Cheval de troie sur Windows/Sytem32/ssqpo.dll
Résolu/Fermé
Sev
-
4 janv. 2008 à 23:07
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 - 6 janv. 2008 à 23:22
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 - 6 janv. 2008 à 23:22
A voir également:
- Cheval de troie sur Windows/Sytem32/ssqpo.dll
- Clé de produit windows 10 gratuit - Guide
- Montage video windows - Guide
- Windows ne démarre pas - Guide
- Windows 10 gratuit - Accueil - Mise à jour
- Windows movie maker windows 11 - Télécharger - Montage & Édition
20 réponses
mollah MC
Messages postés
2086
Date d'inscription
vendredi 13 juillet 2007
Statut
Membre
Dernière intervention
31 août 2009
121
4 janv. 2008 à 23:10
4 janv. 2008 à 23:10
Vas sur le site onecare et fais une analse complete de ton ordi.
LePsy
Messages postés
911
Date d'inscription
samedi 22 décembre 2007
Statut
Membre
Dernière intervention
20 janvier 2008
57
4 janv. 2008 à 23:11
4 janv. 2008 à 23:11
salut,
ce que tu peux faire avec ton cheval de troie que tu ne supportes plus !!!! change de monture !!!!! ( je rigole !!!!)
SERIEUX, as tu tenté de le mettre en quarantaine ?
ce que tu peux faire avec ton cheval de troie que tu ne supportes plus !!!! change de monture !!!!! ( je rigole !!!!)
SERIEUX, as tu tenté de le mettre en quarantaine ?
^^Marie^^
Messages postés
113901
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
28 août 2020
3 275
4 janv. 2008 à 23:12
4 janv. 2008 à 23:12
Salut
IMPORTANT :
Ne pas désactiver la restauration système, tant que le pc n'est pas propre. Merci
Une fois désinfecté le pc, on peut alors désactiver la restauration système pour la purger de ses m.....et repartir sur un point sain.
F - Hijackthis - Outil de diagnostic et réparation
télécharge HijackThis ici:
http://telechargement.zebulon.fr/138-hijackthis-1991.html
Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/Hijenr.gif
Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm
http://www.tutoriaux-excalibur.com/hijackthis.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Bon courage
A+
IMPORTANT :
Ne pas désactiver la restauration système, tant que le pc n'est pas propre. Merci
Une fois désinfecté le pc, on peut alors désactiver la restauration système pour la purger de ses m.....et repartir sur un point sain.
F - Hijackthis - Outil de diagnostic et réparation
télécharge HijackThis ici:
http://telechargement.zebulon.fr/138-hijackthis-1991.html
Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/Hijenr.gif
Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm
http://www.tutoriaux-excalibur.com/hijackthis.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Bon courage
A+
Voci le rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:21:15, on 04/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\QTTask .exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp .exe
C:\Apps\Powercinema\PCMService .exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\TomTom HOME\TomTomHOME .exe
C:\WINDOWS\system32\ctfmon .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\MSN Messenger\MsnMsgr .Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.118712.fr/sortir.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {00DC0058-A87E-4D19-9C26-F1AAC98AD4D7} - C:\WINDOWS\system32\wvuvttt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: {41785fac-f1d1-ac7a-dc34-22562c893abb} - {bba398c2-6522-43cd-a7ca-1d1fcaf58714} - C:\WINDOWS\system32\ihyqgedf.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {E3F638E9-5ED0-4F18-80DA-3F84CF4DF38D} - C:\WINDOWS\system32\ssqpo.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [f0255d00] rundll32.exe "C:\WINDOWS\system32\vmphsowv.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\Office\OSA9.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: wvuvttt - C:\WINDOWS\SYSTEM32\wvuvttt.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:21:15, on 04/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\QTTask .exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp .exe
C:\Apps\Powercinema\PCMService .exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\TomTom HOME\TomTomHOME .exe
C:\WINDOWS\system32\ctfmon .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\MSN Messenger\MsnMsgr .Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.118712.fr/sortir.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {00DC0058-A87E-4D19-9C26-F1AAC98AD4D7} - C:\WINDOWS\system32\wvuvttt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: {41785fac-f1d1-ac7a-dc34-22562c893abb} - {bba398c2-6522-43cd-a7ca-1d1fcaf58714} - C:\WINDOWS\system32\ihyqgedf.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {E3F638E9-5ED0-4F18-80DA-3F84CF4DF38D} - C:\WINDOWS\system32\ssqpo.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [f0255d00] rundll32.exe "C:\WINDOWS\system32\vmphsowv.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\Office\OSA9.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: wvuvttt - C:\WINDOWS\SYSTEM32\wvuvttt.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
^^Marie^^
Messages postés
113901
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
28 août 2020
3 275
5 janv. 2008 à 10:12
5 janv. 2008 à 10:12
Salut
J'aai deja fixé le fichier ssqpo et supp et il est revenu au bout de quelques jours
??? pas capté ...
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
* Double-clique VundoFix.exe afin de le lancer.
* Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton Remove Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
* Démarre ton PC à nouveau.
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt
Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse
ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
J'aai deja fixé le fichier ssqpo et supp et il est revenu au bout de quelques jours
??? pas capté ...
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
* Double-clique VundoFix.exe afin de le lancer.
* Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton Remove Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
* Démarre ton PC à nouveau.
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt
Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse
ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
Bonjour,
Voici les rapports :
Vundofix :
VundoFix V6.7.7
Checking Java version...
Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Java version is 1.5.0.11
Scan started at 10:20:46 05/01/2008
Listing files found while scanning....
C:\WINDOWS\system32\ihyqgedf.dll
C:\windows\system32\opqss.ini
C:\windows\system32\opqss.ini2
C:\windows\system32\ssqpo.dll
C:\WINDOWS\system32\ssqpo.exe
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ihyqgedf.dll
C:\WINDOWS\system32\ihyqgedf.dll Has been deleted!
Attempting to delete C:\windows\system32\opqss.ini
C:\windows\system32\opqss.ini Has been deleted!
Attempting to delete C:\windows\system32\opqss.ini2
C:\windows\system32\opqss.ini2 Has been deleted!
Attempting to delete C:\windows\system32\ssqpo.dll
C:\windows\system32\ssqpo.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssqpo.exe
C:\WINDOWS\system32\ssqpo.exe Has been deleted!
Performing Repairs to the registry.
Done!
Virtumundo
[01/05/2008, 10:38:14] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\RICCO\Bureau\VirtumundoBeGone.exe" )
[01/05/2008, 10:38:21] - Detected System Information:
[01/05/2008, 10:38:21] - Windows Version: 5.1.2600, Service Pack 2
[01/05/2008, 10:38:21] - Current Username: RICCO (Admin)
[01/05/2008, 10:38:21] - Windows is in NORMAL mode.
[01/05/2008, 10:38:21] - Searching for Browser Helper Objects:
[01/05/2008, 10:38:21] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[01/05/2008, 10:38:21] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[01/05/2008, 10:38:21] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/05/2008, 10:38:21] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[01/05/2008, 10:38:21] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[01/05/2008, 10:38:21] - BHO 6: {bba398c2-6522-43cd-a7ca-1d1fcaf58714} ()
[01/05/2008, 10:38:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/05/2008, 10:38:22] - Checking for HKLM\...\Winlogon\Notify\ihyqgedf
[01/05/2008, 10:38:22] - Key not found: HKLM\...\Winlogon\Notify\ihyqgedf, continuing.
[01/05/2008, 10:38:22] - BHO 7: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[01/05/2008, 10:38:22] - BHO 8: {F92C8143-C380-4149-B47E-0292FB734677} ()
[01/05/2008, 10:38:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/05/2008, 10:38:22] - Checking for HKLM\...\Winlogon\Notify\ssqpo
[01/05/2008, 10:38:22] - Key not found: HKLM\...\Winlogon\Notify\ssqpo, continuing.
[01/05/2008, 10:38:22] - Finished Searching Browser Helper Objects
[01/05/2008, 10:38:22] - Finishing up...
[01/05/2008, 10:38:22] - Nothing found! Exiting...
Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:21, on 05/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Apps\Powercinema\PCMService .exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.118712.fr/sortir.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: {41785fac-f1d1-ac7a-dc34-22562c893abb} - {bba398c2-6522-43cd-a7ca-1d1fcaf58714} - C:\WINDOWS\system32\ihyqgedf.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {F92C8143-C380-4149-B47E-0292FB734677} - C:\WINDOWS\system32\ssqpo.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\Office\OSA9.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\P
encore merci pour ton aide
Sev
Voici les rapports :
Vundofix :
VundoFix V6.7.7
Checking Java version...
Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Java version is 1.5.0.11
Scan started at 10:20:46 05/01/2008
Listing files found while scanning....
C:\WINDOWS\system32\ihyqgedf.dll
C:\windows\system32\opqss.ini
C:\windows\system32\opqss.ini2
C:\windows\system32\ssqpo.dll
C:\WINDOWS\system32\ssqpo.exe
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ihyqgedf.dll
C:\WINDOWS\system32\ihyqgedf.dll Has been deleted!
Attempting to delete C:\windows\system32\opqss.ini
C:\windows\system32\opqss.ini Has been deleted!
Attempting to delete C:\windows\system32\opqss.ini2
C:\windows\system32\opqss.ini2 Has been deleted!
Attempting to delete C:\windows\system32\ssqpo.dll
C:\windows\system32\ssqpo.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssqpo.exe
C:\WINDOWS\system32\ssqpo.exe Has been deleted!
Performing Repairs to the registry.
Done!
Virtumundo
[01/05/2008, 10:38:14] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\RICCO\Bureau\VirtumundoBeGone.exe" )
[01/05/2008, 10:38:21] - Detected System Information:
[01/05/2008, 10:38:21] - Windows Version: 5.1.2600, Service Pack 2
[01/05/2008, 10:38:21] - Current Username: RICCO (Admin)
[01/05/2008, 10:38:21] - Windows is in NORMAL mode.
[01/05/2008, 10:38:21] - Searching for Browser Helper Objects:
[01/05/2008, 10:38:21] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[01/05/2008, 10:38:21] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[01/05/2008, 10:38:21] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/05/2008, 10:38:21] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[01/05/2008, 10:38:21] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[01/05/2008, 10:38:21] - BHO 6: {bba398c2-6522-43cd-a7ca-1d1fcaf58714} ()
[01/05/2008, 10:38:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/05/2008, 10:38:22] - Checking for HKLM\...\Winlogon\Notify\ihyqgedf
[01/05/2008, 10:38:22] - Key not found: HKLM\...\Winlogon\Notify\ihyqgedf, continuing.
[01/05/2008, 10:38:22] - BHO 7: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[01/05/2008, 10:38:22] - BHO 8: {F92C8143-C380-4149-B47E-0292FB734677} ()
[01/05/2008, 10:38:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/05/2008, 10:38:22] - Checking for HKLM\...\Winlogon\Notify\ssqpo
[01/05/2008, 10:38:22] - Key not found: HKLM\...\Winlogon\Notify\ssqpo, continuing.
[01/05/2008, 10:38:22] - Finished Searching Browser Helper Objects
[01/05/2008, 10:38:22] - Finishing up...
[01/05/2008, 10:38:22] - Nothing found! Exiting...
Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:21, on 05/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Apps\Powercinema\PCMService .exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.118712.fr/sortir.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: {41785fac-f1d1-ac7a-dc34-22562c893abb} - {bba398c2-6522-43cd-a7ca-1d1fcaf58714} - C:\WINDOWS\system32\ihyqgedf.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {F92C8143-C380-4149-B47E-0292FB734677} - C:\WINDOWS\system32\ssqpo.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\Office\OSA9.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\P
encore merci pour ton aide
Sev
Bonjour,
Voici les rapports :
Vundofix :
VundoFix V6.7.7
Checking Java version...
Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Java version is 1.5.0.11
Scan started at 10:20:46 05/01/2008
Listing files found while scanning....
C:\WINDOWS\system32\ihyqgedf.dll
C:\windows\system32\opqss.ini
C:\windows\system32\opqss.ini2
C:\windows\system32\ssqpo.dll
C:\WINDOWS\system32\ssqpo.exe
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ihyqgedf.dll
C:\WINDOWS\system32\ihyqgedf.dll Has been deleted!
Attempting to delete C:\windows\system32\opqss.ini
C:\windows\system32\opqss.ini Has been deleted!
Attempting to delete C:\windows\system32\opqss.ini2
C:\windows\system32\opqss.ini2 Has been deleted!
Attempting to delete C:\windows\system32\ssqpo.dll
C:\windows\system32\ssqpo.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssqpo.exe
C:\WINDOWS\system32\ssqpo.exe Has been deleted!
Performing Repairs to the registry.
Done!
Virtumundo
[01/05/2008, 10:38:14] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\RICCO\Bureau\VirtumundoBeGone.exe" )
[01/05/2008, 10:38:21] - Detected System Information:
[01/05/2008, 10:38:21] - Windows Version: 5.1.2600, Service Pack 2
[01/05/2008, 10:38:21] - Current Username: RICCO (Admin)
[01/05/2008, 10:38:21] - Windows is in NORMAL mode.
[01/05/2008, 10:38:21] - Searching for Browser Helper Objects:
[01/05/2008, 10:38:21] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[01/05/2008, 10:38:21] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[01/05/2008, 10:38:21] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/05/2008, 10:38:21] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[01/05/2008, 10:38:21] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[01/05/2008, 10:38:21] - BHO 6: {bba398c2-6522-43cd-a7ca-1d1fcaf58714} ()
[01/05/2008, 10:38:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/05/2008, 10:38:22] - Checking for HKLM\...\Winlogon\Notify\ihyqgedf
[01/05/2008, 10:38:22] - Key not found: HKLM\...\Winlogon\Notify\ihyqgedf, continuing.
[01/05/2008, 10:38:22] - BHO 7: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[01/05/2008, 10:38:22] - BHO 8: {F92C8143-C380-4149-B47E-0292FB734677} ()
[01/05/2008, 10:38:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/05/2008, 10:38:22] - Checking for HKLM\...\Winlogon\Notify\ssqpo
[01/05/2008, 10:38:22] - Key not found: HKLM\...\Winlogon\Notify\ssqpo, continuing.
[01/05/2008, 10:38:22] - Finished Searching Browser Helper Objects
[01/05/2008, 10:38:22] - Finishing up...
[01/05/2008, 10:38:22] - Nothing found! Exiting...
Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:21, on 05/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Apps\Powercinema\PCMService .exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.118712.fr/sortir.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: {41785fac-f1d1-ac7a-dc34-22562c893abb} - {bba398c2-6522-43cd-a7ca-1d1fcaf58714} - C:\WINDOWS\system32\ihyqgedf.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {F92C8143-C380-4149-B47E-0292FB734677} - C:\WINDOWS\system32\ssqpo.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\Office\OSA9.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\P
encore merci pour ton aide
Sev
Voici les rapports :
Vundofix :
VundoFix V6.7.7
Checking Java version...
Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Java version is 1.5.0.11
Scan started at 10:20:46 05/01/2008
Listing files found while scanning....
C:\WINDOWS\system32\ihyqgedf.dll
C:\windows\system32\opqss.ini
C:\windows\system32\opqss.ini2
C:\windows\system32\ssqpo.dll
C:\WINDOWS\system32\ssqpo.exe
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ihyqgedf.dll
C:\WINDOWS\system32\ihyqgedf.dll Has been deleted!
Attempting to delete C:\windows\system32\opqss.ini
C:\windows\system32\opqss.ini Has been deleted!
Attempting to delete C:\windows\system32\opqss.ini2
C:\windows\system32\opqss.ini2 Has been deleted!
Attempting to delete C:\windows\system32\ssqpo.dll
C:\windows\system32\ssqpo.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssqpo.exe
C:\WINDOWS\system32\ssqpo.exe Has been deleted!
Performing Repairs to the registry.
Done!
Virtumundo
[01/05/2008, 10:38:14] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\RICCO\Bureau\VirtumundoBeGone.exe" )
[01/05/2008, 10:38:21] - Detected System Information:
[01/05/2008, 10:38:21] - Windows Version: 5.1.2600, Service Pack 2
[01/05/2008, 10:38:21] - Current Username: RICCO (Admin)
[01/05/2008, 10:38:21] - Windows is in NORMAL mode.
[01/05/2008, 10:38:21] - Searching for Browser Helper Objects:
[01/05/2008, 10:38:21] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[01/05/2008, 10:38:21] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[01/05/2008, 10:38:21] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/05/2008, 10:38:21] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[01/05/2008, 10:38:21] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[01/05/2008, 10:38:21] - BHO 6: {bba398c2-6522-43cd-a7ca-1d1fcaf58714} ()
[01/05/2008, 10:38:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/05/2008, 10:38:22] - Checking for HKLM\...\Winlogon\Notify\ihyqgedf
[01/05/2008, 10:38:22] - Key not found: HKLM\...\Winlogon\Notify\ihyqgedf, continuing.
