applicazioni\River Past G5
2007-12-16 18:53 . 2007-12-16 19:39 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\River Past G5
2007-12-16 18:36 . 2007-05-31 07:05 520,933 --a------ C:\[u]0[/u]1Umo01.zip
2007-12-16 18:33 . 2007-11-23 16:48 344,140 --a------ C:\[u]0[/u]3Aug18.zip
2007-12-16 18:30 . 2007-11-23 14:50 920,700 --a------ C:\[u]0[/u]1Aug18.zip
2007-12-16 18:26 . 2007-11-23 14:50 286,874 --a------ C:\[u]0[/u]1Aug06.zip
2007-12-15 16:53 . 2007-12-15 16:53 <DIR> d-------- C:\Documents and Settings\utente\Dati applicazioni\Printer Info Cache
2007-12-11 16:43 . 2007-12-11 16:43 <DIR> d-------- C:\Programmi\2BrightSparks
2007-12-07 21:10 . 2004-08-19 14:39 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 16:56 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Babylon
2008-01-05 14:36 --------- d-----w C:\Documents and Settings\utente\Dati applicazioni\MailWasherPro
2008-01-05 13:48 --------- d-----w C:\Programmi\eMule
2008-01-05 13:40 --------- d-----w C:\Documents and Settings\chiara\Dati applicazioni\MailWasherPro
2008-01-04 19:48 --------- d-----w C:\Documents and Settings\chiara\Dati applicazioni\MalwareBot
2008-01-04 18:41 --------- d-----w C:\Documents and Settings\utente\Dati applicazioni\Babylon
2008-01-04 10:37 --------- d-----w C:\Documents and Settings\utente\Dati applicazioni\MalwareBot
2008-01-04 08:14 --------- d-----w C:\Programmi\Innovative Solutions
2007-12-29 10:08 --------- d-----w C:\Documents and Settings\utente\Dati applicazioni\uTorrent
2007-12-17 16:31 --------- d-----w C:\Programmi\HP
2007-12-17 05:06 --------- d-----w C:\Programmi\BitTorrent_DNA
2007-12-15 15:53 --------- d-----w C:\Documents and Settings\utente\Dati applicazioni\Image Zone Express
2007-12-15 12:06 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2007-12-06 21:12 --------- d-----w C:\Documents and Settings\utente\Dati applicazioni\BitTorrent DNA
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-28 14:25 2,600,640 ----a-w C:\emoticons.exe
2007-11-26 17:45 --------- d--h--w C:\Programmi\InstallShield Installation Information
2007-11-25 21:41 19,373,650 ----a-w C:\WDM_3663.zip
2007-11-25 21:08 --------- d-----w C:\Programmi\VIA
2007-11-25 18:26 --------- d-----w C:\Programmi\RegistrySmart
2007-11-25 18:23 --------- d-----w C:\Documents and Settings\utente\Dati applicazioni\RegistrySmart
2007-11-25 17:10 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\PC Drivers HeadQuarters
2007-11-25 16:33 --------- d-----w C:\Programmi\QuickTime
2007-11-25 16:33 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2007-11-25 16:32 --------- d-----w C:\Programmi\Apple Software Update
2007-11-25 16:32 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple
2007-11-24 16:05 49,079 ----a-w C:\WINDOWS\system32\RadLightAPEUninstall.exe
2007-11-24 15:58 --------- d-----w C:\Programmi\NCH Swift Sound
2007-11-21 15:43 --------- d-----w C:\Programmi\MSXML 6.0
2007-11-21 07:59 --------- d-----w C:\Programmi\SpeedFan
2007-11-20 20:33 --------- d-----w C:\Programmi\Multi_Media_Italy
2007-11-20 15:02 5,242,691 ----a-w C:\laparola-it.exe
2007-11-19 10:02 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Grisoft
2007-11-15 15:16 5,844 ----a-w C:\regrung550.zip
2007-11-14 15:43 --------- d-----w C:\Programmi\CyberLink
2007-11-14 15:16 5,099,480 ----a-w C:\DriverDetective.exe
2007-11-13 17:56 2,968,400 ----a-w C:\eMulePlus12b.exe
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 14:58 --------- d-----w C:\Documents and Settings\utente\Dati applicazioni\CyberLink
2007-11-11 18:34 --------- d-----w C:\Programmi\Corsi interattivi
2007-11-11 17:13 --------- d-----w C:\Programmi\River Past
2007-11-11 14:28 --------- d-----w C:\Programmi\AV Movie Morpher Silver
2007-11-10 11:00 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2007-11-09 16:35 --------- d-----w C:\Programmi\MalwareBot
2007-11-08 02:49 2,869,264 ----a-w C:\dotNetFx35setup.exe
2007-11-06 07:29 --------- d-----w C:\Programmi\Google
2007-11-05 14:33 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2007-11-02 06:26 8,646,776 ----a-w C:\Windows-KB890830-V1.35.exe
2007-10-31 21:21 21,321,008 ----a-w C:\QuickTimeInstaller.exe
2007-10-30 16:59 69,632 ----a-w C:\WINDOWS\system32\realbap1.dll
2007-10-30 16:59 45,568 ----a-w C:\WINDOWS\system32\realbsf1.dll
2007-10-29 22:42 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-23 16:49 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-15 19:59 1,911,240 ----a-w C:\daemon410-x86.exe
2007-10-15 10:04 711,933,952 ----a-w C:\Programmi\Scansoft Omnipage Professional v.15.Multilanguage.iso
2007-10-05 14:46 865,131 ----a-w C:\SILGREEK.EXE
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC3CFAAB-AD0E-4CBE-A8E7-8E45A5A17EFC}]
2004-08-19 14:39 84992 --a------ C:\WINDOWS\system32\dbghelpo.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{965B54B0-71E0-4611-8DE7-F73FA0B20E26}
{2E6F36CE-1217-4BA1-982F-24560C0EB677}
{968631B6-4729-440D-9BF4-251F5593EC9A}

