Trojan ssttr.dll
Résolu/Fermé
prosper
-
11 janv. 2008 à 22:54
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 - 13 janv. 2008 à 19:32
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 - 13 janv. 2008 à 19:32
A voir également:
- Trojan ssttr.dll
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Win32 trojan gen - Forum Virus / Sécurité
- Windows defender avertissement de sécurité trojan spyware - Forum Windows 10
- Trojan wacatac ✓ - Forum Virus / Sécurité
- Trojan agent ✓ - Forum Virus / Sécurité
14 réponses
ep44
Messages postés
7393
Date d'inscription
samedi 10 novembre 2007
Statut
Contributeur
Dernière intervention
11 novembre 2010
3
11 janv. 2008 à 23:25
11 janv. 2008 à 23:25
Bonsoir
Télécharge sur le Bureau.
http://www.atribune.org/ccount/click.php?id=4
=> Double-clic VundoFix.exe.
=> Clic OK
=> Attendre le redemarrage de Vundofix
=> Clic Scan for Vundo
=> Le scan est assez long , à la fin
=> Clic Remove Vundo
=> Puis yes
=> Le Bureau disparaît un moment lors de la suppression des fichiers.
=> Message shutdown
=> clic OK
=> Redémarrage auto
=> copier le rapport qui est dans C:vundofix.txt
-------------
ensuite
Télécharge sur le bureau
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
=> Double clic sur VirtumundoBeGone.exe
=> Clic Continue ==> clic Start
=> Clic Oui
=> A la fin si Vundo est présent , le PC s’éteint et redémarre
=> Si Ecran bleu et message : Erreur fatale .. pas de problème
=> Poster le rapport VBG.TXT qui est sur le bureau
ensuite une fois ceci fait refais un rapport hijack
@+
Télécharge sur le Bureau.
http://www.atribune.org/ccount/click.php?id=4
=> Double-clic VundoFix.exe.
=> Clic OK
=> Attendre le redemarrage de Vundofix
=> Clic Scan for Vundo
=> Le scan est assez long , à la fin
=> Clic Remove Vundo
=> Puis yes
=> Le Bureau disparaît un moment lors de la suppression des fichiers.
=> Message shutdown
=> clic OK
=> Redémarrage auto
=> copier le rapport qui est dans C:vundofix.txt
-------------
ensuite
Télécharge sur le bureau
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
=> Double clic sur VirtumundoBeGone.exe
=> Clic Continue ==> clic Start
=> Clic Oui
=> A la fin si Vundo est présent , le PC s’éteint et redémarre
=> Si Ecran bleu et message : Erreur fatale .. pas de problème
=> Poster le rapport VBG.TXT qui est sur le bureau
ensuite une fois ceci fait refais un rapport hijack
@+
Bonjour, voici les rapports:
VundoFix V6.7.7
Checking Java version...
Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.
Scan started at 10:45:04 12/01/2008
Listing files found while scanning....
C:\WINDOWS\system32\agsaame.dll
C:\WINDOWS\system32\gmapvopr.ini
C:\WINDOWS\system32\rpovpamg.dll
C:\WINDOWS\system32\srhcrkfe.dll
C:\WINDOWS\system32\ssttr.exe
Beginning removal...
Attempting to delete C:\WINDOWS\system32\agsaame.dll
C:\WINDOWS\system32\agsaame.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\gmapvopr.ini
C:\WINDOWS\system32\gmapvopr.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\rpovpamg.dll
C:\WINDOWS\system32\rpovpamg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\srhcrkfe.dll
C:\WINDOWS\system32\srhcrkfe.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssttr.exe
C:\WINDOWS\system32\ssttr.exe Has been deleted!
Performing Repairs to the registry.
Done!
Rapport VBG:
[01/12/2008, 11:34:48] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\HP\Bureau\VirtumundoBeGone.exe" )
[01/12/2008, 11:34:53] - Detected System Information:
[01/12/2008, 11:34:53] - Windows Version: 5.1.2600, Service Pack 2
[01/12/2008, 11:34:53] - Current Username: HP (Admin)
[01/12/2008, 11:34:53] - Windows is in NORMAL mode.
[01/12/2008, 11:34:53] - Searching for Browser Helper Objects:
[01/12/2008, 11:34:53] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[01/12/2008, 11:34:53] - BHO 2: {2AC76C17-A2B4-4665-AB23-079B67BF224C} ()
[01/12/2008, 11:34:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/12/2008, 11:34:53] - No filename found. Continuing.
[01/12/2008, 11:34:53] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[01/12/2008, 11:34:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/12/2008, 11:34:53] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[01/12/2008, 11:34:53] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[01/12/2008, 11:34:53] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[01/12/2008, 11:34:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/12/2008, 11:34:53] - No filename found. Continuing.
[01/12/2008, 11:34:53] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[01/12/2008, 11:34:54] - BHO 6: {A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D} ()
[01/12/2008, 11:34:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/12/2008, 11:34:54] - Checking for HKLM\...\Winlogon\Notify\ddcyawv
[01/12/2008, 11:34:54] - Found: HKLM\...\Winlogon\Notify\ddcyawv - This is probably Virtumundo.
[01/12/2008, 11:34:54] - Assigning {A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D} MSEvents Object
[01/12/2008, 11:34:54] - BHO list has been changed! Starting over...
[01/12/2008, 11:34:54] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[01/12/2008, 11:34:54] - BHO 2: {2AC76C17-A2B4-4665-AB23-079B67BF224C} ()
[01/12/2008, 11:34:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/12/2008, 11:34:54] - No filename found. Continuing.
[01/12/2008, 11:34:54] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[01/12/2008, 11:34:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/12/2008, 11:34:54] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[01/12/2008, 11:34:54] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[01/12/2008, 11:34:54] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[01/12/2008, 11:34:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/12/2008, 11:34:54] - No filename found. Continuing.
[01/12/2008, 11:34:54] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[01/12/2008, 11:34:54] - BHO 6: {A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D} (MSEvents Object)
[01/12/2008, 11:34:54] - ALERT: Found MSEvents Object!
[01/12/2008, 11:34:54] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[01/12/2008, 11:34:54] - BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[01/12/2008, 11:34:54] - BHO 9: {bd6b092f-d73f-4b47-8b6e-1f6c35138b91} ()
[01/12/2008, 11:34:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/12/2008, 11:34:54] - Checking for HKLM\...\Winlogon\Notify\srhcrkfe
[01/12/2008, 11:34:54] - Key not found: HKLM\...\Winlogon\Notify\srhcrkfe, continuing.
[01/12/2008, 11:34:54] - Finished Searching Browser Helper Objects
[01/12/2008, 11:34:54] - *** Detected MSEvents Object
[01/12/2008, 11:34:54] - Trying to remove MSEvents Object...
[01/12/2008, 11:34:55] - Terminating Process: IEXPLORE.EXE
[01/12/2008, 11:34:55] - Terminating Process: RUNDLL32.EXE
[01/12/2008, 11:34:55] - Disabling Automatic Shell Restart
[01/12/2008, 11:34:55] - Terminating Process: EXPLORER.EXE
[01/12/2008, 11:34:56] - Suspending the NT Session Manager System Service
[01/12/2008, 11:34:56] - Terminating Windows NT Logon/Logoff Manager
[01/12/2008, 11:39:58] - Re-enabling Automatic Shell Restart
[01/12/2008, 11:39:58] - File to disable: C:\WINDOWS\system32\ddcyawv.dll
[01/12/2008, 11:39:58] - Removing HKLM\...\Browser Helper Objects\{A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D}
[01/12/2008, 11:39:58] - Removing HKCR\CLSID\{A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D}
[01/12/2008, 11:39:59] - Adding Kill Bit for ActiveX for GUID: {A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D}
[01/12/2008, 11:39:59] - Deleting ATLEvents/MSEvents Registry entries
[01/12/2008, 11:39:59] - Removing HKLM\...\Winlogon\Notify\ddcyawv
[01/12/2008, 11:39:59] - Searching for Browser Helper Objects:
[01/12/2008, 11:39:59] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[01/12/2008, 11:39:59] - BHO 2: {2AC76C17-A2B4-4665-AB23-079B67BF224C} ()
[01/12/2008, 11:39:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/12/2008, 11:39:59] - No filename found. Continuing.
[01/12/2008, 11:39:59] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[01/12/2008, 11:39:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/12/2008, 11:39:59] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[01/12/2008, 11:39:59] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[01/12/2008, 11:39:59] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[01/12/2008, 11:39:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/12/2008, 11:39:59] - No filename found. Continuing.
[01/12/2008, 11:39:59] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[01/12/2008, 11:39:59] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[01/12/2008, 11:39:59] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[01/12/2008, 11:39:59] - BHO 8: {bd6b092f-d73f-4b47-8b6e-1f6c35138b91} ()
[01/12/2008, 11:39:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/12/2008, 11:39:59] - Checking for HKLM\...\Winlogon\Notify\srhcrkfe
[01/12/2008, 11:39:59] - Key not found: HKLM\...\Winlogon\Notify\srhcrkfe, continuing.
[01/12/2008, 11:39:59] - Finished Searching Browser Helper Objects
[01/12/2008, 11:39:59] - Finishing up...
[01/12/2008, 11:39:59] - A restart is needed.
[01/12/2008, 11:41:05] - Attempting to Restart via STOP error (Blue Screen!)
Logfile of HijackThis v1.99.1
Scan saved at 11:44:16, on 12/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\HP\Bureau\AVG antispy\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\HP\Bureau\AVG antispy\AVG Anti-Spyware 7.5\avgas .exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\HP\Bureau\AVG antispy\AVG Anti-Spyware 7.5\avgas
.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP\Bureau\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\system32\ssttr.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2AC76C17-A2B4-4665-AB23-079B67BF224C} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1
\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} -
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -
C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: {19b83153-c6f1-e6b8-74b4-f37df290b6db} - {bd6b092f-d73f-4b47-8b6e-
1f6c35138b91} - C:\WINDOWS\system32\srhcrkfe.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05
\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\HP\Bureau\AVG
antispy\AVG Anti-Spyware 7.5\avgas .exe" /minimized
O4 - HKLM\..\Run: [8cb89184] rundll32.exe "C:\WINDOWS\system32\rpovpamg.dll",b
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3
\LXCYtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1
\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program
Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%
\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-
f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
https://www.trendmicro.com/en_us/forHome/products/housecall.html
an53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1
\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1
\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers
communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program
Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and
Settings\HP\Bureau\AVG antispy\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY
Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32
\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -
C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program
Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program
Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity
Solution\ServiceLayer.exe
A+
VundoFix V6.7.7
Checking Java version...
Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.
Scan started at 10:45:04 12/01/2008
Listing files found while scanning....
C:\WINDOWS\system32\agsaame.dll
C:\WINDOWS\system32\gmapvopr.ini
C:\WINDOWS\system32\rpovpamg.dll
C:\WINDOWS\system32\srhcrkfe.dll
C:\WINDOWS\system32\ssttr.exe
Beginning removal...
Attempting to delete C:\WINDOWS\system32\agsaame.dll
C:\WINDOWS\system32\agsaame.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\gmapvopr.ini
C:\WINDOWS\system32\gmapvopr.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\rpovpamg.dll
C:\WINDOWS\system32\rpovpamg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\srhcrkfe.dll
C:\WINDOWS\system32\srhcrkfe.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssttr.exe
C:\WINDOWS\system32\ssttr.exe Has been deleted!
Performing Repairs to the registry.
Done!
Rapport VBG:
[01/12/2008, 11:34:48] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\HP\Bureau\VirtumundoBeGone.exe" )
[01/12/2008, 11:34:53] - Detected System Information:
[01/12/2008, 11:34:53] - Windows Version: 5.1.2600, Service Pack 2
[01/12/2008, 11:34:53] - Current Username: HP (Admin)
[01/12/2008, 11:34:53] - Windows is in NORMAL mode.
[01/12/2008, 11:34:53] - Searching for Browser Helper Objects:
[01/12/2008, 11:34:53] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[01/12/2008, 11:34:53] - BHO 2: {2AC76C17-A2B4-4665-AB23-079B67BF224C} ()
[01/12/2008, 11:34:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/12/2008, 11:34:53] - No filename found. Continuing.
[01/12/2008, 11:34:53] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[01/12/2008, 11:34:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/12/2008, 11:34:53] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[01/12/2008, 11:34:53] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[01/12/2008, 11:34:53] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[01/12/2008, 11:34:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/12/2008, 11:34:53] - No filename found. Continuing.
[01/12/2008, 11:34:53] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[01/12/2008, 11:34:54] - BHO 6: {A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D} ()
[01/12/2008, 11:34:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/12/2008, 11:34:54] - Checking for HKLM\...\Winlogon\Notify\ddcyawv
[01/12/2008, 11:34:54] - Found: HKLM\...\Winlogon\Notify\ddcyawv - This is probably Virtumundo.
[01/12/2008, 11:34:54] - Assigning {A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D} MSEvents Object
[01/12/2008, 11:34:54] - BHO list has been changed! Starting over...
[01/12/2008, 11:34:54] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[01/12/2008, 11:34:54] - BHO 2: {2AC76C17-A2B4-4665-AB23-079B67BF224C} ()
[01/12/2008, 11:34:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/12/2008, 11:34:54] - No filename found. Continuing.
[01/12/2008, 11:34:54] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[01/12/2008, 11:34:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/12/2008, 11:34:54] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[01/12/2008, 11:34:54] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[01/12/2008, 11:34:54] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[01/12/2008, 11:34:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/12/2008, 11:34:54] - No filename found. Continuing.
[01/12/2008, 11:34:54] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[01/12/2008, 11:34:54] - BHO 6: {A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D} (MSEvents Object)
[01/12/2008, 11:34:54] - ALERT: Found MSEvents Object!
[01/12/2008, 11:34:54] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[01/12/2008, 11:34:54] - BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[01/12/2008, 11:34:54] - BHO 9: {bd6b092f-d73f-4b47-8b6e-1f6c35138b91} ()
[01/12/2008, 11:34:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/12/2008, 11:34:54] - Checking for HKLM\...\Winlogon\Notify\srhcrkfe
[01/12/2008, 11:34:54] - Key not found: HKLM\...\Winlogon\Notify\srhcrkfe, continuing.
[01/12/2008, 11:34:54] - Finished Searching Browser Helper Objects
[01/12/2008, 11:34:54] - *** Detected MSEvents Object
[01/12/2008, 11:34:54] - Trying to remove MSEvents Object...
[01/12/2008, 11:34:55] - Terminating Process: IEXPLORE.EXE
[01/12/2008, 11:34:55] - Terminating Process: RUNDLL32.EXE
[01/12/2008, 11:34:55] - Disabling Automatic Shell Restart
[01/12/2008, 11:34:55] - Terminating Process: EXPLORER.EXE
[01/12/2008, 11:34:56] - Suspending the NT Session Manager System Service
[01/12/2008, 11:34:56] - Terminating Windows NT Logon/Logoff Manager
[01/12/2008, 11:39:58] - Re-enabling Automatic Shell Restart
[01/12/2008, 11:39:58] - File to disable: C:\WINDOWS\system32\ddcyawv.dll
[01/12/2008, 11:39:58] - Removing HKLM\...\Browser Helper Objects\{A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D}
[01/12/2008, 11:39:58] - Removing HKCR\CLSID\{A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D}
[01/12/2008, 11:39:59] - