"windows\system32\rundll 32.exe " a disp
Résolu
alias59
Messages postés
77
Date d'inscription
Statut
Membre
Dernière intervention
-
mlr972 -
mlr972 -
Bonjour,
mon pc me signal que "windows\system32\rundll 32.exe " a disparu
que faire ??
j'ai du le supprimer en effacant des lignes que l'anti virus me demandé de supprimer j'ai du faire une betise
help svp
merci
mon pc me signal que "windows\system32\rundll 32.exe " a disparu
que faire ??
j'ai du le supprimer en effacant des lignes que l'anti virus me demandé de supprimer j'ai du faire une betise
help svp
merci
A voir également:
- "windows\system32\rundll 32.exe " a disp
- Power iso 32 bit - Télécharger - Gravure
- 32 bits - Guide
- Télécharger windows 7 32 bits usb - Télécharger - Systèmes d'exploitation
- .Exe - Télécharger - Divers Utilitaires
- Clé windows 8 - Guide
106 réponses
on avance !!
VundoFix V6.7.7
Checking Java version...
Java version is 1.5.0.7
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Java version is 1.5.0.11
Scan started at 20:24:21 02/01/2008
Listing files found while scanning....
C:\WINDOWS\system32\adrqbamp.dll
C:\WINDOWS\system32\ghkmp.ini
C:\WINDOWS\system32\ghkmp.ini2
C:\WINDOWS\system32\pmabqrda.ini
C:\WINDOWS\system32\pmkhg.dll
C:\WINDOWS\system32\pmkhg.exe
Beginning removal...
Attempting to delete C:\WINDOWS\system32\adrqbamp.dll
C:\WINDOWS\system32\adrqbamp.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\ghkmp.ini
C:\WINDOWS\system32\ghkmp.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ghkmp.ini2
C:\WINDOWS\system32\ghkmp.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmabqrda.ini
C:\WINDOWS\system32\pmabqrda.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmkhg.dll
C:\WINDOWS\system32\pmkhg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmkhg.exe
C:\WINDOWS\system32\pmkhg.exe Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\adrqbamp.dll
C:\WINDOWS\system32\adrqbamp.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmkhg.dll
C:\WINDOWS\system32\pmkhg.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
VundoFix V6.7.7
Checking Java version...
Java version is 1.5.0.7
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Java version is 1.5.0.11
Scan started at 20:24:21 02/01/2008
Listing files found while scanning....
C:\WINDOWS\system32\adrqbamp.dll
C:\WINDOWS\system32\ghkmp.ini
C:\WINDOWS\system32\ghkmp.ini2
C:\WINDOWS\system32\pmabqrda.ini
C:\WINDOWS\system32\pmkhg.dll
C:\WINDOWS\system32\pmkhg.exe
Beginning removal...
Attempting to delete C:\WINDOWS\system32\adrqbamp.dll
C:\WINDOWS\system32\adrqbamp.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\ghkmp.ini
C:\WINDOWS\system32\ghkmp.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ghkmp.ini2
C:\WINDOWS\system32\ghkmp.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmabqrda.ini
C:\WINDOWS\system32\pmabqrda.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmkhg.dll
C:\WINDOWS\system32\pmkhg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmkhg.exe
C:\WINDOWS\system32\pmkhg.exe Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\adrqbamp.dll
C:\WINDOWS\system32\adrqbamp.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmkhg.dll
C:\WINDOWS\system32\pmkhg.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
ok il a y une teuf dans ton pc , on va les virer !
Télécharge sur le bureau
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
=> Double clic sur VirtumundoBeGone.exe
=> Clic Continue ==> clic Start
=> Clic Oui
=> A la fin si Vundo est présent , le PC s’éteint et redémarre
- Si Ecran bleu et message : Erreur fatale .. pas de problème
=> Poster le rapport VBG.TXT qui est sur le bureau
Télécharge sur le bureau
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
=> Double clic sur VirtumundoBeGone.exe
=> Clic Continue ==> clic Start
=> Clic Oui
=> A la fin si Vundo est présent , le PC s’éteint et redémarre
- Si Ecran bleu et message : Erreur fatale .. pas de problème
=> Poster le rapport VBG.TXT qui est sur le bureau
la teuf continu !!
le pc ne s'est pas eteintet il n'y a pas eut d'erreur fatale
voici donc le rapport
le pc ne s'est pas eteintet il n'y a pas eut d'erreur fatale
voici donc le rapport
ne t'inquiete pas on va leurs envoyer les tecktonics , y vons se carresser les cheveux devant eux , ca va les faires fuirent !! lol copie moi le rapport stp
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
[01/02/2008, 21:11:57] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\HiyamZ\Bureau\VirtumundoBeGone.exe" )
[01/02/2008, 21:12:05] - Detected System Information:
[01/02/2008, 21:12:05] - Windows Version: 5.1.2600, Service Pack 2
[01/02/2008, 21:12:05] - Current Username: HiyamZ (Admin)
[01/02/2008, 21:12:05] - Windows is in NORMAL mode.
[01/02/2008, 21:12:05] - Searching for Browser Helper Objects:
[01/02/2008, 21:12:05] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[01/02/2008, 21:12:05] - BHO 2: {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} (Dcads Search Assistant)
[01/02/2008, 21:12:05] - BHO 3: {2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917} ()
[01/02/2008, 21:12:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/02/2008, 21:12:05] - Checking for HKLM\...\Winlogon\Notify\byxxvst
[01/02/2008, 21:12:05] - Key not found: HKLM\...\Winlogon\Notify\byxxvst, continuing.
[01/02/2008, 21:12:05] - BHO 4: {4AD44D3E-7316-4251-B754-9B10EC96AF92} (superiorads)
[01/02/2008, 21:12:05] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/02/2008, 21:12:05] - BHO 6: {783957E7-7EA7-456C-9254-3BFC0A003CAC} ()
[01/02/2008, 21:12:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/02/2008, 21:12:05] - Checking for HKLM\...\Winlogon\Notify\pmkhg
[01/02/2008, 21:12:05] - Key not found: HKLM\...\Winlogon\Notify\pmkhg, continuing.
[01/02/2008, 21:12:05] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[01/02/2008, 21:12:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/02/2008, 21:12:05] - No filename found. Continuing.