[HKEY_CLASSES_ROOT\clsid\{965b54b0-71e0-4611-8de7-f73fa0b20e26}]
[HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB.1]
[HKEY_CLASSES_ROOT\TypeLib\{162484B8-B114-453f-A344-C0B24B0F1D99}]
[HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{965B54B0-71E0-4611-8DE7-F73FA0B20E26}"= C:\Programmi\Babylon\Babylon-Pro\Babylon Toolbar\BabylonIEToolBar.dll [2007-07-16 14:49 264416]

[HKEY_CLASSES_ROOT\clsid\{965b54b0-71e0-4611-8de7-f73fa0b20e26}]
[HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB.1]
[HKEY_CLASSES_ROOT\TypeLib\{162484B8-B114-453f-A344-C0B24B0F1D99}]
[HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe" [2007-06-05 22:25 1379016]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:39 15360]
"updateMgr"="C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"MsnMsgr"="~C:\Programmi\MSN Messenger\MsnMsgr.exe" [ ]
"Packard Bell Data Secure"="C:\Programmi\Packard Bell Data Secure\PBDataSecure.exe" [ ]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"SweetIM"="C:\Programmi\Macrogaming\SweetIM\SweetIM.exe" [2007-08-12 10:02 103712]
"DAEMON Tools"="C:\Programmi\DAEMON Tools\daemon.exe" [2007-09-18 15:16 171464]
"X1FileMonitor.exe"="C:\Programmi\Virgilio Desktop Search\X1FileMonitor.exe" [2007-01-11 08:57 428544]
"OpAgent"="C:\Programmi\ScanSoft\OmniPage15.0\OpAgent.exe" [2006-02-03 09:24 159744]
"Copernic Desktop Search 2"="C:\Programmi\Copernic Desktop Search 2\DesktopSearchService.exe" [2007-08-01 19:26 1514016]
"MalwareBot"="C:\Programmi\MalwareBot\MalwareBot.exe" [2007-08-24 13:26 8852720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"TrueImageMonitor.exe"="C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-16 20:12 1164912]
"AcronisTimounterMonitor"="C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-16 20:17 1941784]
"Acronis Scheduler2 Service"="C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe" [2006-10-16 20:13 87584]
"CnxDslTaskBar"="C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe" [2003-10-29 14:11 462848]
"Google Desktop Search"="C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-09 20:59 1836544]
"Babylon Client"="C:\Programmi\Babylon\Babylon-Pro\Babylon.exe" [2007-07-16 14:50 2841824]
"ISUSPM Startup"="C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ]
"ISUSScheduler"="C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" [2005-02-16 15:15 81920]
"Windows Defender"="C:\Programmi\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"zBrowser Launcher"="C:\Programmi\Logitech\iTouch\iTouch.exe" [2003-04-07 01:16 631364]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"SSBkgdUpdate"="C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 23:14 155648]
"Opware15"="C:\Programmi\ScanSoft\OmniPage15.0\Opware15.exe" [2006-02-03 09:23 69632]
"OpScheduler"="C:\Programmi\ScanSoft\OmniPage15.0\OpScheduler.exe" [ ]
"PDF3 Registry Controller"="C:\Programmi\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe" [2005-08-25 09:33 106496]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [ ]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2007-11-24 16:29 286720]
"HP Software Update"="c:\Programmi\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:39 15360]
"Picasa Media Detector"="C:\Programmi\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17 443968]
"DWQueuedReporting"="C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 08:01 437160]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
HP Digital Imaging Monitor.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
HP Image Zone Fast Start.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^AudioDeck.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\AudioDeck.lnk
backup=C:\WINDOWS\pss\AudioDeck.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
C:\Programmi\VIA\VIAudioi\SBADeck\ADeck.exe 1

R0 ycqdlsaf;ycqdlsaf;C:\WINDOWS\system32\drivers\gazjwnet.dat []
R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 07:23]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2003-09-12 09:26]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2003-09-12 09:26]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2003-10-29 14:02]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
S3 Vsp;Vsp;C:\WINDOWS\system32\drivers\Vsp.sys [2003-05-27 15:45]

.
Contenuto della cartella 'Scheduled Tasks'
"2007-11-24 15:35:50 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-01-04 17:48:17 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Programmi\ErrorSmart\ErrorSmart.ex
- C:\Programmi\ErrorSmart.utente+Runs ErrorSmart to optimize your registry.
"2008-01-05 16:56:52 C:\WINDOWS\Tasks\MalwareBot Scheduled Scan.job"
- C:\Programmi\MalwareBot\MalwareBot.ex
- C:\Programmi\MalwareBot.utenteVRuns MalwareBot to scan your computer for malicious and potenially unwanted programs.
"2008-01-05 16:57:56 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmi\Windows Defender\MpCmdRun.exe
"2008-01-05 16:54:50 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Programmi\RegCure\RegCure.exe
"2008-01-03 02:37:56 C:\WINDOWS\Tasks\RegCure.job"
- C:\Programmi\RegCure\RegCure.exe
"2008-01-03 02:30:02 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Programmi\RegistrySmart\RegistrySmart.ex
- C:\Programmi\RegistrySmart.utente.Runs RegistrySmart to optimize your registry.
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 17:55:56
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-01-05 18:01:21 - machine was rebooted [utente]
ComboFix-quarantined-files.txt 2008-01-05 17:01:16
.
2008-01-04 07:11:15 --- E O F ---
0
Réponse 22 / 25
Athanor
 
Please, someone can help me with the virus into the previous post?
0
Réponse 23 / 25
nanou62
 
bonjour. moi aussi j'ai le meme probleme de trojan.win32:bho-kd ..mon ordi est infecter depuis le 1 ° janvier.malgré avast et spybot je n'arrive pas a le suprimer. y'a t'il quelqu'un pour m'aider svp. merci d'avance
0
Réponse 24 / 25
impact
 
bonjour a tous win32:BHO- kd(trj) me prend la tete a l'aide merci
voila le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:42:35, on 07/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\G DATA AntiVirus Trial\AVK\AVKService.exe
C:\Program Files\G DATA AntiVirus Trial\AVK\AVKWCtl.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
C:\Program Files\G DATA AntiVirus Trial\AVKTray\AVKTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA AntiVirus Trial\Webfilter\AvkWebIE.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {41CB89C2-5AF2-4B5F-B444-257EA772800B} - C:\WINDOWS\system32\asycfil.dll
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA AntiVirus Trial\Webfilter\AvkWebIE.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVKTray] "C:\Program Files\G DATA AntiVirus Trial\AVKTray\AVKTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: G DATA Scheduler (AVKService) - G DATA Software AG - C:\Program Files\G DATA AntiVirus Trial\AVK\AVKService.exe
O23 - Service: Gardien d'AntiVirus (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA AntiVirus Trial\AVK\AVKWCtl.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 25
sebbissy
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:16:00, on 18/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\TVPlay\TVPService.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\ReparateurDeSysteme\strpmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Vente Flash\vente_flash.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\TVPlay\Kernel\TV\TVPCapSvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\TVPlay\Kernel\TV\TVPSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.1/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\Plugins\RazaWebHook.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O2 - BHO: Adssite Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\adssite_sidebar.dll
O2 - BHO: (no name) - {18818BD4-DA1B-4669-8031-35F145CBC776} - C:\WINDOWS\system32\pmnnm.dll (file missing)
O2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - C:\WINDOWS\system32\iebrowserc.dll
O2 - BHO: (no name) - {2D767C9A-534B-4419-92F9-CA3FF43585EF} - C:\WINDOWS\system32\dbghel.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: Online_TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl0.dll
O2 - BHO: {c3fb72ac-dc59-df98-8624-6dc79386e674} - {476e6839-7cd6-4268-89fd-95cdca27bf3c} - C:\WINDOWS\system32\xweapjiu.dll (file missing)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\urqrrsr.dll (file missing)
O2 - BHO: dcads - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - C:\WINDOWS\system32\nsrB15.dll
O2 - BHO: Multi_Media_France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: superiorads - {79F562E5-768C-4494-8E6C-824ADA4A9C2C} - C:\WINDOWS\system32\sprt_ads.dll (file missing)
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsgB37.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Multi_Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
O2 - BHO: (no name) - {C04FB9D4-AD8A-4BC0-9BE3-28406402C09C} - C:\WINDOWS\system32\ssqrq.dll (file missing)
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Online_TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl0.dll
O3 - Toolbar: Multi_Media_France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul0.dll
O3 - Toolbar: Multi_Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TVPService] "C:\Program Files\HP\TVPlay\TVPService.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [trioService] "C:\PROGRA~1\Freeze.com\Living 3D Dolphins\trioService.exe "
O4 - HKLM\..\Run: [DisableIPC] C:\Program Files\Cable & ADSL Optimizer\DisableIPC.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [845d713a] rundll32.exe "C:\WINDOWS\system32\dvcwhqat.dll",sitypnow
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\sprt_ads.dll" DllStart
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [ptask] C:\Program Files\ProtectionConue\ptask.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\ReparateurDeSysteme\strpmon.exe" dm=http://reparateurdesysteme.com ad=http://reparateurdesysteme.com sd=http://repay.reparateurdesysteme.com
O4 - HKLM\..\Run: [bm] "C:\Program Files\Fichiers communs\ProtectionConue\bm.exe" dm=http://protectionconue.com ad=http://protectionconue.com sd=http://gregistre.protectionconue.com
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SmartCenter 2.0.lnk = C:\LOTSUITE\SMARTCTR\SMARTCTR.EXE
O4 - Startup: Vente Flash.lnk = C:\Program Files\Vente Flash\vente_flash.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: awtqo - C:\WINDOWS\system32\awtqo.dll (file missing)
O20 - Winlogon Notify: awtqppq - awtqppq.dll (file missing)
O20 - Winlogon Notify: awtqr - C:\WINDOWS\system32\awtqr.dll (file missing)
O20 - Winlogon Notify: awtsp - C:\WINDOWS\system32\awtsp.dll (file missing)
O20 - Winlogon Notify: awvtr - C:\WINDOWS\system32\awvtr.dll (file missing)
O20 - Winlogon Notify: awvvw - C:\WINDOWS\system32\awvvw.dll (file missing)
O20 - Winlogon Notify: ddayv - C:\WINDOWS\system32\ddayv.dll (file missing)
O20 - Winlogon Notify: ddccc - C:\WINDOWS\system32\ddccc.dll (file missing)
O20 - Winlogon Notify: ddcya - C:\WINDOWS\system32\ddcya.dll (file missing)
O20 - Winlogon Notify: gebcc - C:\WINDOWS\system32\gebcc.dll (file missing)
O20 - Winlogon Notify: jkhfg - C:\WINDOWS\system32\jkhfg.dll (file missing)
O20 - Winlogon Notify: jkhhf - C:\WINDOWS\system32\jkhhf.dll (file missing)
O20 - Winlogon Notify: jkkjg - C:\WINDOWS\system32\jkkjg.dll (file missing)
O20 - Winlogon Notify: mljge - C:\WINDOWS\system32\mljge.dll (file missing)
O20 - Winlogon Notify: mljgg - C:\WINDOWS\system32\mljgg.dll (file missing)
O20 - Winlogon Notify: mljji - C:\WINDOWS\system32\mljji.dll (file missing)
O20 - Winlogon Notify: mllji - C:\WINDOWS\system32\mllji.dll (file missing)
O20 - Winlogon Notify: mllml - C:\WINDOWS\system32\mllml.dll (file missing)
O20 - Winlogon Notify: nnnligf - nnnligf.dll (file missing)
O20 - Winlogon Notify: pmkhe - C:\WINDOWS\system32\pmkhe.dll (file missing)
O20 - Winlogon Notify: pmkhf - C:\WINDOWS\system32\pmkhf.dll (file missing)
O20 - Winlogon Notify: pmnlj - C:\WINDOWS\system32\pmnlj.dll (file missing)
O20 - Winlogon Notify: pmnll - C:\WINDOWS\system32\pmnll.dll (file missing)
O20 - Winlogon Notify: pmnlm - C:\WINDOWS\system32\pmnlm.dll (file missing)
O20 - Winlogon Notify: pmnnm - C:\WINDOWS\system32\pmnnm.dll (file missing)
O20 - Winlogon Notify: ssqro - C:\WINDOWS\system32\ssqro.dll (file missing)
O20 - Winlogon Notify: ssqrs - C:\WINDOWS\system32\ssqrs.dll (file missing)
O20 - Winlogon Notify: sstqn - C:\WINDOWS\system32\sstqn.dll (file missing)
O20 - Winlogon Notify: ssttt - C:\WINDOWS\system32\ssttt.dll (file missing)
O20 - Winlogon Notify: urqrrsr - urqrrsr.dll (file missing)
O20 - Winlogon Notify: vtsqn - C:\WINDOWS\system32\vtsqn.dll (file missing)
O20 - Winlogon Notify: vtsqo - C:\WINDOWS\system32\vtsqo.dll (file missing)
O20 - Winlogon Notify: vtuts - C:\WINDOWS\system32\vtuts.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Media Library Service(HP TVPlay) - Cyberlink - C:\Program Files\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: CyberLink Background Capture Service (CBCS HP TVPlay) (TVPCapSvc) - Unknown owner - C:\Program Files\HP\TVPlay\Kernel\TV\TVPCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS HP TVPlay) (TVPSched) - Unknown owner - C:\Program Files\HP\TVPlay\Kernel\TV\TVPSched.exe
0

Discussions similaires

C'est quoi "Win32:Trojan-gen {Other}"
Uzumaki -
Utilisateur anonyme -

5 réponses
Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
PUADlManager:Win32/OfferCore
tenmalade -
tenmalade -

2 réponses
win32:malware-gen bloqué par avast
ikkual -
Utilisateur anonyme -

69 réponses