[01/05/2008, 10:38:22] - BHO 7: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[01/05/2008, 10:38:22] - BHO 8: {F92C8143-C380-4149-B47E-0292FB734677} ()
[01/05/2008, 10:38:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/05/2008, 10:38:22] - Checking for HKLM\...\Winlogon\Notify\ssqpo
[01/05/2008, 10:38:22] - Key not found: HKLM\...\Winlogon\Notify\ssqpo, continuing.
[01/05/2008, 10:38:22] - Finished Searching Browser Helper Objects
[01/05/2008, 10:38:22] - Finishing up...
[01/05/2008, 10:38:22] - Nothing found! Exiting...
Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:21, on 05/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Apps\Powercinema\PCMService .exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.118712.fr/sortir.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: {41785fac-f1d1-ac7a-dc34-22562c893abb} - {bba398c2-6522-43cd-a7ca-1d1fcaf58714} - C:\WINDOWS\system32\ihyqgedf.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {F92C8143-C380-4149-B47E-0292FB734677} - C:\WINDOWS\system32\ssqpo.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\Office\OSA9.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\P
encore merci pour ton aide
Sev
Bonjour,
Voici les rapports :
Vundofix :
VundoFix V6.7.7
Checking Java version...
Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Java version is 1.5.0.11
Scan started at 10:20:46 05/01/2008
Listing files found while scanning....
C:\WINDOWS\system32\ihyqgedf.dll
C:\windows\system32\opqss.ini
C:\windows\system32\opqss.ini2
C:\windows\system32\ssqpo.dll
C:\WINDOWS\system32\ssqpo.exe
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ihyqgedf.dll
C:\WINDOWS\system32\ihyqgedf.dll Has been deleted!
Attempting to delete C:\windows\system32\opqss.ini
C:\windows\system32\opqss.ini Has been deleted!
Attempting to delete C:\windows\system32\opqss.ini2
C:\windows\system32\opqss.ini2 Has been deleted!
Attempting to delete C:\windows\system32\ssqpo.dll
C:\windows\system32\ssqpo.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssqpo.exe
C:\WINDOWS\system32\ssqpo.exe Has been deleted!
Performing Repairs to the registry.
Done!
Virtumundo
[01/05/2008, 10:38:14] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\RICCO\Bureau\VirtumundoBeGone.exe" )
[01/05/2008, 10:38:21] - Detected System Information:
[01/05/2008, 10:38:21] - Windows Version: 5.1.2600, Service Pack 2
[01/05/2008, 10:38:21] - Current Username: RICCO (Admin)
[01/05/2008, 10:38:21] - Windows is in NORMAL mode.
[01/05/2008, 10:38:21] - Searching for Browser Helper Objects:
[01/05/2008, 10:38:21] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[01/05/2008, 10:38:21] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[01/05/2008, 10:38:21] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/05/2008, 10:38:21] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[01/05/2008, 10:38:21] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[01/05/2008, 10:38:21] - BHO 6: {bba398c2-6522-43cd-a7ca-1d1fcaf58714} ()
[01/05/2008, 10:38:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/05/2008, 10:38:22] - Checking for HKLM\...\Winlogon\Notify\ihyqgedf
[01/05/2008, 10:38:22] - Key not found: HKLM\...\Winlogon\Notify\ihyqgedf, continuing.
[01/05/2008, 10:38:22] - BHO 7: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[01/05/2008, 10:38:22] - BHO 8: {F92C8143-C380-4149-B47E-0292FB734677} ()
[01/05/2008, 10:38:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/05/2008, 10:38:22] - Checking for HKLM\...\Winlogon\Notify\ssqpo
[01/05/2008, 10:38:22] - Key not found: HKLM\...\Winlogon\Notify\ssqpo, continuing.
[01/05/2008, 10:38:22] - Finished Searching Browser Helper Objects
[01/05/2008, 10:38:22] - Finishing up...
[01/05/2008, 10:38:22] - Nothing found! Exiting...
Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:21, on 05/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Apps\Powercinema\PCMService .exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.118712.fr/sortir.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: {41785fac-f1d1-ac7a-dc34-22562c893abb} - {bba398c2-6522-43cd-a7ca-1d1fcaf58714} - C:\WINDOWS\system32\ihyqgedf.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {F92C8143-C380-4149-B47E-0292FB734677} - C:\WINDOWS\system32\ssqpo.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\Office\OSA9.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\P
encore merci pour ton aide
Sev
Voici les rapports :
Vundofix :
VundoFix V6.7.7
Checking Java version...
Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Java version is 1.5.0.11
Scan started at 10:20:46 05/01/2008
Listing files found while scanning....
C:\WINDOWS\system32\ihyqgedf.dll
C:\windows\system32\opqss.ini
C:\windows\system32\opqss.ini2
C:\windows\system32\ssqpo.dll
C:\WINDOWS\system32\ssqpo.exe
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ihyqgedf.dll
C:\WINDOWS\system32\ihyqgedf.dll Has been deleted!
Attempting to delete C:\windows\system32\opqss.ini
C:\windows\system32\opqss.ini Has been deleted!
Attempting to delete C:\windows\system32\opqss.ini2
C:\windows\system32\opqss.ini2 Has been deleted!
Attempting to delete C:\windows\system32\ssqpo.dll
C:\windows\system32\ssqpo.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssqpo.exe
C:\WINDOWS\system32\ssqpo.exe Has been deleted!
Performing Repairs to the registry.
Done!
Virtumundo
[01/05/2008, 10:38:14] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\RICCO\Bureau\VirtumundoBeGone.exe" )
[01/05/2008, 10:38:21] - Detected System Information:
[01/05/2008, 10:38:21] - Windows Version: 5.1.2600, Service Pack 2
[01/05/2008, 10:38:21] - Current Username: RICCO (Admin)
[01/05/2008, 10:38:21] - Windows is in NORMAL mode.
[01/05/2008, 10:38:21] - Searching for Browser Helper Objects:
[01/05/2008, 10:38:21] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[01/05/2008, 10:38:21] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[01/05/2008, 10:38:21] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/05/2008, 10:38:21] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[01/05/2008, 10:38:21] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[01/05/2008, 10:38:21] - BHO 6: {bba398c2-6522-43cd-a7ca-1d1fcaf58714} ()
[01/05/2008, 10:38:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/05/2008, 10:38:22] - Checking for HKLM\...\Winlogon\Notify\ihyqgedf
[01/05/2008, 10:38:22] - Key not found: HKLM\...\Winlogon\Notify\ihyqgedf, continuing.
[01/05/2008, 10:38:22] - BHO 7: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[01/05/2008, 10:38:22] - BHO 8: {F92C8143-C380-4149-B47E-0292FB734677} ()
[01/05/2008, 10:38:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/05/2008, 10:38:22] - Checking for HKLM\...\Winlogon\Notify\ssqpo
[01/05/2008, 10:38:22] - Key not found: HKLM\...\Winlogon\Notify\ssqpo, continuing.
[01/05/2008, 10:38:22] - Finished Searching Browser Helper Objects
[01/05/2008, 10:38:22] - Finishing up...
[01/05/2008, 10:38:22] - Nothing found! Exiting...
Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:21, on 05/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Apps\Powercinema\PCMService .exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.118712.fr/sortir.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: {41785fac-f1d1-ac7a-dc34-22562c893abb} - {bba398c2-6522-43cd-a7ca-1d1fcaf58714} - C:\WINDOWS\system32\ihyqgedf.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {F92C8143-C380-4149-B47E-0292FB734677} - C:\WINDOWS\system32\ssqpo.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\Office\OSA9.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\P
encore merci pour ton aide
Sev
^^Marie^^
Messages postés
113901
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
28 août 2020
3 275
5 janv. 2008 à 11:03
5 janv. 2008 à 11:03
Ton log est incomplet ;;))
Merci Lyonnais
Merci Lyonnais
Lyonnais92
Messages postés
25159
Date d'inscription
vendredi 23 juin 2006
Statut
Contributeur sécurité
Dernière intervention
16 septembre 2016
1 536
5 janv. 2008 à 10:56
5 janv. 2008 à 10:56
Bonjour,
pour suivre;
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
la nouvelle variante.
pour suivre;
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
la nouvelle variante.
^^Marie^^
Messages postés
113901
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
28 août 2020
3 275
>
Sev
5 janv. 2008 à 11:08
5 janv. 2008 à 11:08
Oui
Ton log Hijackthis n'est pas complet
A++
Ton log Hijackthis n'est pas complet
A++
Sev
>
^^Marie^^
Messages postés
113901
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
28 août 2020
5 janv. 2008 à 11:11
5 janv. 2008 à 11:11
Voici le rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:21, on 05/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Apps\Powercinema\PCMService .exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.118712.fr/sortir.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: {41785fac-f1d1-ac7a-dc34-22562c893abb} - {bba398c2-6522-43cd-a7ca-1d1fcaf58714} - C:\WINDOWS\system32\ihyqgedf.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {F92C8143-C380-4149-B47E-0292FB734677} - C:\WINDOWS\system32\ssqpo.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\Office\OSA9.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:21, on 05/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Apps\Powercinema\PCMService .exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.118712.fr/sortir.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: {41785fac-f1d1-ac7a-dc34-22562c893abb} - {bba398c2-6522-43cd-a7ca-1d1fcaf58714} - C:\WINDOWS\system32\ihyqgedf.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {F92C8143-C380-4149-B47E-0292FB734677} - C:\WINDOWS\system32\ssqpo.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\Office\OSA9.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
^^Marie^^
Messages postés
113901
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
28 août 2020
3 275
5 janv. 2008 à 11:50
5 janv. 2008 à 11:50
Re Lyonnais
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
Faut avoir l'oeil pour l'espace ;;))
EDIT pour Lyonnais ► c'est ce que l'on nomme infection RenV.exe
Sev, fais ce qui suit
Stp
télécharge combofix (par sUBs)ici :
Combofix est un programme qui supprime des trojans/backdoor connues et rootkits
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
2 double-clique sur combofix.exe et suis les instructions
3 à la fin, il va produire un rapport C:\ComboFix.txt
4 copie/colle ce rapport dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Poste aussi un nouveau rapport Hijackthis.
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
Faut avoir l'oeil pour l'espace ;;))
EDIT pour Lyonnais ► c'est ce que l'on nomme infection RenV.exe
Sev, fais ce qui suit
Stp
télécharge combofix (par sUBs)ici :
Combofix est un programme qui supprime des trojans/backdoor connues et rootkits
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
2 double-clique sur combofix.exe et suis les instructions
3 à la fin, il va produire un rapport C:\ComboFix.txt
4 copie/colle ce rapport dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Poste aussi un nouveau rapport Hijackthis.
Sev
>
^^Marie^^
Messages postés
113901
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
28 août 2020
5 janv. 2008 à 12:07
5 janv. 2008 à 12:07
Re
Rapport combofix
"RICCO" - 2008-01-05 11:54:55 - ComboFix 07-07-09.7 - Service Pack 2
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\ssqpo.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))
2008-01-05 11:58 344,576 --a------ C:\WINDOWS\system32\ssqpo.dll
2008-01-05 10:33 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-01-05 10:20 <REP> d-------- C:\VundoFix Backups
2008-01-05 00:43 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-05 00:43 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-01-05 00:43 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-05 00:43 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-05 00:43 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-01-05 00:43 <REP> d-------- C:\Program Files\Spyware Doctor
2008-01-05 00:43 <REP> d-------- C:\DOCUME~1\RICCO\APPLIC~1\PC Tools
2008-01-04 23:52 344,576 --a------ C:\WINDOWS\system32\ssqpo.dll.vir
2008-01-04 23:51 40,960 --a------ C:\WINDOWS\system32\wvuvttt.dll.vir
2008-01-02 00:48 90,176 --a------ C:\WINDOWS\system32\vmphsowv.dll.vir
2008-01-02 00:48 1,044,400 --a------ C:\WINDOWS\system32\vwoshpmv.ini.vir
2008-01-01 21:44 23,600 --a------ C:\WINDOWS\system32\drivers\tvichw32.sys
2007-12-31 00:16 <REP> d-------- C:\Program Files\Trend Micro
2007-12-31 00:14 812,344 --a------ C:\Program Files\HJTInstall.exe
2007-12-30 22:25 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-30 21:51 40,960 --a------ C:\WINDOWS\system32\wvuvttt.dll
2007-12-30 21:45 173,056 -r-hs---- C:\WINDOWS\wkssvr.exe
2007-12-23 14:50 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\You've Got Pictures Screensaver
2007-12-11 20:46 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-12-11 20:46 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 20:45 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-12-11 20:45 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-12-11 20:44 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-12-11 20:44 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-12-11 20:44 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-12-11 20:44 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-12-11 20:44 682,496 --a------ C:\WINDOWS\system32\DivX.dll
2007-12-11 20:44 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 20:44 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-12-11 20:44 53,248 --a--c--- C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 20:44 344,064 --a--c--- C:\WINDOWS\system32\dpus11.dll
2007-12-11 20:44 294,912 --a--c--- C:\WINDOWS\system32\dpu10.dll
2007-12-11 20:44 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-12-11 20:44 196,608 --a--c--- C:\WINDOWS\system32\dtu100.dll
2007-12-11 20:44 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 20:43 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2008-01-05 10:54:34 -------- d-----w C:\DOCUME~1\RICCO\APPLIC~1\uTorrent
2008-01-05 08:28:37 -------- d-----w C:\Program Files\QuickTime
2008-01-04 23:45:04 65,508 ----a-w C:\WINDOWS\system32\perfc00C.dat
2008-01-04 23:45:04 449,782 ----a-w C:\WINDOWS\system32\perfh00C.dat
2008-01-04 23:37:47 -------- d-----w C:\Program Files\Trojan Remover
2008-01-04 23:37:07 -------- d-----w C:\Program Files\TomTom HOME
2008-01-04 23:37:06 -------- d-----w C:\Program Files\MSN Messenger
2008-01-04 23:37:06 -------- d-----w C:\Program Files\iTunes
2007-12-24 13:00:27 -------- d-----w C:\Program Files\DivX
2007-12-04 14:56:02 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55:46 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53:39 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51:52 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49:02 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04:28 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54:04 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-30 02:00:40 -------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-13 10:25:54 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43:32 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28:30 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2005-12-07 14:06 399424 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-12-18 04:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-09-25 00:11 501136 --a------ C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-07-07 11:29 324416 --a------ C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-19 23:56 2436160 -ra------ c:\program files\google\googletoolbar2.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bba398c2-6522-43cd-a7ca-1d1fcaf58714}]
C:\WINDOWS\system32\ihyqgedf.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
2007-10-19 11:20 546320 --a------ C:\Program Files\Windows Live Toolbar\msntb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 19:04 C:\WINDOWS\SOUNDMAN.EXE]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2008-01-05 09:27]
"POINTER"="point32.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [2008-01-05 09:28]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2008-01-05 09:41]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2008-01-04 18:16]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 C:\WINDOWS\system32\ssqpo
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d6c0c8c-9b74-11dc-82cc-00038a000015}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL
Contents of the 'Scheduled Tasks' folder
2008-01-05 11:00:00 C:\WINDOWS\tasks\84BA36CF834DAD13.job
2007-12-24 21:12:03 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2005-09-28 19:08:51 C:\WINDOWS\tasks\Rappel d'enregistrement 3.job
2008-01-05 10:04:01 C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 11:58:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2008-01-05 12:00:54 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2008-01-05 12:00
C:\ComboFix2.txt ... 2007-12-31 00:41
C:\ComboFix3.txt ... 2007-12-30 23:45
--- E O F ---
Nouveau rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:17, on 05/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\QuickTime\QTTask .exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Apps\Powercinema\PCMService .exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.118712.fr/sortir.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: {41785fac-f1d1-ac7a-dc34-22562c893abb} - {bba398c2-6522-43cd-a7ca-1d1fcaf58714} - C:\WINDOWS\system32\ihyqgedf.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\Office\OSA9.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
Rapport combofix
"RICCO" - 2008-01-05 11:54:55 - ComboFix 07-07-09.7 - Service Pack 2
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\ssqpo.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))
2008-01-05 11:58 344,576 --a------ C:\WINDOWS\system32\ssqpo.dll
2008-01-05 10:33 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-01-05 10:20 <REP> d-------- C:\VundoFix Backups
2008-01-05 00:43 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-05 00:43 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-01-05 00:43 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-05 00:43 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-05 00:43 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-01-05 00:43 <REP> d-------- C:\Program Files\Spyware Doctor
2008-01-05 00:43 <REP> d-------- C:\DOCUME~1\RICCO\APPLIC~1\PC Tools
2008-01-04 23:52 344,576 --a------ C:\WINDOWS\system32\ssqpo.dll.vir
2008-01-04 23:51 40,960 --a------ C:\WINDOWS\system32\wvuvttt.dll.vir
2008-01-02 00:48 90,176 --a------ C:\WINDOWS\system32\vmphsowv.dll.vir
2008-01-02 00:48 1,044,400 --a------ C:\WINDOWS\system32\vwoshpmv.ini.vir
2008-01-01 21:44 23,600 --a------ C:\WINDOWS\system32\drivers\tvichw32.sys
2007-12-31 00:16 <REP> d-------- C:\Program Files\Trend Micro
2007-12-31 00:14 812,344 --a------ C:\Program Files\HJTInstall.exe
2007-12-30 22:25 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-30 21:51 40,960 --a------ C:\WINDOWS\system32\wvuvttt.dll
2007-12-30 21:45 173,056 -r-hs---- C:\WINDOWS\wkssvr.exe
2007-12-23 14:50 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\You've Got Pictures Screensaver
2007-12-11 20:46 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-12-11 20:46 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 20:45 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-12-11 20:45 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-12-11 20:44 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-12-11 20:44 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-12-11 20:44 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-12-11 20:44 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-12-11 20:44 682,496 --a------ C:\WINDOWS\system32\DivX.dll
2007-12-11 20:44 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 20:44 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-12-11 20:44 53,248 --a--c--- C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 20:44 344,064 --a--c--- C:\WINDOWS\system32\dpus11.dll
2007-12-11 20:44 294,912 --a--c--- C:\WINDOWS\system32\dpu10.dll
2007-12-11 20:44 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-12-11 20:44 196,608 --a--c--- C:\WINDOWS\system32\dtu100.dll
2007-12-11 20:44 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 20:43 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2008-01-05 10:54:34 -------- d-----w C:\DOCUME~1\RICCO\APPLIC~1\uTorrent
2008-01-05 08:28:37 -------- d-----w C:\Program Files\QuickTime
2008-01-04 23:45:04 65,508 ----a-w C:\WINDOWS\system32\perfc00C.dat
2008-01-04 23:45:04 449,782 ----a-w C:\WINDOWS\system32\perfh00C.dat
2008-01-04 23:37:47 -------- d-----w C:\Program Files\Trojan Remover
2008-01-04 23:37:07 -------- d-----w C:\Program Files\TomTom HOME
2008-01-04 23:37:06 -------- d-----w C:\Program Files\MSN Messenger
2008-01-04 23:37:06 -------- d-----w C:\Program Files\iTunes
2007-12-24 13:00:27 -------- d-----w C:\Program Files\DivX
2007-12-04 14:56:02 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55:46 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53:39 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51:52 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49:02 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04:28 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54:04 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-30 02:00:40 -------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-13 10:25:54 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43:32 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28:30 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2005-12-07 14:06 399424 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-12-18 04:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-09-25 00:11 501136 --a------ C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-07-07 11:29 324416 --a------ C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-19 23:56 2436160 -ra------ c:\program files\google\googletoolbar2.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bba398c2-6522-43cd-a7ca-1d1fcaf58714}]
C:\WINDOWS\system32\ihyqgedf.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
2007-10-19 11:20 546320 --a------ C:\Program Files\Windows Live Toolbar\msntb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 19:04 C:\WINDOWS\SOUNDMAN.EXE]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2008-01-05 09:27]
"POINTER"="point32.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [2008-01-05 09:28]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2008-01-05 09:41]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2008-01-04 18:16]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 C:\WINDOWS\system32\ssqpo
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d6c0c8c-9b74-11dc-82cc-00038a000015}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL
Contents of the 'Scheduled Tasks' folder
2008-01-05 11:00:00 C:\WINDOWS\tasks\84BA36CF834DAD13.job
2007-12-24 21:12:03 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2005-09-28 19:08:51 C:\WINDOWS\tasks\Rappel d'enregistrement 3.job
2008-01-05 10:04:01 C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 11:58:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2008-01-05 12:00:54 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2008-01-05 12:00
C:\ComboFix2.txt ... 2007-12-31 00:41
C:\ComboFix3.txt ... 2007-12-30 23:45
--- E O F ---
Nouveau rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:17, on 05/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\QuickTime\QTTask .exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Apps\Powercinema\PCMService .exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.118712.fr/sortir.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: {41785fac-f1d1-ac7a-dc34-22562c893abb} - {bba398c2-6522-43cd-a7ca-1d1fcaf58714} - C:\WINDOWS\system32\ihyqgedf.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\Office\OSA9.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
Lyonnais92
Messages postés
25159
Date d'inscription
vendredi 23 juin 2006
Statut
Contributeur sécurité
Dernière intervention
16 septembre 2016
1 536
5 janv. 2008 à 14:26
5 janv. 2008 à 14:26
Bonjour,
pour avancer Marie,
cette incapacité des internautes (pas que toi) à faire ce qu'on leur demande ne sert qu'à retarder la solution de leur problème.
Marie t'a demander de télécharger Combofix ce que tu n'a pas fait.
Conséquence : la version de l'outil que tu as utilisée est inefficace sur ton infection.
Supprime tout ce qui relève de combofix sur ton ordi et recommence le post 14
pour avancer Marie,
cette incapacité des internautes (pas que toi) à faire ce qu'on leur demande ne sert qu'à retarder la solution de leur problème.
Marie t'a demander de télécharger Combofix ce que tu n'a pas fait.
Conséquence : la version de l'outil que tu as utilisée est inefficace sur ton infection.
Supprime tout ce qui relève de combofix sur ton ordi et recommence le post 14
Oups, suis désolé, je pensais bien faire ;)
rapport combofix
ComboFix 08-01-04.1 - RICCO 2008-01-05 15:52:19.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.996 [GMT 1:00]
Running from: C:\Documents and Settings\RICCO\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-05 to 2008-01-05 ))))))))))))))))))))))))))))))))))))
.
2008-01-05 10:33 . 2008-01-05 10:33 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-01-05 10:20 . 2008-01-05 10:20 <REP> d-------- C:\VundoFix Backups
2008-01-05 00:43 . 2008-01-05 15:29 <REP> d-------- C:\Program Files\Spyware Doctor
2008-01-05 00:43 . 2008-01-05 00:43 <REP> d-------- C:\Documents and Settings\RICCO\Application Data\PC Tools
2008-01-05 00:43 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-01-05 00:43 . 2008-01-05 00:44 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-05 00:43 . 2008-01-05 00:44 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-05 00:43 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-05 00:43 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-01-04 23:52 . 2008-01-04 23:52 344,576 --a------ C:\WINDOWS\system32\ssqpo.dll.vir
2008-01-04 23:51 . 2008-01-04 23:51 40,960 --a------ C:\WINDOWS\system32\wvuvttt.dll.vir
2008-01-02 00:48 . 2008-01-04 18:16 1,044,400 --a------ C:\WINDOWS\system32\vwoshpmv.ini.vir
2008-01-02 00:48 . 2008-01-02 00:48 90,176 --a------ C:\WINDOWS\system32\vmphsowv.dll.vir
2008-01-01 21:44 . 2008-01-01 21:44 23,600 --a------ C:\WINDOWS\system32\drivers\tvichw32.sys
2007-12-31 00:16 . 2007-12-31 00:16 <REP> d-------- C:\Program Files\Trend Micro
2007-12-31 00:14 . 2007-12-31 00:14 812,344 --a------ C:\Program Files\HJTInstall.exe
2007-12-30 21:51 . 2007-12-30 21:51 40,960 --a------ C:\WINDOWS\system32\wvuvttt.dll
2007-12-30 21:45 . 2007-12-27 22:11 173,056 -r-hs---- C:\WINDOWS\wkssvr.exe
2007-12-23 14:50 . 2007-12-23 14:50 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\You've Got Pictures Screensaver
2007-12-11 20:46 . 2007-12-11 20:46 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 20:46 . 2007-12-11 20:46 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-12-11 20:46 . 2007-12-11 20:46 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
2007-12-11 20:46 . 2007-12-11 20:46 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-12-11 20:45 . 2007-12-11 20:45 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-12-11 20:45 . 2007-12-11 20:45 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-12-11 20:43 . 2007-12-11 20:43 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-11 20:43 . 2007-12-11 20:43 8,835 --a--c--- C:\WINDOWS\system32\dpufr.qm
2007-12-11 20:43 . 2007-12-11 20:43 3,162 --a--c--- C:\WINDOWS\system32\dtu_fr.qm
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 14:48 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-05 14:31 --------- d-----w C:\Program Files\QuickTime
2008-01-05 10:54 --------- d-----w C:\Documents and Settings\RICCO\Application Data\uTorrent
2008-01-04 23:37 --------- d-----w C:\Program Files\Trojan Remover
2008-01-04 23:37 --------- d-----w C:\Program Files\TomTom HOME
2008-01-04 23:37 --------- d-----w C:\Program Files\MSN Messenger
2008-01-04 23:37 --------- d-----w C:\Program Files\iTunes
2007-12-24 13:00 --------- d-----w C:\Program Files\DivX
2007-12-21 23:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-12-13 02:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-11 19:44 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-11 19:44 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-11 19:44 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-12-11 19:44 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-11 19:44 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-11 19:44 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 19:44 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-12-11 19:44 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 19:44 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll
2007-12-11 19:44 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
2007-12-11 19:44 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-12-11 19:44 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll
2007-12-11 19:44 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-04 14:56 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-30 02:00 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-10 23:49 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:49 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:49 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:49 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:49 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:49 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:49 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:49 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:49 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:49 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:49 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:49 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:49 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:49 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:49 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:49 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:49 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:49 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:49 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:49 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:49 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:49 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 11:00 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 11:00 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-07-06 20:49 6,375,184 ----a-w C:\Program Files\trsetup anti trojan.exe
2007-05-06 13:53 4,943,118 ----a-w C:\Program Files\photo Editor.exe
2006-03-19 21:53 1,107,787 -c--a-w C:\Program Files\wrar351fr.exe
.
[code]<pre>
----a-w 737,872 2008-01-04 23:36:59 C:\Program Files\Trojan Remover\Trjscan .exe
</pre>[/code]
((((((((((((((((((((((((((((( snapshot@2008-01-05_15.34.37.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-05 14:49:17 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4b0.dat
+ 2008-01-05 14:48:37 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_568.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bba398c2-6522-43cd-a7ca-1d1fcaf58714}]
C:\WINDOWS\system32\ihyqgedf.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2008-01-04 18:16 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 19:04 77824 C:\WINDOWS\SOUNDMAN.EXE]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2008-01-05 11:58 110740]
"POINTER"="point32.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [ ]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2008-01-05 09:41 1065800]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Microsoft Office.lnk - C:\Program Files\microsoft office\Office\OSA9.EXE [1999-02-17 21:05:56]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe
R0 SI3112r;ATI-437A Serial ATA Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2004-08-27 15:18]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-03-23 22:37]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d6c0c8c-9b74-11dc-82cc-00038a000015}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-05 14:00:00 C:\WINDOWS\Tasks\84BA36CF834DAD13.job"
- c:\docume~1\ricco\applic~1\greylogo\WIPE GLOBAL SEND.exe
"2007-12-24 21:12:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2005-09-28 19:08:51 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-01-05 14:04:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 15:55:23
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-05 15:56:15
ComboFix-quarantined-files.txt 2008-01-05 14:56:11
ComboFix2.txt 2008-01-05 11:00:54
ComboFix3.txt 2007-12-30 23:41:58
ComboFix4.txt 2007-12-30 22:45:37
.
2007-12-13 02:03:26 --- E O F ---
Rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:56:48, on 05/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.118712.fr/sortir.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: {41785fac-f1d1-ac7a-dc34-22562c893abb} - {bba398c2-6522-43cd-a7ca-1d1fcaf58714} - C:\WINDOWS\system32\ihyqgedf.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\Office\OSA9.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
rapport combofix
ComboFix 08-01-04.1 - RICCO 2008-01-05 15:52:19.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.996 [GMT 1:00]
Running from: C:\Documents and Settings\RICCO\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-05 to 2008-01-05 ))))))))))))))))))))))))))))))))))))
.
2008-01-05 10:33 . 2008-01-05 10:33 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-01-05 10:20 . 2008-01-05 10:20 <REP> d-------- C:\VundoFix Backups
2008-01-05 00:43 . 2008-01-05 15:29 <REP> d-------- C:\Program Files\Spyware Doctor
2008-01-05 00:43 . 2008-01-05 00:43 <REP> d-------- C:\Documents and Settings\RICCO\Application Data\PC Tools
2008-01-05 00:43 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-01-05 00:43 . 2008-01-05 00:44 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-05 00:43 . 2008-01-05 00:44 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-05 00:43 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-05 00:43 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-01-04 23:52 . 2008-01-04 23:52 344,576 --a------ C:\WINDOWS\system32\ssqpo.dll.vir
2008-01-04 23:51 . 2008-01-04 23:51 40,960 --a------ C:\WINDOWS\system32\wvuvttt.dll.vir
2008-01-02 00:48 . 2008-01-04 18:16 1,044,400 --a------ C:\WINDOWS\system32\vwoshpmv.ini.vir
2008-01-02 00:48 . 2008-01-02 00:48 90,176 --a------ C:\WINDOWS\system32\vmphsowv.dll.vir
2008-01-01 21:44 . 2008-01-01 21:44 23,600 --a------ C:\WINDOWS\system32\drivers\tvichw32.sys
2007-12-31 00:16 . 2007-12-31 00:16 <REP> d-------- C:\Program Files\Trend Micro
2007-12-31 00:14 . 2007-12-31 00:14 812,344 --a------ C:\Program Files\HJTInstall.exe
2007-12-30 21:51 . 2007-12-30 21:51 40,960 --a------ C:\WINDOWS\system32\wvuvttt.dll
2007-12-30 21:45 . 2007-12-27 22:11 173,056 -r-hs---- C:\WINDOWS\wkssvr.exe
2007-12-23 14:50 . 2007-12-23 14:50 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\You've Got Pictures Screensaver
2007-12-11 20:46 . 2007-12-11 20:46 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 20:46 . 2007-12-11 20:46 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-12-11 20:46 . 2007-12-11 20:46 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
2007-12-11 20:46 . 2007-12-11 20:46 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-12-11 20:45 . 2007-12-11 20:45 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-12-11 20:45 . 2007-12-11 20:45 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-12-11 20:43 . 2007-12-11 20:43 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-11 20:43 . 2007-12-11 20:43 8,835 --a--c--- C:\WINDOWS\system32\dpufr.qm
2007-12-11 20:43 . 2007-12-11 20:43 3,162 --a--c--- C:\WINDOWS\system32\dtu_fr.qm
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 14:48 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-05 14:31 --------- d-----w C:\Program Files\QuickTime
2008-01-05 10:54 --------- d-----w C:\Documents and Settings\RICCO\Application Data\uTorrent
2008-01-04 23:37 --------- d-----w C:\Program Files\Trojan Remover
2008-01-04 23:37 --------- d-----w C:\Program Files\TomTom HOME
2008-01-04 23:37 --------- d-----w C:\Program Files\MSN Messenger
2008-01-04 23:37 --------- d-----w C:\Program Files\iTunes
2007-12-24 13:00 --------- d-----w C:\Program Files\DivX
2007-12-21 23:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-12-13 02:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-11 19:44 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-11 19:44 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-11 19:44 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-12-11 19:44 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-11 19:44 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-11 19:44 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 19:44 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-12-11 19:44 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 19:44 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll
2007-12-11 19:44 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
2007-12-11 19:44 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-12-11 19:44 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll
2007-12-11 19:44 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-04 14:56 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-30 02:00 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-10 23:49 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:49 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:49 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:49 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:49 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:49 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:49 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:49 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:49 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:49 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:49 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:49 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:49 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:49 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:49 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:49 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:49 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:49 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:49 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:49 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:49 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:49 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 11:00 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 11:00 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-07-06 20:49 6,375,184 ----a-w C:\Program Files\trsetup anti trojan.exe
2007-05-06 13:53 4,943,118 ----a-w C:\Program Files\photo Editor.exe
2006-03-19 21:53 1,107,787 -c--a-w C:\Program Files\wrar351fr.exe
.
[code]<pre>
----a-w 737,872 2008-01-04 23:36:59 C:\Program Files\Trojan Remover\Trjscan .exe
</pre>[/code]
((((((((((((((((((((((((((((( snapshot@2008-01-05_15.34.37.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-05 14:49:17 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4b0.dat
+ 2008-01-05 14:48:37 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_568.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bba398c2-6522-43cd-a7ca-1d1fcaf58714}]
C:\WINDOWS\system32\ihyqgedf.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2008-01-04 18:16 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 19:04 77824 C:\WINDOWS\SOUNDMAN.EXE]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2008-01-05 11:58 110740]
"POINTER"="point32.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [ ]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2008-01-05 09:41 1065800]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Microsoft Office.lnk - C:\Program Files\microsoft office\Office\OSA9.EXE [1999-02-17 21:05:56]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe
R0 SI3112r;ATI-437A Serial ATA Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2004-08-27 15:18]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-03-23 22:37]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d6c0c8c-9b74-11dc-82cc-00038a000015}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-05 14:00:00 C:\WINDOWS\Tasks\84BA36CF834DAD13.job"
- c:\docume~1\ricco\applic~1\greylogo\WIPE GLOBAL SEND.exe
"2007-12-24 21:12:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2005-09-28 19:08:51 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-01-05 14:04:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 15:55:23
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-05 15:56:15
ComboFix-quarantined-files.txt 2008-01-05 14:56:11
ComboFix2.txt 2008-01-05 11:00:54
ComboFix3.txt 2007-12-30 23:41:58
ComboFix4.txt 2007-12-30 22:45:37
.
2007-12-13 02:03:26 --- E O F ---
Rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:56:48, on 05/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.118712.fr/sortir.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: {41785fac-f1d1-ac7a-dc34-22562c893abb} - {bba398c2-6522-43cd-a7ca-1d1fcaf58714} - C:\WINDOWS\system32\ihyqgedf.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\Office\OSA9.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
Lyonnais92
Messages postés
25159
Date d'inscription
vendredi 23 juin 2006
Statut
Contributeur sécurité
Dernière intervention
16 septembre 2016
1 536
5 janv. 2008 à 23:41
5 janv. 2008 à 23:41
Re,
Télécharge RenV.exe sur ton Bureau (impératif)
http://download.bleepingcomputer.com/sUBs/Beta/RenV.exe
Créé un fichier Bloc Notes avec le texte qui se trouve en gras ci-dessous (copie/colle)
C:\Program Files\Trojan Remover\Trjscan .exe
Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>
Choisis "Enregistrer sous" et choisis "Bureau"
Dans le champs "Nom du fichier" en bas de page donne le nom suivant:Log en fichier texte .txt
Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"
Ferme le Bloc Notes.
Fait un glisser/déposer de ce fichier Log.txt sur le fichier RenV.exe :
clique sur l'icône de Log.txt et garde le doigt enfoncé, fais glisser ta souris jusqu'à ce que l'icône de Log.txt recouvre l'icône de RenV.exe. Relache le doigt de la souris
le programme RenV va démarrer et produire un rapport.
Poste le dans ta réponse.
Télécharge RenV.exe sur ton Bureau (impératif)
http://download.bleepingcomputer.com/sUBs/Beta/RenV.exe
Créé un fichier Bloc Notes avec le texte qui se trouve en gras ci-dessous (copie/colle)
C:\Program Files\Trojan Remover\Trjscan .exe
Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>
Choisis "Enregistrer sous" et choisis "Bureau"
Dans le champs "Nom du fichier" en bas de page donne le nom suivant:Log en fichier texte .txt
Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"
Ferme le Bloc Notes.
Fait un glisser/déposer de ce fichier Log.txt sur le fichier RenV.exe :
clique sur l'icône de Log.txt et garde le doigt enfoncé, fais glisser ta souris jusqu'à ce que l'icône de Log.txt recouvre l'icône de RenV.exe. Relache le doigt de la souris
le programme RenV va démarrer et produire un rapport.
Poste le dans ta réponse.
Lyonnais92
Messages postés
25159
Date d'inscription
vendredi 23 juin 2006
Statut
Contributeur sécurité
Dernière intervention
16 septembre 2016
1 536
6 janv. 2008 à 00:44
6 janv. 2008 à 00:44
Re,
ça n'a pas marché. On part sur une maneuvre un peu plus compliquée.
1) Imprime ces instructions ou sauvegarde les dans un fichier texte sur ton Bureau.
2) Redémarre en mode sans échec
Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter.
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.
(Si tu as choisi de sauvegarder les instructions, ouvre le fichier texte que tu as sauvegardé sur ton Bureau afin de suivre les instructions comme il faut)
3) Double-clique sur RenV.exe ( qui se trouve sur ton Bureau) pour le lancer, et patiente.
Un rapport, log.txt, sera crée, et s'ouvrira à la fin du scan, sauvegarde le sur ton Bureau :
* Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>
* Choisis "Enregistrer sous" et choisis "Bureau"
* Dans le champs "Nom du fichier" en bas de page donne le nom suivant : Log.txt
* Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"
* ferme ce fichier txt nouvellement crée.
Puis fait un glisser/déposer de ce fichier Log.txt sur le fichier RenV.exe (même maneuvre que celle du post 18)
--> Cela va produire un nouveau rapport Log.txt que tu enverras dans ta réponse une fois le PC redémarré en mode normal
------------------------------------------------------------------------------------------ ----------------------
4) A faire sous Internet Explorer
* Rends toi sur ESET Online Scanner Link https://www.eset.com/int/home/online-scanner/
* Coche la case YES, I accept the Terms Of Use
* Clicque sur le bouton Start
* Clique maintenant sur Install button
* Clicque a nouveau sur Start
Les mises a jours du scan en ligne vont se faire.
* Ne coche pas Remove found threats
* Clique sur Scan button
Le scan va démarrer, sois patient.
* Quand le scan sera terminé, clique sur Details tab ( ou l'onglet détails)
* Copie colle en réponse le contenu de C:\Program Files\EsetOnlineScanner\log.txt back
ça n'a pas marché. On part sur une maneuvre un peu plus compliquée.
1) Imprime ces instructions ou sauvegarde les dans un fichier texte sur ton Bureau.
2) Redémarre en mode sans échec
Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter.
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.
(Si tu as choisi de sauvegarder les instructions, ouvre le fichier texte que tu as sauvegardé sur ton Bureau afin de suivre les instructions comme il faut)
3) Double-clique sur RenV.exe ( qui se trouve sur ton Bureau) pour le lancer, et patiente.
Un rapport, log.txt, sera crée, et s'ouvrira à la fin du scan, sauvegarde le sur ton Bureau :
* Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>
* Choisis "Enregistrer sous" et choisis "Bureau"
* Dans le champs "Nom du fichier" en bas de page donne le nom suivant : Log.txt
* Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"
* ferme ce fichier txt nouvellement crée.
Puis fait un glisser/déposer de ce fichier Log.txt sur le fichier RenV.exe (même maneuvre que celle du post 18)
--> Cela va produire un nouveau rapport Log.txt que tu enverras dans ta réponse une fois le PC redémarré en mode normal
------------------------------------------------------------------------------------------ ----------------------
4) A faire sous Internet Explorer
* Rends toi sur ESET Online Scanner Link https://www.eset.com/int/home/online-scanner/
* Coche la case YES, I accept the Terms Of Use
* Clicque sur le bouton Start
* Clique maintenant sur Install button
* Clicque a nouveau sur Start
Les mises a jours du scan en ligne vont se faire.
* Ne coche pas Remove found threats
* Clique sur Scan button
Le scan va démarrer, sois patient.
* Quand le scan sera terminé, clique sur Details tab ( ou l'onglet détails)
* Copie colle en réponse le contenu de C:\Program Files\EsetOnlineScanner\log.txt back
Bonjour,
Re
Voici le rapport Renv.exe en mode sans echec
[code]
Ran on 06/01/2008 - 11:36:52,32
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
[/code]
Voici le rapport ESET Online Scan
# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2767 (20080106)
# vers_arch_module=1.060 (20071228)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=9a3ead558ddfb64fb7807a193dcb32ff
# end=finished
# remove_checked=false
# unwanted_checked=false
# utc_time=2008-01-06 11:45:00
# local_time=2008-01-06 12:45:00 (+0100, Paris, Madrid)
# country="France"
# osver=5.1.2600 NT Service Pack 2
# scanned=449758
# found=45
# scan_time=3703
C:\Program Files\Alwil Software\Avast4\ashDisp.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\Program Files\iTunes\iTunesHelper.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\Program Files\MSN Messenger\MsnMsgr.Exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\Program Files\TomTom HOME\TomTomHOME.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\APPS\Powercinema\PCMService.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\images.zip.vir Win32/Agent.NOP trojan 2F8EFB4319FBFA65195F3244589A613B
C:\QooBox\Quarantine\C\WINDOWS\system32\ctfmon.exe.tmp.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\RCX1C.tmp.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\RCX1D.tmp.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\ssqpo.dll.vir Win32/Adware.Virtumonde.FP application 118DEB473A87C62CD896318C2B79C9DE
C:\VundoFix Backups\ssqpo.exe.bad Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\WINDOWS\wkssvr.exe Win32/Agent.NOP trojan DB63C100B6C1605CA9F6F36C31585988
C:\WINDOWS\system32\ssqpo.dll.vir Win32/Adware.Virtumonde.FP application 118DEB473A87C62CD896318C2B79C9DE
C:\WINDOWS\system32\vmphsowv.dll.vir Win32/Adware.Virtumonde application 362CAAA69702F7CDC2EE13CAA0223A97
Merci pour votre aide
Sév
Re
Voici le rapport Renv.exe en mode sans echec
[code]
Ran on 06/01/2008 - 11:36:52,32
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
[/code]
Voici le rapport ESET Online Scan
# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2767 (20080106)
# vers_arch_module=1.060 (20071228)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=9a3ead558ddfb64fb7807a193dcb32ff
# end=finished
# remove_checked=false
# unwanted_checked=false
# utc_time=2008-01-06 11:45:00
# local_time=2008-01-06 12:45:00 (+0100, Paris, Madrid)
# country="France"
# osver=5.1.2600 NT Service Pack 2
# scanned=449758
# found=45
# scan_time=3703
C:\Program Files\Alwil Software\Avast4\ashDisp.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\Program Files\iTunes\iTunesHelper.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\Program Files\MSN Messenger\MsnMsgr.Exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\Program Files\TomTom HOME\TomTomHOME.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\APPS\Powercinema\PCMService.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\images.zip.vir Win32/Agent.NOP trojan 2F8EFB4319FBFA65195F3244589A613B
C:\QooBox\Quarantine\C\WINDOWS\system32\ctfmon.exe.tmp.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\RCX1C.tmp.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\RCX1D.tmp.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\ssqpo.dll.vir Win32/Adware.Virtumonde.FP application 118DEB473A87C62CD896318C2B79C9DE
C:\VundoFix Backups\ssqpo.exe.bad Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\WINDOWS\wkssvr.exe Win32/Agent.NOP trojan DB63C100B6C1605CA9F6F36C31585988
C:\WINDOWS\system32\ssqpo.dll.vir Win32/Adware.Virtumonde.FP application 118DEB473A87C62CD896318C2B79C9DE
C:\WINDOWS\system32\vmphsowv.dll.vir Win32/Adware.Virtumonde application 362CAAA69702F7CDC2EE13CAA0223A97
Merci pour votre aide
Sév
Lyonnais92
Messages postés
25159
Date d'inscription
vendredi 23 juin 2006
Statut
Contributeur sécurité
Dernière intervention
16 septembre 2016
1 536
6 janv. 2008 à 14:20
6 janv. 2008 à 14:20
Bonjour,
il me semble que on a bien avancé, mais on est sur une procédure toute neuve, donc je suis prudent.
redémarre l'ordi et remets un rapport Hijackthis et un rapport combofix.
il me semble que on a bien avancé, mais on est sur une procédure toute neuve, donc je suis prudent.
redémarre l'ordi et remets un rapport Hijackthis et un rapport combofix.
Re
Voici les rapports :
Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:20:39, on 06/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.118712.fr/sortir.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: {41785fac-f1d1-ac7a-dc34-22562c893abb} - {bba398c2-6522-43cd-a7ca-1d1fcaf58714} - C:\WINDOWS\system32\ihyqgedf.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\Office\OSA9.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
Voici les rapports :
Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:20:39, on 06/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.118712.fr/sortir.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: {41785fac-f1d1-ac7a-dc34-22562c893abb} - {bba398c2-6522-43cd-a7ca-1d1fcaf58714} - C:\WINDOWS\system32\ihyqgedf.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\Office\OSA9.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
^^Marie^^
Messages postés
113901
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
28 août 2020
3 275
6 janv. 2008 à 14:33
6 janv. 2008 à 14:33
Merci Lyonnais
^^Marie^^
Messages postés
113901
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
28 août 2020
3 275
6 janv. 2008 à 16:00
6 janv. 2008 à 16:00
Là, je suis car c'est un nouveau Fix donc, je retourne à l'école ;;))
jorginho67
Messages postés
14716
Date d'inscription
mardi 11 septembre 2007
Statut
Contributeur sécurité
Dernière intervention
11 février 2011
1 169
6 janv. 2008 à 17:24
6 janv. 2008 à 17:24
salut à vous !
I'm in too ! ;-)
I'm in too ! ;-)
^^Marie^^
Messages postés
113901
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
28 août 2020
3 275
>
Sev
6 janv. 2008 à 18:24
6 janv. 2008 à 18:24
De quoi c'est pas malin ??
Patientes au retour de Lyonnais
Ne t'inquiette pas
A++
Patientes au retour de Lyonnais
Ne t'inquiette pas
A++
Sev
>
^^Marie^^
Messages postés
113901
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
28 août 2020
6 janv. 2008 à 18:51
6 janv. 2008 à 18:51
Bonsoir Marie
Je repondais au précédent poste Marie...
En tout cas, merci pour ton aide et celui de Lyonnais ;)
A+
Je repondais au précédent poste Marie...
En tout cas, merci pour ton aide et celui de Lyonnais ;)
A+
jorginho67
Messages postés
14716
Date d'inscription
mardi 11 septembre 2007
Statut
Contributeur sécurité
Dernière intervention
11 février 2011
1 169
6 janv. 2008 à 19:06
6 janv. 2008 à 19:06
Salut Sev !
Je repondais au précédent poste Marie...
j'aurais du le préciser, scuze me, suis aussi désinfecteur, j'ai voulu dire que je suivrais ( en arriere ) ce topic interressant avec Lyonnais et ^^Mary^^
pourquoi ? http://www.commentcamarche.net/forum/affich 4537691 cheval de troie sur windows sytem32 ssqpo dll#22
ne t'inquietes surtout pas, en cas de doute d'un intervenant ici ( ou ailleurs ),toujours vérifier le profil des interlocuteurs, au vu des méssages postés, tu sauras en qui faire confiance ..
en cliquant sur le pseudo, tu as accès aux profils des membres !
si en plus IL s'agit d'un membre contributeur, encore mieux ! tu seras en de bonnes mains.
CCMement
The Punisher
Je repondais au précédent poste Marie...
j'aurais du le préciser, scuze me, suis aussi désinfecteur, j'ai voulu dire que je suivrais ( en arriere ) ce topic interressant avec Lyonnais et ^^Mary^^
pourquoi ? http://www.commentcamarche.net/forum/affich 4537691 cheval de troie sur windows sytem32 ssqpo dll#22
ne t'inquietes surtout pas, en cas de doute d'un intervenant ici ( ou ailleurs ),toujours vérifier le profil des interlocuteurs, au vu des méssages postés, tu sauras en qui faire confiance ..
en cliquant sur le pseudo, tu as accès aux profils des membres !
si en plus IL s'agit d'un membre contributeur, encore mieux ! tu seras en de bonnes mains.
CCMement
The Punisher
Oki doki, j'en prends note, merci pour l'info.
Je suis heureuse de penser que mon cas est interessant...je sais pa si je dois le prendre pour un compliment LOLOL
Merci à vous tous pour votre aide
Sév
Je suis heureuse de penser que mon cas est interessant...je sais pa si je dois le prendre pour un compliment LOLOL
Merci à vous tous pour votre aide
Sév
Lyonnais92
Messages postés
25159
Date d'inscription
vendredi 23 juin 2006
Statut
Contributeur sécurité
Dernière intervention
16 septembre 2016
1 536
6 janv. 2008 à 19:49
6 janv. 2008 à 19:49
Re,
Sev, c'est normal que le post soit suivi.
1) Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\WINDOWS\Tasks\84BA36CF834DAD13.job
C:\WINDOWS\system32\ssqpo.dll.vir
C:\WINDOWS\system32\wvuvttt.dll.vir
C:\WINDOWS\system32\vwoshpmv.ini.vir
C:\WINDOWS\system32\vmphsowv.dll.vir
C:\WINDOWS\system32\wvuvttt.dll
C:\WINDOWS\wkssvr.exe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bba398c2-6522-43cd-a7ca-1d1fcaf58714}]
Enregistre ce fichier sous le nom CFscript
* Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe : clique sur CFScript, garde le doigt enfoncé et fais glisser la souris pour que l'icone de CFScript recouvre celle de Conbofix. Relache la souris. Combofix va démarrrer
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu,.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
2) Télécharge ceci: (by Moe) :
http://sosvirus.changelog.fr/Green_day/Lopxpsetup.exe
Double clic sur Lopxpsetup.exe pour lancer l'installation
Au menu, choisir l'option 1
Patienter jusqu'à que l'on demande d'appuyer sur une touche, appuyer !
Une rapport sera alors crée, à copie/colle en entier sur le forum.
3) Tu sembles ne pas avoir de parefeu contrôlant les connexions sortantes, ce qui est un risque de sécurité.
Si c'est le cas tu as le choix entre ces deux possibilités :
Zone Alarm Tuto et lien de téléchargement ici :
https://www.malekal.com/tutoriel-zonealarm-firewall/
Kerio Tuto et lien de téléchargement ici :
http://www.malekal.com/kerio_firewall.php
Il y en a d'autres que tu peux trouver en ouvrant ce lien :
http://www.malekal.com/menu_tutorials_logiciels.php
Il faut que tu désactives le parefeu de Windows (panneau de configuration, parefeu de Windows) après le téléchargement et avant l'installation (déconnecte toi du Net à ce moment là).
4) Remets aussi un rapport Hijackthis.
Sev, c'est normal que le post soit suivi.
1) Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\WINDOWS\Tasks\84BA36CF834DAD13.job
C:\WINDOWS\system32\ssqpo.dll.vir
C:\WINDOWS\system32\wvuvttt.dll.vir
C:\WINDOWS\system32\vwoshpmv.ini.vir
C:\WINDOWS\system32\vmphsowv.dll.vir
C:\WINDOWS\system32\wvuvttt.dll
C:\WINDOWS\wkssvr.exe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bba398c2-6522-43cd-a7ca-1d1fcaf58714}]
Enregistre ce fichier sous le nom CFscript
* Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe : clique sur CFScript, garde le doigt enfoncé et fais glisser la souris pour que l'icone de CFScript recouvre celle de Conbofix. Relache la souris. Combofix va démarrrer
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu,.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
2) Télécharge ceci: (by Moe) :
http://sosvirus.changelog.fr/Green_day/Lopxpsetup.exe
Double clic sur Lopxpsetup.exe pour lancer l'installation
Au menu, choisir l'option 1
Patienter jusqu'à que l'on demande d'appuyer sur une touche, appuyer !
Une rapport sera alors crée, à copie/colle en entier sur le forum.
3) Tu sembles ne pas avoir de parefeu contrôlant les connexions sortantes, ce qui est un risque de sécurité.
Si c'est le cas tu as le choix entre ces deux possibilités :
Zone Alarm Tuto et lien de téléchargement ici :
https://www.malekal.com/tutoriel-zonealarm-firewall/
Kerio Tuto et lien de téléchargement ici :
http://www.malekal.com/kerio_firewall.php
Il y en a d'autres que tu peux trouver en ouvrant ce lien :
http://www.malekal.com/menu_tutorials_logiciels.php
Il faut que tu désactives le parefeu de Windows (panneau de configuration, parefeu de Windows) après le téléchargement et avant l'installation (déconnecte toi du Net à ce moment là).
4) Remets aussi un rapport Hijackthis.
Re Lyonnais92
Concernant le pare-feu, j'avais avast mais meme avec ce logiciel, j'ai reussi a étre infecté.
Concernant les raccourcis des sites sur ta reponse, je n'arrive pas à y avoir acces...
Voici les rapports demandés :
Combofix
ComboFix 08-01-04.1 - RICCO 2008-01-06 20:23:40.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1025 [GMT 1:00]
Running from: C:\Documents and Settings\RICCO\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\RICCO\Bureau\CFscript.txt
* Created a new restore point
FILE
C:\WINDOWS\system32\ssqpo.dll.vir
C:\WINDOWS\system32\vmphsowv.dll.vir
C:\WINDOWS\system32\vwoshpmv.ini.vir
C:\WINDOWS\system32\wvuvttt.dll
C:\WINDOWS\system32\wvuvttt.dll.vir
C:\WINDOWS\wkssvr.exe
File::C:\WINDOWS\Tasks\84BA36CF834DAD13.job
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\ssqpo.dll.vir
C:\WINDOWS\system32\vmphsowv.dll.vir
C:\WINDOWS\system32\vwoshpmv.ini.vir
C:\WINDOWS\system32\wvuvttt.dll
C:\WINDOWS\system32\wvuvttt.dll.vir
C:\WINDOWS\wkssvr.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))))))))
.
2008-01-06 11:41 . 2008-01-06 12:45 <REP> d-------- C:\Program Files\EsetOnlineScanner
2008-01-05 10:33 . 2008-01-05 10:33 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-01-05 10:20 . 2008-01-05 10:20 <REP> d-------- C:\VundoFix Backups
2008-01-05 00:43 . 2008-01-05 15:29 <REP> d-------- C:\Program Files\Spyware Doctor
2008-01-05 00:43 . 2008-01-05 00:43 <REP> d-------- C:\Documents and Settings\RICCO\Application Data\PC Tools
2008-01-05 00:43 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-01-05 00:43 . 2008-01-05 00:44 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-05 00:43 . 2008-01-05 00:44 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-05 00:43 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-05 00:43 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-01-01 21:44 . 2008-01-01 21:44 23,600 --a------ C:\WINDOWS\system32\drivers\tvichw32.sys
2007-12-31 00:16 . 2007-12-31 00:16 <REP> d-------- C:\Program Files\Trend Micro
2007-12-31 00:14 . 2007-12-31 00:14 812,344 --a------ C:\Program Files\HJTInstall.exe
2007-12-23 14:50 . 2007-12-23 14:50 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\You've Got Pictures Screensaver
2007-12-11 20:46 . 2007-12-11 20:46 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 20:46 . 2007-12-11 20:46 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-12-11 20:46 . 2007-12-11 20:46 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
2007-12-11 20:46 . 2007-12-11 20:46 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-12-11 20:45 . 2007-12-11 20:45 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-12-11 20:45 . 2007-12-11 20:45 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-12-11 20:43 . 2007-12-11 20:43 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-11 20:43 . 2007-12-11 20:43 8,835 --a--c--- C:\WINDOWS\system32\dpufr.qm
2007-12-11 20:43 . 2007-12-11 20:43 3,162 --a--c--- C:\WINDOWS\system32\dtu_fr.qm
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-06 14:47 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-06 10:36 --------- d-----w C:\Program Files\Trojan Remover
2008-01-05 14:31 --------- d-----w C:\Program Files\QuickTime
2008-01-05 10:54 --------- d-----w C:\Documents and Settings\RICCO\Application Data\uTorrent
2008-01-04 23:37 --------- d-----w C:\Program Files\TomTom HOME
2008-01-04 23:37 --------- d-----w C:\Program Files\MSN Messenger
2008-01-04 23:37 --------- d-----w C:\Program Files\iTunes
2007-12-24 13:00 --------- d-----w C:\Program Files\DivX
2007-12-21 23:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-12-13 02:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-11 19:44 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-11 19:44 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-11 19:44 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-12-11 19:44 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-11 19:44 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-11 19:44 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 19:44 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-12-11 19:44 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 19:44 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll
2007-12-11 19:44 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
2007-12-11 19:44 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-12-11 19:44 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll
2007-12-11 19:44 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-04 14:56 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-30 02:00 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-10 23:49 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:49 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:49 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:49 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:49 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:49 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:49 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:49 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:49 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:49 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:49 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:49 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:49 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:49 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:49 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:49 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:49 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:49 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:49 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:49 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:49 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:49 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 11:00 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 11:00 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-07-06 20:49 6,375,184 ----a-w C:\Program Files\trsetup anti trojan.exe
2007-05-06 13:53 4,943,118 ----a-w C:\Program Files\photo Editor.exe
2006-03-19 21:53 1,107,787 -c--a-w C:\Program Files\wrar351fr.exe
.
((((((((((((((((((((((((((((( snapshot@2008-01-05_15.34.37.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-27 14:49:02 196,683 ----a-w C:\WINDOWS\system32\lnod32apiA.dll
+ 2007-07-27 14:49:02 225,355 ----a-w C:\WINDOWS\system32\lnod32apiW.dll
+ 2005-12-05 19:25:22 139,264 ----a-w C:\WINDOWS\system32\lnod32umc.dll
+ 2005-12-05 12:37:10 106,496 ----a-w C:\WINDOWS\system32\lnod32upd.dll
+ 2007-08-02 17:11:28 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
+ 2007-08-02 17:11:14 241,664 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
+ 2007-08-08 15:30:12 19,456 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
+ 2007-06-13 10:10:34 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
+ 2008-01-06 14:48:07 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_498.dat
+ 2008-01-06 14:47:34 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_560.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bba398c2-6522-43cd-a7ca-1d1fcaf58714}]
C:\WINDOWS\system32\ihyqgedf.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2008-01-04 18:16 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 19:04 77824 C:\WINDOWS\SOUNDMAN.EXE]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2008-01-05 11:58 110740]
"POINTER"="point32.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [ ]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2008-01-05 09:41 1065800]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Microsoft Office.lnk - C:\Program Files\microsoft office\Office\OSA9.EXE [1999-02-17 21:05:56]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
2008-01-05 00:36 737872 --a------ C:\Program Files\Trojan Remover\Trjscan.exe
R0 SI3112r;ATI-437A Serial ATA Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2004-08-27 15:18]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-03-23 22:37]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d6c0c8c-9b74-11dc-82cc-00038a000015}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-06 19:00:00 C:\WINDOWS\Tasks\84BA36CF834DAD13.job"
- c:\docume~1\ricco\applic~1\greylogo\WIPE GLOBAL SEND.exe
"2007-12-24 21:12:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2005-09-28 19:08:51 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-01-06 19:04:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 20:26:48
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-06 20:27:37
ComboFix-quarantined-files.txt 2008-01-06 19:27:34
ComboFix2.txt 2008-01-06 14:25:16
ComboFix3.txt 2008-01-05 14:56:16
ComboFix4.txt 2008-01-05 11:00:54
ComboFix5.txt 2007-12-30 23:41:58
.
2007-12-13 02:03:26 --- E O F ---
Lopxpsetup
Rapport Lopxp fait le 06/01/2008 à 20:35:08
Exécuté dans : C:\Program Files\Lopxp
Liste des processus actifs :
PID : 468 C:\WINDOWS\System32\smss.exe
PID : 520 C:\WINDOWS\system32\csrss.exe
PID : 544 C:\WINDOWS\system32\winlogon.exe
PID : 588 C:\WINDOWS\system32\services.exe
PID : 600 C:\WINDOWS\system32\lsass.exe
PID : 744 C:\WINDOWS\system32\svchost.exe
PID : 804 C:\WINDOWS\system32\svchost.exe
PID : 872 C:\WINDOWS\System32\svchost.exe
PID : 932 C:\WINDOWS\system32\svchost.exe
PID : 1100 C:\WINDOWS\system32\svchost.exe
PID : 1232 C:\WINDOWS\Explorer.EXE
PID : 1320 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PID : 1380 C:\Program Files\Alwil Software\Avast4\ashServ.exe
PID : 1596 C:\WINDOWS\system32\spoolsv.exe
PID : 1848 C:\WINDOWS\SOUNDMAN.EXE
PID : 1884 C:\Apps\Powercinema\PCMService.exe
PID : 1904 C:\Program Files\Spyware Doctor\SDTrayApp.exe
PID : 1924 C:\WINDOWS\system32\ctfmon.exe
PID : 1932 C:\Program Files\MSN Messenger\msnmsgr.exe
PID : 1964 C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
PID : 1976 C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PID : 128 C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID : 164 c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
PID : 204 c:\APPS\Powercinema\Kernel\TV\CLSched.exe
PID : 248 C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
PID : 268 C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
PID : 360 c:\APPS\HIDSERVICE\HIDSERVICE.exe
PID : 752 C:\WINDOWS\system32\nvsvc32.exe
PID : 900 C:\Program Files\Spyware Doctor\svcntaux.exe
PID : 1084 C:\Program Files\Spyware Doctor\swdsvc.exe
PID : 1652 C:\WINDOWS\system32\slserv.exe
PID : 1692 C:\WINDOWS\System32\snmp.exe
PID : 1708 C:\WINDOWS\system32\svchost.exe
PID : 2736 C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PID : 2816 C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PID : 3132 C:\WINDOWS\System32\alg.exe
PID : 3764 C:\Program Files\MSN Messenger\usnsvc.exe
PID : 4052 C:\WINDOWS\system32\wuauclt.exe
PID : 3360 C:\WINDOWS\system32\cmd.exe
PID : 3536 C:\Program Files\Lopxp\tools\pv.exe
___________________________________________________________________________
[Tâches planifiées]
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
Cr : 04/06/2007 à 23:22
Mo : 24/12/2007 à 22:12
Fichier exécuté : C\Program Files\Apple Software Update\SoftwareUpdate.exe -task
C:\WINDOWS\tasks\Rappel d'enregistrement 3.job
Cr : 28/09/2005 à 20:08
Mo : 28/09/2005 à 20:08
Fichier exécuté : C\WINDOWS\system32\OOBE\oobebaln.exe /sys /r /n:3
C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job
Fichier exécuté : C\Program Files\Windows Live Toolbar\MSNTBUP.EXE
C:\WINDOWS\tasks\84BA36CF834DAD13.job
Cr : 28/02/2007 à 09:47
Mo : 06/01/2008 à 20:00
Fichier exécuté : c:\docume~1\ricco\applic~1\greylogo\WIPE GLOBAL SEND.exe
___________________________________________________________________________
[Listing des dossiers Application Data]
cr: Date Création | mo: Date Modification -=- Nom Long -= Nom Court (8.3)
+- C:\Documents and Settings\Administrateur\Application Data
cr: 07/01/2006 20:52:56 | mo: 16/08/2004 17:19:22 -=- IDENTI~1 -= Identities
cr: 07/01/2006 20:52:56 | mo: 16/08/2004 16:54:32 -=- MICROS~1 -= Microsoft
cr: 07/01/2006 20:52:56 | mo: 28/09/2005 19:56:25 -=- Real -----= Real
cr: 07/01/2006 20:52:56 | mo: 28/09/2005 19:45:26 -=- Sun ------= Sun
cr: 07/01/2006 20:52:56 | mo: 28/09/2005 19:53:13 -=- Symantec -= Symantec
cr: 07/01/2006 20:52:56 | mo: 28/09/2005 19:51:01 -=- YOU'VE~1 -= You've Got Pictures Screensaver
+- C:\Documents and Settings\Administrateur\Local Settings\Application Data
cr: 07/01/2006 20:52:56 | mo: 28/09/2005 19:57:39 -=- MICROS~1 -= Microsoft
cr: 07/01/2006 20:52:56 | mo: 28/09/2005 19:55:57 -=- POWERC~1 -= PowerCinema
cr: 07/01/2006 20:52:56 | mo: 28/09/2005 19:45:20 -=- {7148F~1 -= {7148F0A6-6813-11D6-A77B-00B0D0142050}
+- C:\Documents and Settings\All Users\Application Data
cr: 13/01/2007 22:17:05 | mo: 13/01/2007 22:17:05 -=- Adobe ----= Adobe
cr: 28/09/2005 19:50:25 | mo: 06/11/2005 19:56:36 -=- AOL ------= AOL
cr: 13/08/2007 20:21:51 | mo: 13/08/2007 20:21:51 -=- Apple ----= Apple
cr: 04/06/2007 23:22:21 | mo: 15/10/2007 18:20:39 -=- APPLEC~1 -= Apple Computer
cr: 23/03/2006 22:37:08 | mo: 23/03/2006 22:37:08 -=- BOONTY ---= BOONTY
cr: 28/09/2005 19:55:57 | mo: 07/12/2005 17:03:59 -=- CYBERL~1 -= CyberLink
cr: 04/09/2006 20:29:50 | mo: 21/01/2007 18:26:20 -=- Google ---= Google
cr: 07/01/2007 21:40:52 | mo: 07/01/2007 21:40:52 -=- MESSEN~1 -= Messenger Plus!
cr: 16/08/2004 16:54:30 | mo: 12/02/2006 14:57:52 -=- MICROS~1 -= Microsoft
cr: 03/02/2007 16:38:48 | mo: 03/02/2007 16:38:48 -=- MICROS~2 -= Microsoft Corporation
cr: 30/05/2007 17:08:44 | mo: 13/12/2007 03:02:17 -=- MICROS~3 -= Microsoft Help
cr: 17/01/2006 17:43:48 | mo: 22/12/2007 00:56:31 -=- NVIEW_~1 -= nView_Profiles
cr: 28/09/2005 19:50:56 | mo: 07/11/2005 20:25:46 -=- QUICKT~1 -= QuickTime
cr: 16/08/2004 17:28:46 | mo: 16/08/2004 17:28:48 -=- SBSI -----= SBSI
cr: 06/07/2007 21:51:30 | mo: 06/07/2007 21:51:30 -=- SIMPLY~1 -= Simply Super Software
cr: 28/09/2005 19:52:41 | mo: 12/08/2006 23:10:54 -=- Symantec -= Symantec
cr: 06/07/2007 21:52:29 | mo: 06/01/2008 20:30:10 -=- TEMP -----= TEMP
cr: 03/10/2005 17:19:05 | mo: 03/10/2005 17:19:16 -=- UDL ------= UDL
cr: 28/09/2005 19:51:01 | mo: 28/09/2005 19:51:01 -=- VIEWPO~1 -= Viewpoint
cr: 30/06/2006 18:20:56 | mo: 30/06/2006 18:20:56 -=- WINDOW~1 -= Windows Genuine Advantage
cr: 06/09/2006 21:55:17 | mo: 06/09/2006 21:55:17 -=- WINDOW~2 -= Windows Live Toolbar
cr: 31/10/2006 21:40:23 | mo: 31/10/2006 21:40:23 -=- YAHOO!~2 -= Yahoo! Companion
cr: 29/10/2006 14:07:47 | mo: 31/10/2006 21:40:14 -=- YAHOO!~1 -= Yahoo! Companion(2)
+- C:\Documents and Settings\RICCO\Application Data
cr: 05/04/2006 18:55:33 | mo: 08/04/2006 17:56:38 -=- ABC~1 ----= .ABC
cr: 16/11/2005 20:47:15 | mo: 11/09/2006 11:46:52 -=- Adobe ----= Adobe
cr: 25/11/2005 17:18:09 | mo: 13/01/2007 22:14:21 -=- AdobeUM --= AdobeUM
cr: 30/11/2005 13:39:08 | mo: 30/11/2005 13:39:08 -=- Ahead ----= Ahead
cr: 09/07/2007 17:57:02 | mo: 13/08/2007 20:22:32 -=- APPLEC~1 -= Apple Computer
cr: 23/03/2006 22:37:36 | mo: 24/03/2006 18:17:34 -=- CHESSM~1 -= Chessmaster Challenge
cr: 12/11/2005 21:43:27 | mo: 23/12/2005 19:17:34 -=- CYBERL~1 -= CyberLink
cr: 09/10/2006 22:36:47 | mo: 11/10/2006 20:13:01 -=- DivX -----= DivX
cr: 21/01/2006 20:07:04 | mo: 04/09/2006 20:32:26 -=- Google ---= Google
cr: 07/01/2007 21:38:01 | mo: 10/07/2007 09:39:51 -=- GreyLogo -= GreyLogo
cr: 11/11/2005 21:24:19 | mo: 11/11/2005 21:24:19 -=- Help -----= Help
cr: 28/09/2005 20:09:00 | mo: 16/08/2004 17:19:22 -=- IDENTI~1 -= Identities
cr: 19/08/2006 23:47:28 | mo: 19/08/2006 23:47:28 -=- INSTAL~1 -= InstallShield
cr: 12/11/2005 18:10:26 | mo: 12/11/2005 18:10:26 -=- LEADER~1 -= Leadertech
cr: 28/09/2005 20:43:25 | mo: 28/09/2005 20:43:25 -=- MACROM~1 -= Macromedia
cr: 29/10/2006 00:46:23 | mo: 29/10/2006 00:46:29 -=- MEDIAP~1 -= Media Player Classic
cr: 28/09/2005 20:09:00 | mo: 30/05/2007 17:43:22 -=- MICROS~1 -= Microsoft
cr: 02/03/2007 18:59:53 | mo: 02/03/2007 18:59:53 -=- MICROS~2 -= Microsoft Web Folders
cr: 19/08/2006 23:45:47 | mo: 19/08/2006 23:46:11 -=- Mozilla --= Mozilla
cr: 05/01/2008 00:43:40 | mo: 05/01/2008 00:43:40 -=- PCTOOL~1 -= PC Tools
cr: 28/09/2005 20:09:00 | mo: 07/11/2005 20:07:26 -=- Real -----= Real
cr: 19/03/2007 06:53:21 | mo: 20/03/2007 14:27:29 -=- SCREEN~1 -= Screenshot Sender
cr: 06/07/2007 21:51:30 | mo: 06/07/2007 21:51:30 -=- SIMPLY~1 -= Simply Super Software
cr: 12/11/2005 18:10:54 | mo: 12/11/2005 18:10:54 -=- Sonic ----= Sonic
cr: 28/09/2005 20:09:00 | mo: 28/09/2005 19:45:26 -=- Sun ------= Sun
cr: 28/09/2005 20:09:00 | mo: 28/09/2005 20:10:05 -=- Symantec -= Symantec
cr: 07/09/2006 19:15:30 | mo: 07/09/2006 19:15:30 -=- Talkback -= Talkback
cr: 30/07/2006 22:08:28 | mo: 05/01/2008 11:54:34 -=- uTorrent -= uTorrent
cr: 28/09/2005 20:09:00 | mo: 28/09/2005 19:51:01 -=- YOU'VE~1 -= You've Got Pictures Screensaver
+- C:\Documents and Settings\RICCO\Local Settings\Application Data
cr: 16/11/2005 20:47:45 | mo: 21/07/2006 19:00:08 -=- Adobe ----= Adobe
cr: 15/10/2007 18:14:22 | mo: 15/10/2007 18:14:22 -=- Apple ----= Apple
cr: 04/06/2007 23:24:20 | mo: 13/08/2007 20:22:32 -=- APPLEC~1 -= Apple Computer
cr: 10/09/2006 01:40:48 | mo: 03/02/2007 20:04:26 -=- APPLIC~1 -= ApplicationHistory
cr: 01/02/2006 19:12:52 | mo: 04/09/2006 20:31:52 -=- Google ---= Google
cr: 11/11/2005 21:24:19 | mo: 11/11/2005 21:24:19 -=- Help -----= Help
cr: 30/04/2007 13:09:35 | mo: 30/04/2007 13:09:35 -=- IDENTI~1 -= Identities
cr: 28/09/2005 20:09:00 | mo: 06/01/2008 07:33:22 -=- MICROS~1 -= Microsoft
cr: 30/05/2007 17:08:52 | mo: 30/05/2007 17:08:52 -=- MICROS~2 -= Microsoft Help
cr: 19/08/2006 23:46:11 | mo: 19/08/2006 23:46:11 -=- Mozilla --= Mozilla
cr: 28/09/2005 20:09:00 | mo: 23/12/2005 19:17:41 -=- POWERC~1 -= PowerCinema
cr: 11/01/2006 18:02:43 | mo: 11/01/2006 18:02:43 -=- RCINCI~1 -= RcIncidents
cr: 05/12/2006 21:16:36 | mo: 05/12/2006 21:16:51 -=- V-SAFE~1 -= V-Safe 100
cr: 13/08/2006 11:37:27 | mo: 13/08/2006 11:59:01 -=- WMTOOL~1 -= WMTools Downloaded Files
cr: 28/09/2005 20:09:00 | mo: 28/09/2005 19:45:20 -=- {7148F~1 -= {7148F0A6-6813-11D6-A77B-00B0D0142050}
___________________________________________________________________________
[Listing du dossier Program Files]
+- C:\Program Files
cr: 28/09/2005 19:49:57 | mo: 21/07/2006 18:56:25 -=- Adobe ----= Adobe
cr: 14/11/2005 23:41:47 | mo: 09/01/2006 18:07:47 -=- Ahead ----= Ahead
cr: 12/08/2006 21:13:10 | mo: 12/08/2006 21:13:10 -=- ALWILS~1 -= Alwil Software
cr: 28/09/2005 19:43:05 | mo: 28/09/2005 19:43:06 -=- AMD ------= AMD
cr: 04/06/2007 23:22:28 | mo: 15/10/2007 18:14:21 -=- APPLES~1 -= Apple Software Update
cr: 28/09/2005 19:44:53 | mo: 28/09/2005 19:44:54 -=- AvRack ---= AvRack
cr: 12/08/2006 21:26:25 | mo: 12/08/2006 21:26:27 -=- CCleaner -= CCleaner
cr: 16/08/2004 17:05:15 | mo: 16/08/2004 17:05:16 -=- COMPLU~1 -= ComPlus Applications
cr: 28/09/2005 19:55:35 | mo: 28/09/2005 19:55:35 -=- CYBERL~1 -= CyberLink
cr: 21/01/2007 18:44:54 | mo: 21/01/2007 18:44:54 -=- DESIGN~1 -= DesignSoft
cr: 07/11/2005 20:12:07 | mo: 24/12/2007 14:00:27 -=- DivX -----= DivX
cr: 31/03/2007 19:47:10 | mo: 31/03/2007 19:47:10 -=- eMule ----= eMule
cr: 03/10/2005 17:15:02 | mo: 25/06/2007 18:37:45 -=- EPSON ----= EPSON
cr: 06/01/2008 11:41:29 | mo: 06/01/2008 12:45:01 -=- ESETON~1 -= EsetOnlineScanner
cr: 16/08/2004 16:56:54 | mo: 22/12/2007 01:00:03 -=- FICHIE~1 -= Fichiers communs
cr: 03/10/2005 17:09:27 | mo: 03/10/2005 17:09:27 -=- Free.fr --= Free.fr
cr: 07/11/2005 20:12:14 | mo: 15/06/2007 23:44:26 -=- Google ---= Google
cr: 09/03/2006 22:20:01 | mo: 09/03/2006 22:20:11 -=- HighGrow -= HighGrow
cr: 28/09/2005 19:43:05 | mo: 25/06/2007 18:37:44 -=- INSTAL~1 -= InstallShield Installation Information
cr: 16/08/2004 17:06:01 | mo: 13/12/2007 03:01:25 -=- INTERN~1 -= Internet Explorer
cr: 15/10/2007 18:20:41 | mo: 15/10/2007 18:20:41 -=- iPod -----= iPod
cr: 15/10/2007 18:20:39 | mo: 05/01/2008 00:37:06 -=- iTunes ---= iTunes
cr: 28/09/2005 19:45:19 | mo: 06/10/2007 18:11:21 -=- Java -----= Java
cr: 29/10/2006 00:44:32 | mo: 31/10/2006 22:49:54 -=- K-LITE~1 -= K-Lite Codec Pack
cr: 13/08/2006 14:36:30 | mo: 13/08/2006 14:36:30 -=- Lavalys --= Lavalys
cr: 28/09/2005 19:51:01 | mo: 28/09/2005 19:51:01 -=- Learn2.com --= Learn2.com
cr: 06/01/2008 20:33:27 | mo: 06/01/2008 20:35:12 -=- Lopxp ----= Lopxp
cr: 16/08/2004 17:03:41 | mo: 16/08/2004 17:03:42 -=- MESSEN~1 -= Messenger
cr: 11/03/2006 19:57:23 | mo: 19/03/2006 22:35:03 -=- MI3AA1~1 -= Microsoft ActiveSync
cr: 10/05/2007 02:03:50 | mo: 10/05/2007 02:03:50 -=- MICROS~1.2 -= Microsoft CAPICOM 2.1.0.2
cr: 16/08/2004 17:11:15 | mo: 02/03/2007 18:59:41 -=- MICROS~1 -= microsoft frontpage
cr: 03/10/2005 17:43:48 | mo: 03/10/2005 17:43:48 -=- MICROS~4 -= Microsoft Hardware
cr: 28/09/2005 19:58:13 | mo: 30/05/2007 17:17:49 -=- MICROS~3 -= microsoft office
cr: 30/05/2007 17:31:43 | mo: 30/05/2007 17:31:43 -=- MIAF9D~1 -= Microsoft Visual Studio
cr: 28/09/2005 19:57:40 | mo: 30/05/2007 17:32:25 -=- MICROS~2 -= Microsoft Works
cr: 28/09/2005 19:58:43 | mo: 28/09/2005 19:58:43 -=- MICROS~1.NET -= Microsoft.NET
cr: 16/08/2004 17:06:22 | mo: 16/08/2004 17:06:24 -=- MOVIEM~1 -= Movie Maker
cr: 16/08/2004 17:03:07 | mo: 15/02/2007 19:31:25 -=- MSN ------= MSN
cr: 16/08/2004 17:03:37 | mo: 16/08/2004 17:03:38 -=- MSNGAM~1 -= MSN Gaming Zone
cr: 30/09/2005 19:56:08 | mo: 05/01/2008 00:37:06 -=- MSNMES~1 -= MSN Messenger
cr: 31/10/2006 21:40:21 | mo: 31/10/2006 21:40:21 -=- MSXML4~1.0 -= MSXML 4.0
cr: 16/08/2004 17:06:12 | mo: 16/08/2004 17:06:14 -=- NETMEE~1 -= NetMeeting
cr: 16/08/2004 17:03:53 | mo: 16/08/2004 17:03:54 -=- ONLINE~1 -= Online Services
cr: 16/08/2004 17:06:08 | mo: 13/06/2007 07:26:41 -=- OUTLOO~1 -= Outlook Express
cr: 05/05/2006 20:44:26 | mo: 05/05/2006 20:44:26 -=- Pcb4free -= Pcb4free
cr: 13/08/2007 20:17:49 | mo: 05/01/2008 15:31:26 -=- QUICKT~1 -= QuickTime
cr: 28/09/2005 19:50:47 | mo: 28/09/2005 19:50:47 -=- Real -----= Real
cr: 28/09/2005 19:44:54 | mo: 28/09/2005 19:44:56 -=- REALTE~1 -= Realtek Sound Manager
cr: 03/06/2007 23:08:33 | mo: 03/06/2007 23:10:38 -=- RM-XPL~1.2 -= RM-X Player V4.2
cr: 16/08/2004 17:07:32 | mo: 16/08/2004 17:07:34 -=- SERVIC~1 -= Services en ligne
cr: 28/09/2005 19:56:42 | mo: 28/09/2005 19:59:51 -=- Sonic ----= Sonic
cr: 05/01/2008 00:43:40 | mo: 05/01/2008 15:29:31 -=- SPYWAR~1 -= Spyware Doctor
cr: 11/07/2007 07:46:06 | mo: 11/07/2007 07:46:06 -=- SUNBEL~1 -= Sunbelt Software
cr: 12/08/2006 18:11:14 | mo: 05/01/2008 00:37:07 -=- TOMTOM~1 -= TomTom HOME
cr: 31/12/2007 00:16:40 | mo: 31/12/2007 00:16:40 -=- TRENDM~1 -= Trend Micro
cr: 06/07/2007 21:51:30 | mo: 06/01/2008 11:36:52 -=- TROJAN~1 -= Trojan Remover
cr: 16/08/2004 17:19:05 | mo: 16/08/2004 17:19:06 -=- UNINST~1 -= Uninstall Information
cr: 30/07/2006 22:08:28 | mo: 12/08/2006 14:44:20 -=- utorrent -= utorrent
cr: 07/01/2007 21:20:28 | mo: 07/01/2007 21:24:59 -=- WIE5D0~1 -= Windows Live Safety Center
cr: 31/10/2006 21:40:21 | mo: 30/11/2007 03:00:40 -=- WINDOW~4 -= Windows Live Toolbar
cr: 31/12/2006 15:15:37 | mo: 31/12/2006 15:15:38 -=- WI4DF6~1 -= Windows Media Connect 2
cr: 16/08/2004 17:03:53 | mo: 31/12/2006 15:15:36 -=- WINDOW~2 -= Windows Media Player
cr: 16/08/2004 17:03:05 | mo: 16/08/2004 17:03:06 -=- WINDOW~1 -= Windows NT
cr: 16/08/2004 17:07:41 | mo: 16/08/2004 17:07:42 -=- WINDOW~3 -= WindowsUpdate
cr: 07/12/2005 21:08:24 | mo: 03/09/2006 00:24:54 -=- WinRAR ---= WinRAR
cr: 16/08/2004 17:11:15 | mo: 16/08/2004 17:11:16 -=- xerox ----= xerox
cr: 07/01/2006 22:02:41 | mo: 31/10/2006 21:40:14 -=- Yahoo! ---= Yahoo!
cr: 13/08/2006 17:54:10 | mo: 13/08/2006 18:03:26 -=- YAMP2~1.3 ---= Yamp 2.3
___________________________________________________________________________
[Recherche programmes connus, liés à CiD]
___________________________________________________________________________
[Clés registre de démarrage]
___________________________________________________________________________
[Popups autorisés]
[-] Internet Explorer :
PopupMgr
[-] Mozilla Firefox
[-] Suite Mozilla / SeaMonkey
___________________________________________________________________________
[Suggestion nettoyage registre]
- Aucune suggestion.
- Fin du rapport -
Rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:41:51, on 06/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.118712.fr/sortir.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: {41785fac-f1d1-ac7a-dc34-22562c893abb} - {bba398c2-6522-43cd-a7ca-1d1fcaf58714} - C:\WINDOWS\system32\ihyqgedf.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\Office\OSA9.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
Concernant le pare-feu, j'avais avast mais meme avec ce logiciel, j'ai reussi a étre infecté.
Concernant les raccourcis des sites sur ta reponse, je n'arrive pas à y avoir acces...
Voici les rapports demandés :
Combofix
ComboFix 08-01-04.1 - RICCO 2008-01-06 20:23:40.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1025 [GMT 1:00]
Running from: C:\Documents and Settings\RICCO\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\RICCO\Bureau\CFscript.txt
* Created a new restore point
FILE
C:\WINDOWS\system32\ssqpo.dll.vir
C:\WINDOWS\system32\vmphsowv.dll.vir
C:\WINDOWS\system32\vwoshpmv.ini.vir
C:\WINDOWS\system32\wvuvttt.dll
C:\WINDOWS\system32\wvuvttt.dll.vir
C:\WINDOWS\wkssvr.exe
File::C:\WINDOWS\Tasks\84BA36CF834DAD13.job
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\ssqpo.dll.vir
C:\WINDOWS\system32\vmphsowv.dll.vir
C:\WINDOWS\system32\vwoshpmv.ini.vir
C:\WINDOWS\system32\wvuvttt.dll
C:\WINDOWS\system32\wvuvttt.dll.vir
C:\WINDOWS\wkssvr.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))))))))
.
2008-01-06 11:41 . 2008-01-06 12:45 <REP> d-------- C:\Program Files\EsetOnlineScanner
2008-01-05 10:33 . 2008-01-05 10:33 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-01-05 10:20 . 2008-01-05 10:20 <REP> d-------- C:\VundoFix Backups
2008-01-05 00:43 . 2008-01-05 15:29 <REP> d-------- C:\Program Files\Spyware Doctor
2008-01-05 00:43 . 2008-01-05 00:43 <REP> d-------- C:\Documents and Settings\RICCO\Application Data\PC Tools
2008-01-05 00:43 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-01-05 00:43 . 2008-01-05 00:44 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-05 00:43 . 2008-01-05 00:44 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-05 00:43 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-05 00:43 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-01-01 21:44 . 2008-01-01 21:44 23,600 --a------ C:\WINDOWS\system32\drivers\tvichw32.sys
2007-12-31 00:16 . 2007-12-31 00:16 <REP> d-------- C:\Program Files\Trend Micro
2007-12-31 00:14 . 2007-12-31 00:14 812,344 --a------ C:\Program Files\HJTInstall.exe
2007-12-23 14:50 . 2007-12-23 14:50 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\You've Got Pictures Screensaver
2007-12-11 20:46 . 2007-12-11 20:46 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 20:46 . 2007-12-11 20:46 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-12-11 20:46 . 2007-12-11 20:46 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
2007-12-11 20:46 . 2007-12-11 20:46 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-12-11 20:45 . 2007-12-11 20:45 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-12-11 20:45 . 2007-12-11 20:45 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-12-11 20:43 . 2007-12-11 20:43 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-11 20:43 . 2007-12-11 20:43 8,835 --a--c--- C:\WINDOWS\system32\dpufr.qm
2007-12-11 20:43 . 2007-12-11 20:43 3,162 --a--c--- C:\WINDOWS\system32\dtu_fr.qm
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-06 14:47 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-06 10:36 --------- d-----w C:\Program Files\Trojan Remover
2008-01-05 14:31 --------- d-----w C:\Program Files\QuickTime
2008-01-05 10:54 --------- d-----w C:\Documents and Settings\RICCO\Application Data\uTorrent
2008-01-04 23:37 --------- d-----w C:\Program Files\TomTom HOME
2008-01-04 23:37 --------- d-----w C:\Program Files\MSN Messenger
2008-01-04 23:37 --------- d-----w C:\Program Files\iTunes
2007-12-24 13:00 --------- d-----w C:\Program Files\DivX
2007-12-21 23:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-12-13 02:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-11 19:44 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-11 19:44 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-11 19:44 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-12-11 19:44 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-11 19:44 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-11 19:44 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 19:44 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-12-11 19:44 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 19:44 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll
2007-12-11 19:44 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
2007-12-11 19:44 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-12-11 19:44 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll
2007-12-11 19:44 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-04 14:56 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-30 02:00 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-10 23:49 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:49 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:49 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:49 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:49 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:49 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:49 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:49 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:49 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:49 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:49 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:49 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:49 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:49 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:49 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:49 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:49 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:49 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:49 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:49 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:49 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:49 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 11:00 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 11:00 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-07-06 20:49 6,375,184 ----a-w C:\Program Files\trsetup anti trojan.exe
2007-05-06 13:53 4,943,118 ----a-w C:\Program Files\photo Editor.exe
2006-03-19 21:53 1,107,787 -c--a-w C:\Program Files\wrar351fr.exe
.
((((((((((((((((((((((((((((( snapshot@2008-01-05_15.34.37.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-27 14:49:02 196,683 ----a-w C:\WINDOWS\system32\lnod32apiA.dll
+ 2007-07-27 14:49:02 225,355 ----a-w C:\WINDOWS\system32\lnod32apiW.dll
+ 2005-12-05 19:25:22 139,264 ----a-w C:\WINDOWS\system32\lnod32umc.dll
+ 2005-12-05 12:37:10 106,496 ----a-w C:\WINDOWS\system32\lnod32upd.dll
+ 2007-08-02 17:11:28 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
+ 2007-08-02 17:11:14 241,664 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
+ 2007-08-08 15:30:12 19,456 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
+ 2007-06-13 10:10:34 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
+ 2008-01-06 14:48:07 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_498.dat
+ 2008-01-06 14:47:34 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_560.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bba398c2-6522-43cd-a7ca-1d1fcaf58714}]
C:\WINDOWS\system32\ihyqgedf.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2008-01-04 18:16 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 19:04 77824 C:\WINDOWS\SOUNDMAN.EXE]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2008-01-05 11:58 110740]
"POINTER"="point32.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [ ]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2008-01-05 09:41 1065800]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Microsoft Office.lnk - C:\Program Files\microsoft office\Office\OSA9.EXE [1999-02-17 21:05:56]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
2008-01-05 00:36 737872 --a------ C:\Program Files\Trojan Remover\Trjscan.exe
R0 SI3112r;ATI-437A Serial ATA Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2004-08-27 15:18]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-03-23 22:37]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d6c0c8c-9b74-11dc-82cc-00038a000015}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-06 19:00:00 C:\WINDOWS\Tasks\84BA36CF834DAD13.job"
- c:\docume~1\ricco\applic~1\greylogo\WIPE GLOBAL SEND.exe
"2007-12-24 21:12:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2005-09-28 19:08:51 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-01-06 19:04:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 20:26:48
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-06 20:27:37
ComboFix-quarantined-files.txt 2008-01-06 19:27:34
ComboFix2.txt 2008-01-06 14:25:16
ComboFix3.txt 2008-01-05 14:56:16
ComboFix4.txt 2008-01-05 11:00:54
ComboFix5.txt 2007-12-30 23:41:58
.
2007-12-13 02:03:26 --- E O F ---
Lopxpsetup
Rapport Lopxp fait le 06/01/2008 à 20:35:08
Exécuté dans : C:\Program Files\Lopxp
Liste des processus actifs :
PID : 468 C:\WINDOWS\System32\smss.exe
PID : 520 C:\WINDOWS\system32\csrss.exe
PID : 544 C:\WINDOWS\system32\winlogon.exe
PID : 588 C:\WINDOWS\system32\services.exe
PID : 600 C:\WINDOWS\system32\lsass.exe
PID : 744 C:\WINDOWS\system32\svchost.exe
PID : 804 C:\WINDOWS\system32\svchost.exe
PID : 872 C:\WINDOWS\System32\svchost.exe
PID : 932 C:\WINDOWS\system32\svchost.exe
PID : 1100 C:\WINDOWS\system32\svchost.exe
PID : 1232 C:\WINDOWS\Explorer.EXE
PID : 1320 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PID : 1380 C:\Program Files\Alwil Software\Avast4\ashServ.exe
PID : 1596 C:\WINDOWS\system32\spoolsv.exe
PID : 1848 C:\WINDOWS\SOUNDMAN.EXE
PID : 1884 C:\Apps\Powercinema\PCMService.exe
PID : 1904 C:\Program Files\Spyware Doctor\SDTrayApp.exe
PID : 1924 C:\WINDOWS\system32\ctfmon.exe
PID : 1932 C:\Program Files\MSN Messenger\msnmsgr.exe
PID : 1964 C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
PID : 1976 C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PID : 128 C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID : 164 c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
PID : 204 c:\APPS\Powercinema\Kernel\TV\CLSched.exe
PID : 248 C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
PID : 268 C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
PID : 360 c:\APPS\HIDSERVICE\HIDSERVICE.exe
PID : 752 C:\WINDOWS\system32\nvsvc32.exe
PID : 900 C:\Program Files\Spyware Doctor\svcntaux.exe
PID : 1084 C:\Program Files\Spyware Doctor\swdsvc.exe
PID : 1652 C:\WINDOWS\system32\slserv.exe
PID : 1692 C:\WINDOWS\System32\snmp.exe
PID : 1708 C:\WINDOWS\system32\svchost.exe
PID : 2736 C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PID : 2816 C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PID : 3132 C:\WINDOWS\System32\alg.exe
PID : 3764 C:\Program Files\MSN Messenger\usnsvc.exe
PID : 4052 C:\WINDOWS\system32\wuauclt.exe
PID : 3360 C:\WINDOWS\system32\cmd.exe
PID : 3536 C:\Program Files\Lopxp\tools\pv.exe
___________________________________________________________________________
[Tâches planifiées]
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
Cr : 04/06/2007 à 23:22
Mo : 24/12/2007 à 22:12
Fichier exécuté : C\Program Files\Apple Software Update\SoftwareUpdate.exe -task
C:\WINDOWS\tasks\Rappel d'enregistrement 3.job
Cr : 28/09/2005 à 20:08
Mo : 28/09/2005 à 20:08
Fichier exécuté : C\WINDOWS\system32\OOBE\oobebaln.exe /sys /r /n:3
C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job
Fichier exécuté : C\Program Files\Windows Live Toolbar\MSNTBUP.EXE
C:\WINDOWS\tasks\84BA36CF834DAD13.job
Cr : 28/02/2007 à 09:47
Mo : 06/01/2008 à 20:00
Fichier exécuté : c:\docume~1\ricco\applic~1\greylogo\WIPE GLOBAL SEND.exe
___________________________________________________________________________
[Listing des dossiers Application Data]
cr: Date Création | mo: Date Modification -=- Nom Long -= Nom Court (8.3)
+- C:\Documents and Settings\Administrateur\Application Data
cr: 07/01/2006 20:52:56 | mo: 16/08/2004 17:19:22 -=- IDENTI~1 -= Identities
cr: 07/01/2006 20:52:56 | mo: 16/08/2004 16:54:32 -=- MICROS~1 -= Microsoft
cr: 07/01/2006 20:52:56 | mo: 28/09/2005 19:56:25 -=- Real -----= Real
cr: 07/01/2006 20:52:56 | mo: 28/09/2005 19:45:26 -=- Sun ------= Sun
cr: 07/01/2006 20:52:56 | mo: 28/09/2005 19:53:13 -=- Symantec -= Symantec
cr: 07/01/2006 20:52:56 | mo: 28/09/2005 19:51:01 -=- YOU'VE~1 -= You've Got Pictures Screensaver
+- C:\Documents and Settings\Administrateur\Local Settings\Application Data
cr: 07/01/2006 20:52:56 | mo: 28/09/2005 19:57:39 -=- MICROS~1 -= Microsoft
cr: 07/01/2006 20:52:56 | mo: 28/09/2005 19:55:57 -=- POWERC~1 -= PowerCinema
cr: 07/01/2006 20:52:56 | mo: 28/09/2005 19:45:20 -=- {7148F~1 -= {7148F0A6-6813-11D6-A77B-00B0D0142050}
+- C:\Documents and Settings\All Users\Application Data
cr: 13/01/2007 22:17:05 | mo: 13/01/2007 22:17:05 -=- Adobe ----= Adobe
cr: 28/09/2005 19:50:25 | mo: 06/11/2005 19:56:36 -=- AOL ------= AOL
cr: 13/08/2007 20:21:51 | mo: 13/08/2007 20:21:51 -=- Apple ----= Apple
cr: 04/06/2007 23:22:21 | mo: 15/10/2007 18:20:39 -=- APPLEC~1 -= Apple Computer
cr: 23/03/2006 22:37:08 | mo: 23/03/2006 22:37:08 -=- BOONTY ---= BOONTY
cr: 28/09/2005 19:55:57 | mo: 07/12/2005 17:03:59 -=- CYBERL~1 -= CyberLink
cr: 04/09/2006 20:29:50 | mo: 21/01/2007 18:26:20 -=- Google ---= Google
cr: 07/01/2007 21:40:52 | mo: 07/01/2007 21:40:52 -=- MESSEN~1 -= Messenger Plus!
cr: 16/08/2004 16:54:30 | mo: 12/02/2006 14:57:52 -=- MICROS~1 -= Microsoft
cr: 03/02/2007 16:38:48 | mo: 03/02/2007 16:38:48 -=- MICROS~2 -= Microsoft Corporation
cr: 30/05/2007 17:08:44 | mo: 13/12/2007 03:02:17 -=- MICROS~3 -= Microsoft Help
cr: 17/01/2006 17:43:48 | mo: 22/12/2007 00:56:31 -=- NVIEW_~1 -= nView_Profiles
cr: 28/09/2005 19:50:56 | mo: 07/11/2005 20:25:46 -=- QUICKT~1 -= QuickTime
cr: 16/08/2004 17:28:46 | mo: 16/08/2004 17:28:48 -=- SBSI -----= SBSI
cr: 06/07/2007 21:51:30 | mo: 06/07/2007 21:51:30 -=- SIMPLY~1 -= Simply Super Software
cr: 28/09/2005 19:52:41 | mo: 12/08/2006 23:10:54 -=- Symantec -= Symantec
cr: 06/07/2007 21:52:29 | mo: 06/01/2008 20:30:10 -=- TEMP -----= TEMP
cr: 03/10/2005 17:19:05 | mo: 03/10/2005 17:19:16 -=- UDL ------= UDL
cr: 28/09/2005 19:51:01 | mo: 28/09/2005 19:51:01 -=- VIEWPO~1 -= Viewpoint
cr: 30/06/2006 18:20:56 | mo: 30/06/2006 18:20:56 -=- WINDOW~1 -= Windows Genuine Advantage
cr: 06/09/2006 21:55:17 | mo: 06/09/2006 21:55:17 -=- WINDOW~2 -= Windows Live Toolbar
cr: 31/10/2006 21:40:23 | mo: 31/10/2006 21:40:23 -=- YAHOO!~2 -= Yahoo! Companion
cr: 29/10/2006 14:07:47 | mo: 31/10/2006 21:40:14 -=- YAHOO!~1 -= Yahoo! Companion(2)
+- C:\Documents and Settings\RICCO\Application Data
cr: 05/04/2006 18:55:33 | mo: 08/04/2006 17:56:38 -=- ABC~1 ----= .ABC
cr: 16/11/2005 20:47:15 | mo: 11/09/2006 11:46:52 -=- Adobe ----= Adobe
cr: 25/11/2005 17:18:09 | mo: 13/01/2007 22:14:21 -=- AdobeUM --= AdobeUM
cr: 30/11/2005 13:39:08 | mo: 30/11/2005 13:39:08 -=- Ahead ----= Ahead
cr: 09/07/2007 17:57:02 | mo: 13/08/2007 20:22:32 -=- APPLEC~1 -= Apple Computer
cr: 23/03/2006 22:37:36 | mo: 24/03/2006 18:17:34 -=- CHESSM~1 -= Chessmaster Challenge
cr: 12/11/2005 21:43:27 | mo: 23/12/2005 19:17:34 -=- CYBERL~1 -= CyberLink
cr: 09/10/2006 22:36:47 | mo: 11/10/2006 20:13:01 -=- DivX -----= DivX
cr: 21/01/2006 20:07:04 | mo: 04/09/2006 20:32:26 -=- Google ---= Google
cr: 07/01/2007 21:38:01 | mo: 10/07/2007 09:39:51 -=- GreyLogo -= GreyLogo
cr: 11/11/2005 21:24:19 | mo: 11/11/2005 21:24:19 -=- Help -----= Help
cr: 28/09/2005 20:09:00 | mo: 16/08/2004 17:19:22 -=- IDENTI~1 -= Identities
cr: 19/08/2006 23:47:28 | mo: 19/08/2006 23:47:28 -=- INSTAL~1 -= InstallShield
cr: 12/11/2005 18:10:26 | mo: 12/11/2005 18:10:26 -=- LEADER~1 -= Leadertech
cr: 28/09/2005 20:43:25 | mo: 28/09/2005 20:43:25 -=- MACROM~1 -= Macromedia
cr: 29/10/2006 00:46:23 | mo: 29/10/2006 00:46:29 -=- MEDIAP~1 -= Media Player Classic
cr: 28/09/2005 20:09:00 | mo: 30/05/2007 17:43:22 -=- MICROS~1 -= Microsoft
cr: 02/03/2007 18:59:53 | mo: 02/03/2007 18:59:53 -=- MICROS~2 -= Microsoft Web Folders
cr: 19/08/2006 23:45:47 | mo: 19/08/2006 23:46:11 -=- Mozilla --= Mozilla
cr: 05/01/2008 00:43:40 | mo: 05/01/2008 00:43:40 -=- PCTOOL~1 -= PC Tools
cr: 28/09/2005 20:09:00 | mo: 07/11/2005 20:07:26 -=- Real -----= Real
cr: 19/03/2007 06:53:21 | mo: 20/03/2007 14:27:29 -=- SCREEN~1 -= Screenshot Sender
cr: 06/07/2007 21:51:30 | mo: 06/07/2007 21:51:30 -=- SIMPLY~1 -= Simply Super Software
cr: 12/11/2005 18:10:54 | mo: 12/11/2005 18:10:54 -=- Sonic ----= Sonic
cr: 28/09/2005 20:09:00 | mo: 28/09/2005 19:45:26 -=- Sun ------= Sun
cr: 28/09/2005 20:09:00 | mo: 28/09/2005 20:10:05 -=- Symantec -= Symantec
cr: 07/09/2006 19:15:30 | mo: 07/09/2006 19:15:30 -=- Talkback -= Talkback
cr: 30/07/2006 22:08:28 | mo: 05/01/2008 11:54:34 -=- uTorrent -= uTorrent
cr: 28/09/2005 20:09:00 | mo: 28/09/2005 19:51:01 -=- YOU'VE~1 -= You've Got Pictures Screensaver
+- C:\Documents and Settings\RICCO\Local Settings\Application Data
cr: 16/11/2005 20:47:45 | mo: 21/07/2006 19:00:08 -=- Adobe ----= Adobe
cr: 15/10/2007 18:14:22 | mo: 15/10/2007 18:14:22 -=- Apple ----= Apple
cr: 04/06/2007 23:24:20 | mo: 13/08/2007 20:22:32 -=- APPLEC~1 -= Apple Computer
cr: 10/09/2006 01:40:48 | mo: 03/02/2007 20:04:26 -=- APPLIC~1 -= ApplicationHistory
cr: 01/02/2006 19:12:52 | mo: 04/09/2006 20:31:52 -=- Google ---= Google
cr: 11/11/2005 21:24:19 | mo: 11/11/2005 21:24:19 -=- Help -----= Help
cr: 30/04/2007 13:09:35 | mo: 30/04/2007 13:09:35 -=- IDENTI~1 -= Identities
cr: 28/09/2005 20:09:00 | mo: 06/01/2008 07:33:22 -=- MICROS~1 -= Microsoft
cr: 30/05/2007 17:08:52 | mo: 30/05/2007 17:08:52 -=- MICROS~2 -= Microsoft Help
cr: 19/08/2006 23:46:11 | mo: 19/08/2006 23:46:11 -=- Mozilla --= Mozilla
cr: 28/09/2005 20:09:00 | mo: 23/12/2005 19:17:41 -=- POWERC~1 -= PowerCinema
cr: 11/01/2006 18:02:43 | mo: 11/01/2006 18:02:43 -=- RCINCI~1 -= RcIncidents
cr: 05/12/2006 21:16:36 | mo: 05/12/2006 21:16:51 -=- V-SAFE~1 -= V-Safe 100
cr: 13/08/2006 11:37:27 | mo: 13/08/2006 11:59:01 -=- WMTOOL~1 -= WMTools Downloaded Files
cr: 28/09/2005 20:09:00 | mo: 28/09/2005 19:45:20 -=- {7148F~1 -= {7148F0A6-6813-11D6-A77B-00B0D0142050}
___________________________________________________________________________
[Listing du dossier Program Files]
+- C:\Program Files
cr: 28/09/2005 19:49:57 | mo: 21/07/2006 18:56:25 -=- Adobe ----= Adobe
cr: 14/11/2005 23:41:47 | mo: 09/01/2006 18:07:47 -=- Ahead ----= Ahead
cr: 12/08/2006 21:13:10 | mo: 12/08/2006 21:13:10 -=- ALWILS~1 -= Alwil Software
cr: 28/09/2005 19:43:05 | mo: 28/09/2005 19:43:06 -=- AMD ------= AMD
cr: 04/06/2007 23:22:28 | mo: 15/10/2007 18:14:21 -=- APPLES~1 -= Apple Software Update
cr: 28/09/2005 19:44:53 | mo: 28/09/2005 19:44:54 -=- AvRack ---= AvRack
cr: 12/08/2006 21:26:25 | mo: 12/08/2006 21:26:27 -=- CCleaner -= CCleaner
cr: 16/08/2004 17:05:15 | mo: 16/08/2004 17:05:16 -=- COMPLU~1 -= ComPlus Applications
cr: 28/09/2005 19:55:35 | mo: 28/09/2005 19:55:35 -=- CYBERL~1 -= CyberLink
cr: 21/01/2007 18:44:54 | mo: 21/01/2007 18:44:54 -=- DESIGN~1 -= DesignSoft
cr: 07/11/2005 20:12:07 | mo: 24/12/2007 14:00:27 -=- DivX -----= DivX
cr: 31/03/2007 19:47:10 | mo: 31/03/2007 19:47:10 -=- eMule ----= eMule
cr: 03/10/2005 17:15:02 | mo: 25/06/2007 18:37:45 -=- EPSON ----= EPSON
cr: 06/01/2008 11:41:29 | mo: 06/01/2008 12:45:01 -=- ESETON~1 -= EsetOnlineScanner
cr: 16/08/2004 16:56:54 | mo: 22/12/2007 01:00:03 -=- FICHIE~1 -= Fichiers communs
cr: 03/10/2005 17:09:27 | mo: 03/10/2005 17:09:27 -=- Free.fr --= Free.fr
cr: 07/11/2005 20:12:14 | mo: 15/06/2007 23:44:26 -=- Google ---= Google
cr: 09/03/2006 22:20:01 | mo: 09/03/2006 22:20:11 -=- HighGrow -= HighGrow
cr: 28/09/2005 19:43:05 | mo: 25/06/2007 18:37:44 -=- INSTAL~1 -= InstallShield Installation Information
cr: 16/08/2004 17:06:01 | mo: 13/12/2007 03:01:25 -=- INTERN~1 -= Internet Explorer
cr: 15/10/2007 18:20:41 | mo: 15/10/2007 18:20:41 -=- iPod -----= iPod
cr: 15/10/2007 18:20:39 | mo: 05/01/2008 00:37:06 -=- iTunes ---= iTunes
cr: 28/09/2005 19:45:19 | mo: 06/10/2007 18:11:21 -=- Java -----= Java
cr: 29/10/2006 00:44:32 | mo: 31/10/2006 22:49:54 -=- K-LITE~1 -= K-Lite Codec Pack
cr: 13/08/2006 14:36:30 | mo: 13/08/2006 14:36:30 -=- Lavalys --= Lavalys
cr: 28/09/2005 19:51:01 | mo: 28/09/2005 19:51:01 -=- Learn2.com --= Learn2.com
cr: 06/01/2008 20:33:27 | mo: 06/01/2008 20:35:12 -=- Lopxp ----= Lopxp
cr: 16/08/2004 17:03:41 | mo: 16/08/2004 17:03:42 -=- MESSEN~1 -= Messenger
cr: 11/03/2006 19:57:23 | mo: 19/03/2006 22:35:03 -=- MI3AA1~1 -= Microsoft ActiveSync
cr: 10/05/2007 02:03:50 | mo: 10/05/2007 02:03:50 -=- MICROS~1.2 -= Microsoft CAPICOM 2.1.0.2
cr: 16/08/2004 17:11:15 | mo: 02/03/2007 18:59:41 -=- MICROS~1 -= microsoft frontpage
cr: 03/10/2005 17:43:48 | mo: 03/10/2005 17:43:48 -=- MICROS~4 -= Microsoft Hardware
cr: 28/09/2005 19:58:13 | mo: 30/05/2007 17:17:49 -=- MICROS~3 -= microsoft office
cr: 30/05/2007 17:31:43 | mo: 30/05/2007 17:31:43 -=- MIAF9D~1 -= Microsoft Visual Studio
cr: 28/09/2005 19:57:40 | mo: 30/05/2007 17:32:25 -=- MICROS~2 -= Microsoft Works
cr: 28/09/2005 19:58:43 | mo: 28/09/2005 19:58:43 -=- MICROS~1.NET -= Microsoft.NET
cr: 16/08/2004 17:06:22 | mo: 16/08/2004 17:06:24 -=- MOVIEM~1 -= Movie Maker
cr: 16/08/2004 17:03:07 | mo: 15/02/2007 19:31:25 -=- MSN ------= MSN
cr: 16/08/2004 17:03:37 | mo: 16/08/2004 17:03:38 -=- MSNGAM~1 -= MSN Gaming Zone
cr: 30/09/2005 19:56:08 | mo: 05/01/2008 00:37:06 -=- MSNMES~1 -= MSN Messenger
cr: 31/10/2006 21:40:21 | mo: 31/10/2006 21:40:21 -=- MSXML4~1.0 -= MSXML 4.0
cr: 16/08/2004 17:06:12 | mo: 16/08/2004 17:06:14 -=- NETMEE~1 -= NetMeeting
cr: 16/08/2004 17:03:53 | mo: 16/08/2004 17:03:54 -=- ONLINE~1 -= Online Services
cr: 16/08/2004 17:06:08 | mo: 13/06/2007 07:26:41 -=- OUTLOO~1 -= Outlook Express
cr: 05/05/2006 20:44:26 | mo: 05/05/2006 20:44:26 -=- Pcb4free -= Pcb4free
cr: 13/08/2007 20:17:49 | mo: 05/01/2008 15:31:26 -=- QUICKT~1 -= QuickTime
cr: 28/09/2005 19:50:47 | mo: 28/09/2005 19:50:47 -=- Real -----= Real
cr: 28/09/2005 19:44:54 | mo: 28/09/2005 19:44:56 -=- REALTE~1 -= Realtek Sound Manager
cr: 03/06/2007 23:08:33 | mo: 03/06/2007 23:10:38 -=- RM-XPL~1.2 -= RM-X Player V4.2
cr: 16/08/2004 17:07:32 | mo: 16/08/2004 17:07:34 -=- SERVIC~1 -= Services en ligne
cr: 28/09/2005 19:56:42 | mo: 28/09/2005 19:59:51 -=- Sonic ----= Sonic
cr: 05/01/2008 00:43:40 | mo: 05/01/2008 15:29:31 -=- SPYWAR~1 -= Spyware Doctor
cr: 11/07/2007 07:46:06 | mo: 11/07/2007 07:46:06 -=- SUNBEL~1 -= Sunbelt Software
cr: 12/08/2006 18:11:14 | mo: 05/01/2008 00:37:07 -=- TOMTOM~1 -= TomTom HOME
cr: 31/12/2007 00:16:40 | mo: 31/12/2007 00:16:40 -=- TRENDM~1 -= Trend Micro
cr: 06/07/2007 21:51:30 | mo: 06/01/2008 11:36:52 -=- TROJAN~1 -= Trojan Remover
cr: 16/08/2004 17:19:05 | mo: 16/08/2004 17:19:06 -=- UNINST~1 -= Uninstall Information
cr: 30/07/2006 22:08:28 | mo: 12/08/2006 14:44:20 -=- utorrent -= utorrent
cr: 07/01/2007 21:20:28 | mo: 07/01/2007 21:24:59 -=- WIE5D0~1 -= Windows Live Safety Center
cr: 31/10/2006 21:40:21 | mo: 30/11/2007 03:00:40 -=- WINDOW~4 -= Windows Live Toolbar
cr: 31/12/2006 15:15:37 | mo: 31/12/2006 15:15:38 -=- WI4DF6~1 -= Windows Media Connect 2
cr: 16/08/2004 17:03:53 | mo: 31/12/2006 15:15:36 -=- WINDOW~2 -= Windows Media Player
cr: 16/08/2004 17:03:05 | mo: 16/08/2004 17:03:06 -=- WINDOW~1 -= Windows NT
cr: 16/08/2004 17:07:41 | mo: 16/08/2004 17:07:42 -=- WINDOW~3 -= WindowsUpdate
cr: 07/12/2005 21:08:24 | mo: 03/09/2006 00:24:54 -=- WinRAR ---= WinRAR
cr: 16/08/2004 17:11:15 | mo: 16/08/2004 17:11:16 -=- xerox ----= xerox
cr: 07/01/2006 22:02:41 | mo: 31/10/2006 21:40:14 -=- Yahoo! ---= Yahoo!
cr: 13/08/2006 17:54:10 | mo: 13/08/2006 18:03:26 -=- YAMP2~1.3 ---= Yamp 2.3
___________________________________________________________________________
[Recherche programmes connus, liés à CiD]
___________________________________________________________________________
[Clés registre de démarrage]
___________________________________________________________________________
[Popups autorisés]
[-] Internet Explorer :
PopupMgr
[-] Mozilla Firefox
[-] Suite Mozilla / SeaMonkey
___________________________________________________________________________
[Suggestion nettoyage registre]
- Aucune suggestion.
- Fin du rapport -
Rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:41:51, on 06/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.118712.fr/sortir.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: {41785fac-f1d1-ac7a-dc34-22562c893abb} - {bba398c2-6522-43cd-a7ca-1d1fcaf58714} - C:\WINDOWS\system32\ihyqgedf.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\Office\OSA9.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
Lyonnais92
Messages postés
25159
Date d'inscription
vendredi 23 juin 2006
Statut
Contributeur sécurité
Dernière intervention
16 septembre 2016
1 536
6 janv. 2008 à 22:13
6 janv. 2008 à 22:13
Bonsoir,
Enregistre ce fichier sous le nom CFscript
* Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe : clique sur CFScript, garde le doigt enfoncé et fais glisser la souris pour que l'icone de CFScript recouvre celle de Conbofix. Relache la souris. Combofix va démarrrer
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu,.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
3) Rends toi sur ce site :
https://www.virustotal.com/gui/
Clique sur parcourir et cherche ce fichier : C:\Program Files\Trojan Remover\Trjscan.exe
Clique sur Send File.
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta réponse.
Fais de même avec :
C:\Program Files\QuickTime\QTTask .exe (au passage, dis moi combien, sur ton ordi, tu vois de blanc entre le k de QTTask et le .)
Enregistre ce fichier sous le nom CFscript
* Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe : clique sur CFScript, garde le doigt enfoncé et fais glisser la souris pour que l'icone de CFScript recouvre celle de Conbofix. Relache la souris. Combofix va démarrrer
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu,.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
3) Rends toi sur ce site :
https://www.virustotal.com/gui/
Clique sur parcourir et cherche ce fichier : C:\Program Files\Trojan Remover\Trjscan.exe
Clique sur Send File.
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta réponse.
Fais de même avec :
C:\Program Files\QuickTime\QTTask .exe (au passage, dis moi combien, sur ton ordi, tu vois de blanc entre le k de QTTask et le .)
Lyonnais92
Messages postés
25159
Date d'inscription
vendredi 23 juin 2006
Statut
Contributeur sécurité
Dernière intervention
16 septembre 2016
1 536
6 janv. 2008 à 23:22
6 janv. 2008 à 23:22
Re,
désolé, j'ai des problèmes de suppression intempestifs.
1) Le site de malekal rencontre un souci.
Tu réessayes. Si cela ne fonctionne pas, tu vas ici :
http://kerio.probb.fr/Systemesd-exploitation-c1/Logiciels-et-tutoriels-gratuits-tries-par-categorie-f6/Tutoriel-pour-Kerio-4-version-gratuite-t201.htm
tu as un tuto et un lien pour Kerio.
2) Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\WINDOWS\tasks\84BA36CF834DAD13.job
Folder::
C:\Documents and Settings\RICCO\Application Data\greylogo
Enregistre ce fichier sous le nom CFscript
* Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe : clique sur CFScript, garde le doigt enfoncé et fais glisser la souris pour que l'icone de CFScript recouvre celle de Conbofix. Relache la souris. Combofix va démarrrer
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu,.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
3) Rends toi sur ce site :
https://www.virustotal.com/gui/
Clique sur parcourir et cherche ce fichier : C:\Program Files\Trojan Remover\Trjscan.exe
Clique sur Send File.
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta réponse.
Fais de même avec :
C:\Program Files\QuickTime\QTTask .exe (au passage, dis moi combien, sur ton ordi, tu vois de blanc entre le k de QTTask et le .)
désolé, j'ai des problèmes de suppression intempestifs.
1) Le site de malekal rencontre un souci.
Tu réessayes. Si cela ne fonctionne pas, tu vas ici :
http://kerio.probb.fr/Systemesd-exploitation-c1/Logiciels-et-tutoriels-gratuits-tries-par-categorie-f6/Tutoriel-pour-Kerio-4-version-gratuite-t201.htm
tu as un tuto et un lien pour Kerio.
2) Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\WINDOWS\tasks\84BA36CF834DAD13.job
Folder::
C:\Documents and Settings\RICCO\Application Data\greylogo
Enregistre ce fichier sous le nom CFscript
* Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe : clique sur CFScript, garde le doigt enfoncé et fais glisser la souris pour que l'icone de CFScript recouvre celle de Conbofix. Relache la souris. Combofix va démarrrer
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu,.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
3) Rends toi sur ce site :
https://www.virustotal.com/gui/
Clique sur parcourir et cherche ce fichier : C:\Program Files\Trojan Remover\Trjscan.exe
Clique sur Send File.
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta réponse.
Fais de même avec :
C:\Program Files\QuickTime\QTTask .exe (au passage, dis moi combien, sur ton ordi, tu vois de blanc entre le k de QTTask et le .)