[01/02/2008, 21:12:05] - BHO 8: {8E015787-B1E3-404a-95DE-3E71E1FA0305} (browser optimizer superiorads)
[01/02/2008, 21:12:05] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[01/02/2008, 21:12:05] - BHO 10: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[01/02/2008, 21:12:05] - BHO 11: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[01/02/2008, 21:12:05] - Finished Searching Browser Helper Objects
[01/02/2008, 21:12:05] - Finishing up...
[01/02/2008, 21:12:05] - Nothing found! Exiting...
[01/02/2008, 21:12:05] - Detected System Information:
[01/02/2008, 21:12:05] - Windows Version: 5.1.2600, Service Pack 2
[01/02/2008, 21:12:05] - Current Username: HiyamZ (Admin)
[01/02/2008, 21:12:05] - Windows is in NORMAL mode.
[01/02/2008, 21:12:05] - Searching for Browser Helper Objects:
[01/02/2008, 21:12:05] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[01/02/2008, 21:12:05] - BHO 2: {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} (Dcads Search Assistant)
[01/02/2008, 21:12:05] - BHO 3: {2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917} ()
[01/02/2008, 21:12:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/02/2008, 21:12:05] - Checking for HKLM\...\Winlogon\Notify\byxxvst
[01/02/2008, 21:12:05] - Key not found: HKLM\...\Winlogon\Notify\byxxvst, continuing.
[01/02/2008, 21:12:05] - BHO 4: {4AD44D3E-7316-4251-B754-9B10EC96AF92} (superiorads)
[01/02/2008, 21:12:05] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/02/2008, 21:12:05] - BHO 6: {783957E7-7EA7-456C-9254-3BFC0A003CAC} ()
[01/02/2008, 21:12:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/02/2008, 21:12:05] - Checking for HKLM\...\Winlogon\Notify\pmkhg
[01/02/2008, 21:12:05] - Key not found: HKLM\...\Winlogon\Notify\pmkhg, continuing.
[01/02/2008, 21:12:05] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[01/02/2008, 21:12:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/02/2008, 21:12:05] - No filename found. Continuing.
[01/02/2008, 21:12:05] - BHO 8: {8E015787-B1E3-404a-95DE-3E71E1FA0305} (browser optimizer superiorads)
[01/02/2008, 21:12:05] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[01/02/2008, 21:12:05] - BHO 10: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[01/02/2008, 21:12:05] - BHO 11: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[01/02/2008, 21:12:05] - Finished Searching Browser Helper Objects
[01/02/2008, 21:12:05] - Finishing up...
[01/02/2008, 21:12:05] - Nothing found! Exiting...
Note : Le rapport se trouve également là : C:\Combofix.txt+
va dans demarer / post de travail / tu va sur le disque dure tu double clic / cherche le rapport cite copie et colle le ici
va dans demarer / post de travail / tu va sur le disque dure tu double clic / cherche le rapport cite copie et colle le ici
yess !!! enfin je l'ai trouvé ce rapport !!! il etait partie faire la teuf aussi dsl pour le retard mais la chasse aux rapport n'est pas simple pour un novice .
merci pour ta patience .
ComboFix 08-01-03.3 - HiyamZ 2008-01-03 22:12:06.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.142 [GMT 1:00]
Running from: C:\Documents and Settings\HiyamZ\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping\view exit .exe
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006
C:\Program Files\deskbar
C:\Program Files\deskbar\background.bmp
C:\Program Files\deskbar\Thumbs.db
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\outlook
C:\Program Files\outlook\outlook .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
C:\WINDOWS\crosof~1
C:\WINDOWS\crosof~1\??crosoft\
C:\WINDOWS\system32\ghkmp.ini
C:\WINDOWS\system32\ghkmp.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pmkhg.dll
C:\WINDOWS\system32\pmkhg.exe
C:\WINDOWS\system32\sprt_ads.dll
C:\WINDOWS\system32\stera.job
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\wtssvcc32.exe
[code]
"C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping\view exit .exe" moved to QooBox
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" moved to QooBox
Error moving C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe to C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe: 5.
Error moving C:\Program Files\QuickTime\QTTask .exe to C:\Program Files\QuickTime\QTTask.exe: 5.
Error moving C:\Program Files\QuickTime\QTTask .exe to C:\Program Files\QuickTime\QTTask.exe: 5.
Error moving C:\Program Files\QuickTime\QTTask .exe to C:\Program Files\QuickTime\QTTask.exe: 5.
[/code]
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FOPN
-------\LEGACY_VSPF
-------\LEGACY_VSPF_HK
-------\vspf
-------\vspf_hk
((((((((((((((((((((((((((((( Fichiers créés 2007-12-03 to 2008-01-03 ))))))))))))))))))))))))))))))))))))
.
2008-01-02 21:28 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-02 20:24 . 2008-01-02 20:56 <REP> d----c--- C:\VundoFix Backups
2008-01-02 18:07 . 2008-01-02 18:07 <REP> d-------- C:\WINDOWS\ERUNT
2008-01-02 17:59 . 2008-01-02 17:59 38,468 --a------ C:\WINDOWS\Administrateur.acl
2008-01-02 17:22 . 2008-01-02 17:22 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Application Data\Talkback
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Voisinage réseau
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Voisinage d'impression
2008-01-02 17:19 . 2006-06-28 22:50 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Modèles
2008-01-02 17:19 . 2008-01-02 17:58 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Mes documents
2008-01-02 17:19 . 2006-06-28 23:46 <REP> dr------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Menu Démarrer
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Favoris
2008-01-02 17:19 . 2008-01-02 17:57 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Bureau
2008-01-02 02:31 . 2008-01-02 02:31 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-01-02 02:30 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-02 02:03 . 2008-01-02 12:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-02 02:03 . 2008-01-02 02:03 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-31 03:21 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-31 03:09 . 2008-01-02 02:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-31 02:39 . 2007-12-31 02:39 <REP> d-------- C:\Program Files\Trend Micro
2007-12-30 20:18 . 2008-01-02 12:23 221,184 --a------ C:\WINDOWS\system32\LVCOMSX .EXE
2007-12-30 20:18 . 2008-01-02 12:23 155,648 --a------ C:\WINDOWS\system32\NeroCheck .exe
2007-12-30 20:16 . 2008-01-02 12:52 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-30 20:10 . 2007-12-30 20:10 <REP> d-------- C:\Program Files\Picasa2
2007-12-30 20:03 . 2007-12-30 20:10 <REP> d-------- C:\Documents and Settings\Administrateur\Modèles
2007-12-29 16:16 . 2008-01-02 10:31 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-29 16:16 . 2008-01-02 10:31 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-29 16:13 . 2008-01-03 21:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-29 16:13 . 2008-01-03 22:16 1,200,672 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-29 16:13 . 2008-01-03 22:16 56,096 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-29 16:13 . 2008-01-03 21:36 16,844 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-29 16:13 . 2008-01-03 21:36 6,140 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-29 15:56 . 2007-12-29 15:56 <REP> d-------- C:\WINDOWS\43D1F052544F468E99443791243FF672.TMP
2007-12-29 15:53 . 2007-12-29 15:53 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-29 15:52 . 2008-01-01 22:15 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-29 15:42 . 2007-12-29 15:42 <REP> d-------- C:\Program Files\Dcads Games Collection
2007-12-29 15:42 . 2007-12-29 15:43 80,097 --a------ C:\WINDOWS\system32\dcads-remove.exe
2007-12-29 15:42 . 2007-12-29 15:43 77,360 --a------ C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
2007-12-29 15:42 . 2007-12-29 15:43 40,734 --a------ C:\WINDOWS\system32\superiorads-uninst.exe
2007-12-28 15:22 . 2007-12-28 15:22 <REP> d-------- C:\Program Files\Datel
2007-12-28 13:34 . 2007-12-28 13:34 319,488 --a------ C:\WINDOWS\system32\dcads_sidebar.dll
2007-12-28 11:24 . 2007-12-28 11:24 <REP> d-------- C:\Program Files\Compedia
2007-12-28 11:24 . 2007-12-28 11:24 131 --a------ C:\WINDOWS\compedia.ini
2007-12-27 11:22 . 2008-01-03 21:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping
2007-12-26 23:53 . 2007-12-26 23:54 1,359,872 --a------ C:\WINDOWS\outlook.pst
2007-12-26 23:53 . 2007-12-26 23:53 9,346 --a------ C:\WINDOWS\extend.dat
2007-12-25 11:41 . 2008-01-02 12:23 <REP> d-------- C:\Program Files\iTunes
2007-12-25 11:30 . 2007-12-25 11:30 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-12-25 09:29 . 2007-12-25 09:29 <REP> d-------- C:\Documents and Settings\HiyamZ\Application Data\Apple Computer
2007-12-25 09:28 . 2007-12-25 11:41 <REP> d-------- C:\Program Files\iPod
2007-12-25 09:28 . 2004-12-18 20:32 38,229 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-09 13:35 . 2007-12-09 13:35 <REP> d--hs---- C:\WINDOWS\ftpcache
2007-12-09 13:34 . 2007-12-09 13:34 <REP> d-------- C:\Program Files\Defenseurs Di-Gata - Kellogs
2007-12-09 13:34 . 2007-12-09 13:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-03 20:35 --------- d-----w C:\Program Files\QuickTime
2008-01-02 11:23 --------- d-----w C:\Program Files\Messager Wanadoo
2008-01-02 01:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-31 00:04 --------- d-----w C:\Program Files\Google
2007-12-30 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-12-29 14:59 --------- d-----w C:\Program Files\Network Associates
2007-12-29 14:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Network Associates
2007-12-29 13:15 --------- d-----w C:\Program Files\DivX
2007-12-28 10:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 10:20 --------- d-----w C:\Program Files\MSN Messenger
2007-12-26 10:37 --------- d-----w C:\Documents and Settings\HiyamZ\Application Data\LimeWire
2007-12-25 10:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-10 20:27 --------- d-----w C:\Program Files\Java
2007-12-01 14:39 --------- d-----w C:\Program Files\PhotoDeluxe HE 3.1
2007-11-30 06:03 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-30 06:03 --------- d-----w C:\Program Files\Windows Live Favorites
2007-11-23 13:16 --------- d-----w C:\Program Files\Apple Software Update
2007-11-23 13:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-11-13 10:25 20,480 ----a-r C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 13:12 --------- d-----w C:\Program Files\Wanadoo
2007-11-10 12:46 --------- d-----w C:\Documents and Settings\TEMP\Application Data\Talkback
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\quartz.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
.
[code]
----a-w 39,792 2008-01-02 11:24:42 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w 32,768 2008-01-02 11:23:23 C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
----a-w 185,632 2008-01-02 11:24:56 C:\Program Files\Fichiers communs\Real\Update_OB\realsched .exe
----a-w 68,856 2007-12-31 00:03:37 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w 49,152 2008-01-02 11:24:17 C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
----a-w 81,983 2008-01-02 01:16:04 C:\Program Files\InstantTouch\bin\ITLAUN~1 .EXE
----a-w 267,048 2008-01-02 11:25:23 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 132,496 2008-01-02 11:24:00 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w 218,376 2008-01-02 19:58:51 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
----a-w 458,752 2008-01-02 11:23:54 C:\Program Files\Logitech\Video\ISStart .exe
----a-w 217,088 2008-01-02 11:23:57 C:\Program Files\Logitech\Video\LogiTray .exe
----a-w 196,608 2008-01-02 01:16:02 C:\Program Files\Logitech\Video\ManifestEngine .exe
----a-w 32,768 2008-01-02 11:24:33 C:\Program Files\Messager Wanadoo\StartMessager .exe
----a-w 135,224 2008-01-02 11:23:27 C:\Program Files\Network Associates\Common Framework\UpdaterUI .exe
----a-w 81,990 2008-01-02 11:23:27 C:\Program Files\Network Associates\VirusScan\SHSTAT .EXE
----a-w 662,016 2007-12-31 01:14:51 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 23:35:23 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 19:55:37 C:\Program Files\QuickTime\QTTask .exe
----a-w 37,888 2008-01-02 11:23:32 C:\Program Files\TextBridge Pro 8.0\Bin\INSTAN~1 .EXE
----a-w 23,040 2008-01-02 11:23:44 C:\Program Files\TextBridge Pro 8.0\Bin\REGIST~1 .EXE
----a-w 15,360 2008-01-02 11:52:24 C:\WINDOWS\system32\ctfmon .exe
----a-w 221,184 2008-01-02 11:23:45 C:\WINDOWS\system32\LVCOMSX .EXE
----a-w 155,648 2008-01-02 11:23:23 C:\WINDOWS\system32\NeroCheck .exe
[/code]
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
2007-12-28 13:34 319488 --a------ C:\WINDOWS\system32\dcads_sidebar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917}]
C:\WINDOWS\system32\byxxvst.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E015787-B1E3-404a-95DE-3E71E1FA0305}]
C:\WINDOWS\system32\spads.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [ ]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr .exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-09-01 09:28 53248 C:\WINDOWS\system32\VTTimer.exe]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [ ]
"SecuUFD"="" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [ ]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe" [2008-01-02 20:58 218376]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-01-03 21:40 7485952]
"f856e254"="C:\WINDOWS\system32\adrqbamp.dll" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [ ]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage d'Office.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-08-28 23:00:00]
Gestionnaire Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE [1997-08-28 23:00:00]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26]
Microsoft Recherche acc‚l‚r‚e.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-08-28 23:00:00]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-06-28 23:06:15]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917}"= C:\WINDOWS\system32\byxxvst.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxxvst]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 03:00]
R2 avp ;avp ;"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe" [2008-01-02 20:58]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S2 SampleScanner;USB-Flachbettscanner;C:\WINDOWS\system32\DRIVERS\ArtecGT.sys []
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 18:08]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 18:11]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 18:11]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 18:13]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 18:15]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-29 15:11:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-03 20:40:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-03 22:16:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-03 22:17:56
ComboFix-quarantined-files.txt 2008-01-03 21:17:36
.
2007-12-28 00:06:34 --- E O F ---
merci pour ta patience .
ComboFix 08-01-03.3 - HiyamZ 2008-01-03 22:12:06.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.142 [GMT 1:00]
Running from: C:\Documents and Settings\HiyamZ\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping\view exit .exe
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006
C:\Program Files\deskbar
C:\Program Files\deskbar\background.bmp
C:\Program Files\deskbar\Thumbs.db
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\outlook
C:\Program Files\outlook\outlook .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
C:\WINDOWS\crosof~1
C:\WINDOWS\crosof~1\??crosoft\
C:\WINDOWS\system32\ghkmp.ini
C:\WINDOWS\system32\ghkmp.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pmkhg.dll
C:\WINDOWS\system32\pmkhg.exe
C:\WINDOWS\system32\sprt_ads.dll
C:\WINDOWS\system32\stera.job
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\wtssvcc32.exe
[code]
"C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping\view exit .exe" moved to QooBox
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" moved to QooBox
Error moving C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe to C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe: 5.
Error moving C:\Program Files\QuickTime\QTTask .exe to C:\Program Files\QuickTime\QTTask.exe: 5.
Error moving C:\Program Files\QuickTime\QTTask .exe to C:\Program Files\QuickTime\QTTask.exe: 5.
Error moving C:\Program Files\QuickTime\QTTask .exe to C:\Program Files\QuickTime\QTTask.exe: 5.
[/code]
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FOPN
-------\LEGACY_VSPF
-------\LEGACY_VSPF_HK
-------\vspf
-------\vspf_hk
((((((((((((((((((((((((((((( Fichiers créés 2007-12-03 to 2008-01-03 ))))))))))))))))))))))))))))))))))))
.
2008-01-02 21:28 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-02 20:24 . 2008-01-02 20:56 <REP> d----c--- C:\VundoFix Backups
2008-01-02 18:07 . 2008-01-02 18:07 <REP> d-------- C:\WINDOWS\ERUNT
2008-01-02 17:59 . 2008-01-02 17:59 38,468 --a------ C:\WINDOWS\Administrateur.acl
2008-01-02 17:22 . 2008-01-02 17:22 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Application Data\Talkback
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Voisinage réseau
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Voisinage d'impression
2008-01-02 17:19 . 2006-06-28 22:50 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Modèles
2008-01-02 17:19 . 2008-01-02 17:58 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Mes documents
2008-01-02 17:19 . 2006-06-28 23:46 <REP> dr------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Menu Démarrer
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Favoris
2008-01-02 17:19 . 2008-01-02 17:57 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Bureau
2008-01-02 02:31 . 2008-01-02 02:31 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-01-02 02:30 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-02 02:03 . 2008-01-02 12:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-02 02:03 . 2008-01-02 02:03 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-31 03:21 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-31 03:09 . 2008-01-02 02:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-31 02:39 . 2007-12-31 02:39 <REP> d-------- C:\Program Files\Trend Micro
2007-12-30 20:18 . 2008-01-02 12:23 221,184 --a------ C:\WINDOWS\system32\LVCOMSX .EXE
2007-12-30 20:18 . 2008-01-02 12:23 155,648 --a------ C:\WINDOWS\system32\NeroCheck .exe
2007-12-30 20:16 . 2008-01-02 12:52 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-30 20:10 . 2007-12-30 20:10 <REP> d-------- C:\Program Files\Picasa2
2007-12-30 20:03 . 2007-12-30 20:10 <REP> d-------- C:\Documents and Settings\Administrateur\Modèles
2007-12-29 16:16 . 2008-01-02 10:31 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-29 16:16 . 2008-01-02 10:31 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-29 16:13 . 2008-01-03 21:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-29 16:13 . 2008-01-03 22:16 1,200,672 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-29 16:13 . 2008-01-03 22:16 56,096 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-29 16:13 . 2008-01-03 21:36 16,844 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-29 16:13 . 2008-01-03 21:36 6,140 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-29 15:56 . 2007-12-29 15:56 <REP> d-------- C:\WINDOWS\43D1F052544F468E99443791243FF672.TMP
2007-12-29 15:53 . 2007-12-29 15:53 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-29 15:52 . 2008-01-01 22:15 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-29 15:42 . 2007-12-29 15:42 <REP> d-------- C:\Program Files\Dcads Games Collection
2007-12-29 15:42 . 2007-12-29 15:43 80,097 --a------ C:\WINDOWS\system32\dcads-remove.exe
2007-12-29 15:42 . 2007-12-29 15:43 77,360 --a------ C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
2007-12-29 15:42 . 2007-12-29 15:43 40,734 --a------ C:\WINDOWS\system32\superiorads-uninst.exe
2007-12-28 15:22 . 2007-12-28 15:22 <REP> d-------- C:\Program Files\Datel
2007-12-28 13:34 . 2007-12-28 13:34 319,488 --a------ C:\WINDOWS\system32\dcads_sidebar.dll
2007-12-28 11:24 . 2007-12-28 11:24 <REP> d-------- C:\Program Files\Compedia
2007-12-28 11:24 . 2007-12-28 11:24 131 --a------ C:\WINDOWS\compedia.ini
2007-12-27 11:22 . 2008-01-03 21:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping
2007-12-26 23:53 . 2007-12-26 23:54 1,359,872 --a------ C:\WINDOWS\outlook.pst
2007-12-26 23:53 . 2007-12-26 23:53 9,346 --a------ C:\WINDOWS\extend.dat
2007-12-25 11:41 . 2008-01-02 12:23 <REP> d-------- C:\Program Files\iTunes
2007-12-25 11:30 . 2007-12-25 11:30 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-12-25 09:29 . 2007-12-25 09:29 <REP> d-------- C:\Documents and Settings\HiyamZ\Application Data\Apple Computer
2007-12-25 09:28 . 2007-12-25 11:41 <REP> d-------- C:\Program Files\iPod
2007-12-25 09:28 . 2004-12-18 20:32 38,229 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-09 13:35 . 2007-12-09 13:35 <REP> d--hs---- C:\WINDOWS\ftpcache
2007-12-09 13:34 . 2007-12-09 13:34 <REP> d-------- C:\Program Files\Defenseurs Di-Gata - Kellogs
2007-12-09 13:34 . 2007-12-09 13:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-03 20:35 --------- d-----w C:\Program Files\QuickTime
2008-01-02 11:23 --------- d-----w C:\Program Files\Messager Wanadoo
2008-01-02 01:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-31 00:04 --------- d-----w C:\Program Files\Google
2007-12-30 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-12-29 14:59 --------- d-----w C:\Program Files\Network Associates
2007-12-29 14:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Network Associates
2007-12-29 13:15 --------- d-----w C:\Program Files\DivX
2007-12-28 10:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 10:20 --------- d-----w C:\Program Files\MSN Messenger
2007-12-26 10:37 --------- d-----w C:\Documents and Settings\HiyamZ\Application Data\LimeWire
2007-12-25 10:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-10 20:27 --------- d-----w C:\Program Files\Java
2007-12-01 14:39 --------- d-----w C:\Program Files\PhotoDeluxe HE 3.1
2007-11-30 06:03 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-30 06:03 --------- d-----w C:\Program Files\Windows Live Favorites
2007-11-23 13:16 --------- d-----w C:\Program Files\Apple Software Update
2007-11-23 13:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-11-13 10:25 20,480 ----a-r C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 13:12 --------- d-----w C:\Program Files\Wanadoo
2007-11-10 12:46 --------- d-----w C:\Documents and Settings\TEMP\Application Data\Talkback
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\quartz.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
.
[code]
----a-w 39,792 2008-01-02 11:24:42 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w 32,768 2008-01-02 11:23:23 C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
----a-w 185,632 2008-01-02 11:24:56 C:\Program Files\Fichiers communs\Real\Update_OB\realsched .exe
----a-w 68,856 2007-12-31 00:03:37 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w 49,152 2008-01-02 11:24:17 C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
----a-w 81,983 2008-01-02 01:16:04 C:\Program Files\InstantTouch\bin\ITLAUN~1 .EXE
----a-w 267,048 2008-01-02 11:25:23 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 132,496 2008-01-02 11:24:00 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w 218,376 2008-01-02 19:58:51 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
----a-w 458,752 2008-01-02 11:23:54 C:\Program Files\Logitech\Video\ISStart .exe
----a-w 217,088 2008-01-02 11:23:57 C:\Program Files\Logitech\Video\LogiTray .exe
----a-w 196,608 2008-01-02 01:16:02 C:\Program Files\Logitech\Video\ManifestEngine .exe
----a-w 32,768 2008-01-02 11:24:33 C:\Program Files\Messager Wanadoo\StartMessager .exe
----a-w 135,224 2008-01-02 11:23:27 C:\Program Files\Network Associates\Common Framework\UpdaterUI .exe
----a-w 81,990 2008-01-02 11:23:27 C:\Program Files\Network Associates\VirusScan\SHSTAT .EXE
----a-w 662,016 2007-12-31 01:14:51 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 23:35:23 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 19:55:37 C:\Program Files\QuickTime\QTTask .exe
----a-w 37,888 2008-01-02 11:23:32 C:\Program Files\TextBridge Pro 8.0\Bin\INSTAN~1 .EXE
----a-w 23,040 2008-01-02 11:23:44 C:\Program Files\TextBridge Pro 8.0\Bin\REGIST~1 .EXE
----a-w 15,360 2008-01-02 11:52:24 C:\WINDOWS\system32\ctfmon .exe
----a-w 221,184 2008-01-02 11:23:45 C:\WINDOWS\system32\LVCOMSX .EXE
----a-w 155,648 2008-01-02 11:23:23 C:\WINDOWS\system32\NeroCheck .exe
[/code]
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
2007-12-28 13:34 319488 --a------ C:\WINDOWS\system32\dcads_sidebar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917}]
C:\WINDOWS\system32\byxxvst.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E015787-B1E3-404a-95DE-3E71E1FA0305}]
C:\WINDOWS\system32\spads.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [ ]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr .exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-09-01 09:28 53248 C:\WINDOWS\system32\VTTimer.exe]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [ ]
"SecuUFD"="" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [ ]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe" [2008-01-02 20:58 218376]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-01-03 21:40 7485952]
"f856e254"="C:\WINDOWS\system32\adrqbamp.dll" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [ ]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage d'Office.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-08-28 23:00:00]
Gestionnaire Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE [1997-08-28 23:00:00]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26]
Microsoft Recherche acc‚l‚r‚e.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-08-28 23:00:00]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-06-28 23:06:15]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917}"= C:\WINDOWS\system32\byxxvst.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxxvst]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 03:00]
R2 avp ;avp ;"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe" [2008-01-02 20:58]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S2 SampleScanner;USB-Flachbettscanner;C:\WINDOWS\system32\DRIVERS\ArtecGT.sys []
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 18:08]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 18:11]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 18:11]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 18:13]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 18:15]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-29 15:11:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-03 20:40:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-03 22:16:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-03 22:17:56
ComboFix-quarantined-files.txt 2008-01-03 21:17:36
.
2007-12-28 00:06:34 --- E O F ---
voilà chef
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:29:17, on 03/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Dcads Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dll
O2 - BHO: (no name) - {2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917} - C:\WINDOWS\system32\byxxvst.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: browser optimizer superiorads - {8E015787-B1E3-404a-95DE-3E71E1FA0305} - C:\WINDOWS\system32\spads.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [f856e254] rundll32.exe "C:\WINDOWS\system32\adrqbamp.dll",b
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe" /background
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Gestionnaire Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D3D0E7BC-170E-11D0-B2D1-00AA00B92B50} (FireEvent Control) - http://sfr.fr.web.ftmd.musiwave.com/dlm/ax/fireev.1.0.0.4.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: byxxvst - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (file missing)
O23 - Service: avp - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:29:17, on 03/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Dcads Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dll
O2 - BHO: (no name) - {2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917} - C:\WINDOWS\system32\byxxvst.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: browser optimizer superiorads - {8E015787-B1E3-404a-95DE-3E71E1FA0305} - C:\WINDOWS\system32\spads.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [f856e254] rundll32.exe "C:\WINDOWS\system32\adrqbamp.dll",b
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe" /background
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Gestionnaire Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D3D0E7BC-170E-11D0-B2D1-00AA00B92B50} (FireEvent Control) - http://sfr.fr.web.ftmd.musiwave.com/dlm/ax/fireev.1.0.0.4.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: byxxvst - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (file missing)
O23 - Service: avp - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
Bonsoir tout le monde
Sur demande de Carrosier, je viens fourrer mon nez par ici ;)
Tu es victime d une infection récalcitrante et tenace, certains fichiers légitimes ont été renommés par l'infection, tout d'abord, j ai besoin d un autre rapport :
Télécharge RenV.exe d'sUBs sur ton Bureau:
http://download.bleepingcomputer.com/sUBs/Beta/RenV.exe
Double-clique sur RenV.exe pour le lancer, et patiente.
Un rapport, log.txt, sera crée, et s'ouvrira à la fin du scan, poste le en réponse.
@ suivre
Sur demande de Carrosier, je viens fourrer mon nez par ici ;)
Tu es victime d une infection récalcitrante et tenace, certains fichiers légitimes ont été renommés par l'infection, tout d'abord, j ai besoin d un autre rapport :
Télécharge RenV.exe d'sUBs sur ton Bureau:
http://download.bleepingcomputer.com/sUBs/Beta/RenV.exe
Double-clique sur RenV.exe pour le lancer, et patiente.
Un rapport, log.txt, sera crée, et s'ouvrira à la fin du scan, poste le en réponse.
@ suivre
Hello
Après avoir fait ce que je te demande message précédent (29), évite de redémarrer le PC et de l'éteindre.
Merci.
@ bientôt.
Après avoir fait ce que je te demande message précédent (29), évite de redémarrer le PC et de l'éteindre.
Merci.
@ bientôt.
bonjour alias59, le sioux , DLLD ! je ne t'ai pas abandonner , ton infection est une new generation j'ai donc fait appele a un exorciste indien !(lol) qu'y as beaucoup plus d'experience que moi , fait ce qu'il te demande il va te regler ca en quelques tafs de calumet ! lol je reste derriere et suis tout ca avec attention !!
bonsoir amis du soir
voici le rapport demandé
[code]
Ran on 05/01/2008 - 0:28:48,65
----a-w 39,792 2008-01-02 11:24:42 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w 32,768 2008-01-02 11:23:23 C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
----a-w 185,632 2008-01-02 11:24:56 C:\Program Files\Fichiers communs\Real\Update_OB\realsched .exe
----a-w 68,856 2007-12-31 00:03:37 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w 6,731,312 2008-01-04 14:03:11 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
----a-w 49,152 2008-01-02 11:24:17 C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
----a-w 81,983 2008-01-02 01:16:04 C:\Program Files\InstantTouch\bin\ITLAUN~1 .EXE
----a-w 267,048 2008-01-02 11:25:23 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 132,496 2008-01-02 11:24:00 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w 218,376 2008-01-02 19:58:51 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
----a-w 458,752 2008-01-02 11:23:54 C:\Program Files\Logitech\Video\ISStart .exe
----a-w 217,088 2008-01-02 11:23:57 C:\Program Files\Logitech\Video\LogiTray .exe
----a-w 196,608 2008-01-02 01:16:02 C:\Program Files\Logitech\Video\ManifestEngine .exe
----a-w 32,768 2008-01-02 11:24:33 C:\Program Files\Messager Wanadoo\StartMessager .exe
----a-w 1,694,208 2008-01-04 23:04:02 C:\Program Files\Messenger\msmsgs .exe
----a-w 135,224 2008-01-02 11:23:27 C:\Program Files\Network Associates\Common Framework\UpdaterUI .exe
----a-w 81,990 2008-01-02 11:23:27 C:\Program Files\Network Associates\VirusScan\SHSTAT .EXE
----a-w 662,016 2007-12-31 01:14:51 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 23:35:23 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 19:55:37 C:\Program Files\QuickTime\QTTask .exe
----a-w 37,888 2008-01-02 11:23:32 C:\Program Files\TextBridge Pro 8.0\Bin\INSTAN~1 .EXE
----a-w 23,040 2008-01-02 11:23:44 C:\Program Files\TextBridge Pro 8.0\Bin\REGIST~1 .EXE
----a-w 15,360 2008-01-02 11:52:24 C:\WINDOWS\system32\ctfmon .exe
----a-w 221,184 2008-01-02 11:23:45 C:\WINDOWS\system32\LVCOMSX .EXE
----a-w 155,648 2008-01-02 11:23:23 C:\WINDOWS\system32\NeroCheck .exe
Entries: 25 (25)
Directories: 0 Files: 25
Bytes: 13,063,221 Blocks: 25,520
[/code]
voici le rapport demandé
[code]
Ran on 05/01/2008 - 0:28:48,65
----a-w 39,792 2008-01-02 11:24:42 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w 32,768 2008-01-02 11:23:23 C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
----a-w 185,632 2008-01-02 11:24:56 C:\Program Files\Fichiers communs\Real\Update_OB\realsched .exe
----a-w 68,856 2007-12-31 00:03:37 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w 6,731,312 2008-01-04 14:03:11 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
----a-w 49,152 2008-01-02 11:24:17 C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
----a-w 81,983 2008-01-02 01:16:04 C:\Program Files\InstantTouch\bin\ITLAUN~1 .EXE
----a-w 267,048 2008-01-02 11:25:23 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 132,496 2008-01-02 11:24:00 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w 218,376 2008-01-02 19:58:51 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
----a-w 458,752 2008-01-02 11:23:54 C:\Program Files\Logitech\Video\ISStart .exe
----a-w 217,088 2008-01-02 11:23:57 C:\Program Files\Logitech\Video\LogiTray .exe
----a-w 196,608 2008-01-02 01:16:02 C:\Program Files\Logitech\Video\ManifestEngine .exe
----a-w 32,768 2008-01-02 11:24:33 C:\Program Files\Messager Wanadoo\StartMessager .exe
----a-w 1,694,208 2008-01-04 23:04:02 C:\Program Files\Messenger\msmsgs .exe
----a-w 135,224 2008-01-02 11:23:27 C:\Program Files\Network Associates\Common Framework\UpdaterUI .exe
----a-w 81,990 2008-01-02 11:23:27 C:\Program Files\Network Associates\VirusScan\SHSTAT .EXE
----a-w 662,016 2007-12-31 01:14:51 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 23:35:23 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 19:55:37 C:\Program Files\QuickTime\QTTask .exe
----a-w 37,888 2008-01-02 11:23:32 C:\Program Files\TextBridge Pro 8.0\Bin\INSTAN~1 .EXE
----a-w 23,040 2008-01-02 11:23:44 C:\Program Files\TextBridge Pro 8.0\Bin\REGIST~1 .EXE
----a-w 15,360 2008-01-02 11:52:24 C:\WINDOWS\system32\ctfmon .exe
----a-w 221,184 2008-01-02 11:23:45 C:\WINDOWS\system32\LVCOMSX .EXE
----a-w 155,648 2008-01-02 11:23:23 C:\WINDOWS\system32\NeroCheck .exe
Entries: 25 (25)
Directories: 0 Files: 25
Bytes: 13,063,221 Blocks: 25,520
[/code]
Bonsoir Alias
Crée un nouveau document texte :
Clic droit de souris sur le bureau, "Nouveau"> "Document Texte". Ouvre-le et copie-colle dedans de ce qui est en citation ci-dessous, (copie tout d'un trait) :
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched .exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
C:\Program Files\InstantTouch\bin\ITLAUN~1 .EXE
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
C:\Program Files\Logitech\Video\ISStart .exe
C:\Program Files\Logitech\Video\LogiTray .exe
C:\Program Files\Logitech\Video\ManifestEngine .exe
C:\Program Files\Messager Wanadoo\StartMessager .exe
C:\Program Files\Messenger\msmsgs .exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI .exe
C:\Program Files\Network Associates\VirusScan\SHSTAT .EXE
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\TextBridge Pro 8.0\Bin\INSTAN~1 .EXE
C:\Program Files\TextBridge Pro 8.0\Bin\REGIST~1 .EXE
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\LVCOMSX .EXE
C:\WINDOWS\system32\NeroCheck .exe
* Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>
* Choisis "Enregistrer sous" et choisis "Bureau"
* Dans le champs "Nom du fichier" en bas de page donne le nom suivant : Log.txt
* Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"
* ferme ce fichier txt nouvellement crée.
Puis fait un glisser/déposer de ce fichier Log.txt sur le fichier RenV.exe
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Ne redémarre pas le PC, ne l'eteinds pas non plus, on doit enchaîner par une autre manip une fois que tu m'auras transmis ce 1er rapport.
@ suivre
Crée un nouveau document texte :
Clic droit de souris sur le bureau, "Nouveau"> "Document Texte". Ouvre-le et copie-colle dedans de ce qui est en citation ci-dessous, (copie tout d'un trait) :
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched .exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
C:\Program Files\InstantTouch\bin\ITLAUN~1 .EXE
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
C:\Program Files\Logitech\Video\ISStart .exe
C:\Program Files\Logitech\Video\LogiTray .exe
C:\Program Files\Logitech\Video\ManifestEngine .exe
C:\Program Files\Messager Wanadoo\StartMessager .exe
C:\Program Files\Messenger\msmsgs .exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI .exe
C:\Program Files\Network Associates\VirusScan\SHSTAT .EXE
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\TextBridge Pro 8.0\Bin\INSTAN~1 .EXE
C:\Program Files\TextBridge Pro 8.0\Bin\REGIST~1 .EXE
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\LVCOMSX .EXE
C:\WINDOWS\system32\NeroCheck .exe
* Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>
* Choisis "Enregistrer sous" et choisis "Bureau"
* Dans le champs "Nom du fichier" en bas de page donne le nom suivant : Log.txt
* Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"
* ferme ce fichier txt nouvellement crée.
Puis fait un glisser/déposer de ce fichier Log.txt sur le fichier RenV.exe
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Ne redémarre pas le PC, ne l'eteinds pas non plus, on doit enchaîner par une autre manip une fois que tu m'auras transmis ce 1er rapport.
@ suivre
voilà j'espere que j'ai bon jusque là ?
[code]
Ran on 05/01/2008 - 0:40:15,65
----a-w 39,792 2008-01-02 11:24:42 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w 32,768 2008-01-02 11:23:23 C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
----a-w 185,632 2008-01-02 11:24:56 C:\Program Files\Fichiers communs\Real\Update_OB\realsched .exe
----a-w 68,856 2007-12-31 00:03:37 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w 6,731,312 2008-01-04 14:03:11 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
----a-w 49,152 2008-01-02 11:24:17 C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
----a-w 81,983 2008-01-02 01:16:04 C:\Program Files\InstantTouch\bin\ITLAUN~1 .EXE
----a-w 267,048 2008-01-02 11:25:23 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 132,496 2008-01-02 11:24:00 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w 218,376 2008-01-02 19:58:51 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
----a-w 458,752 2008-01-02 11:23:54 C:\Program Files\Logitech\Video\ISStart .exe
----a-w 217,088 2008-01-02 11:23:57 C:\Program Files\Logitech\Video\LogiTray .exe
----a-w 196,608 2008-01-02 01:16:02 C:\Program Files\Logitech\Video\ManifestEngine .exe
----a-w 32,768 2008-01-02 11:24:33 C:\Program Files\Messager Wanadoo\StartMessager .exe
----a-w 1,694,208 2008-01-04 23:04:02 C:\Program Files\Messenger\msmsgs .exe
----a-w 135,224 2008-01-02 11:23:27 C:\Program Files\Network Associates\Common Framework\UpdaterUI .exe
----a-w 81,990 2008-01-02 11:23:27 C:\Program Files\Network Associates\VirusScan\SHSTAT .EXE
----a-w 662,016 2007-12-31 01:14:51 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 23:35:23 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 19:55:37 C:\Program Files\QuickTime\QTTask .exe
----a-w 37,888 2008-01-02 11:23:32 C:\Program Files\TextBridge Pro 8.0\Bin\INSTAN~1 .EXE
----a-w 23,040 2008-01-02 11:23:44 C:\Program Files\TextBridge Pro 8.0\Bin\REGIST~1 .EXE
----a-w 15,360 2008-01-02 11:52:24 C:\WINDOWS\system32\ctfmon .exe
----a-w 221,184 2008-01-02 11:23:45 C:\WINDOWS\system32\LVCOMSX .EXE
----a-w 155,648 2008-01-02 11:23:23 C:\WINDOWS\system32\NeroCheck .exe
Entries: 25 (25)
Directories: 0 Files: 25
Bytes: 13,063,221 Blocks: 25,520
[/code]
[code]
Ran on 05/01/2008 - 0:40:15,65
----a-w 39,792 2008-01-02 11:24:42 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w 32,768 2008-01-02 11:23:23 C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
----a-w 185,632 2008-01-02 11:24:56 C:\Program Files\Fichiers communs\Real\Update_OB\realsched .exe
----a-w 68,856 2007-12-31 00:03:37 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w 6,731,312 2008-01-04 14:03:11 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
----a-w 49,152 2008-01-02 11:24:17 C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
----a-w 81,983 2008-01-02 01:16:04 C:\Program Files\InstantTouch\bin\ITLAUN~1 .EXE
----a-w 267,048 2008-01-02 11:25:23 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 132,496 2008-01-02 11:24:00 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w 218,376 2008-01-02 19:58:51 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
----a-w 458,752 2008-01-02 11:23:54 C:\Program Files\Logitech\Video\ISStart .exe
----a-w 217,088 2008-01-02 11:23:57 C:\Program Files\Logitech\Video\LogiTray .exe
----a-w 196,608 2008-01-02 01:16:02 C:\Program Files\Logitech\Video\ManifestEngine .exe
----a-w 32,768 2008-01-02 11:24:33 C:\Program Files\Messager Wanadoo\StartMessager .exe
----a-w 1,694,208 2008-01-04 23:04:02 C:\Program Files\Messenger\msmsgs .exe
----a-w 135,224 2008-01-02 11:23:27 C:\Program Files\Network Associates\Common Framework\UpdaterUI .exe
----a-w 81,990 2008-01-02 11:23:27 C:\Program Files\Network Associates\VirusScan\SHSTAT .EXE
----a-w 662,016 2007-12-31 01:14:51 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 23:35:23 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 19:55:37 C:\Program Files\QuickTime\QTTask .exe
----a-w 37,888 2008-01-02 11:23:32 C:\Program Files\TextBridge Pro 8.0\Bin\INSTAN~1 .EXE
----a-w 23,040 2008-01-02 11:23:44 C:\Program Files\TextBridge Pro 8.0\Bin\REGIST~1 .EXE
----a-w 15,360 2008-01-02 11:52:24 C:\WINDOWS\system32\ctfmon .exe
----a-w 221,184 2008-01-02 11:23:45 C:\WINDOWS\system32\LVCOMSX .EXE
----a-w 155,648 2008-01-02 11:23:23 C:\WINDOWS\system32\NeroCheck .exe
Entries: 25 (25)
Directories: 0 Files: 25
Bytes: 13,063,221 Blocks: 25,520
[/code]
Bonsoir Alias
1) RenV d'sUBs
Crée un nouveau document texte :
Clic droit de souris sur le bureau, "Nouveau"> "Document Texte". Ouvre-le et copie-colle dedans de ce qui est en citation ci-dessous, (copie tout d'un trait) :
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched .exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
C:\Program Files\InstantTouch\bin\ITLAUN~1 .EXE
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
C:\Program Files\Logitech\Video\ISStart .exe
C:\Program Files\Logitech\Video\LogiTray .exe
C:\Program Files\Logitech\Video\ManifestEngine .exe
C:\Program Files\Messager Wanadoo\StartMessager .exe
C:\Program Files\Messenger\msmsgs .exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI .exe
C:\Program Files\Network Associates\VirusScan\SHSTAT .EXE
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\TextBridge Pro 8.0\Bin\INSTAN~1 .EXE
C:\Program Files\TextBridge Pro 8.0\Bin\REGIST~1 .EXE
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\LVCOMSX .EXE
C:\WINDOWS\system32\NeroCheck .exe
* Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>
* Choisis "Enregistrer sous" et choisis "Bureau"
* Dans le champs "Nom du fichier" en bas de page donne le nom suivant : Log.txt
* Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"
* ferme ce fichier txt nouvellement crée.
Puis fait un glisser/déposer de ce fichier Log.txt sur le fichier RenV.exe
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
2) Combofix.exe de sUBs
Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement
Double clique sur Combofix.exe (sur ton Bureau)
Mets le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan
Lorsque le scan sera terminé, un rapport apparaîtra.
Poste le en réponse.
Note : Le rapport se trouve également là : C:\Combofix.txt+
@ suivre
1) RenV d'sUBs
Crée un nouveau document texte :
Clic droit de souris sur le bureau, "Nouveau"> "Document Texte". Ouvre-le et copie-colle dedans de ce qui est en citation ci-dessous, (copie tout d'un trait) :
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched .exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
C:\Program Files\InstantTouch\bin\ITLAUN~1 .EXE
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
C:\Program Files\Logitech\Video\ISStart .exe
C:\Program Files\Logitech\Video\LogiTray .exe
C:\Program Files\Logitech\Video\ManifestEngine .exe
C:\Program Files\Messager Wanadoo\StartMessager .exe
C:\Program Files\Messenger\msmsgs .exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI .exe
C:\Program Files\Network Associates\VirusScan\SHSTAT .EXE
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\TextBridge Pro 8.0\Bin\INSTAN~1 .EXE
C:\Program Files\TextBridge Pro 8.0\Bin\REGIST~1 .EXE
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\LVCOMSX .EXE
C:\WINDOWS\system32\NeroCheck .exe
* Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>
* Choisis "Enregistrer sous" et choisis "Bureau"
* Dans le champs "Nom du fichier" en bas de page donne le nom suivant : Log.txt
* Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"
* ferme ce fichier txt nouvellement crée.
Puis fait un glisser/déposer de ce fichier Log.txt sur le fichier RenV.exe
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
2) Combofix.exe de sUBs
Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement
Double clique sur Combofix.exe (sur ton Bureau)
Mets le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan
Lorsque le scan sera terminé, un rapport apparaîtra.
Poste le en réponse.
Note : Le rapport se trouve également là : C:\Combofix.txt+
@ suivre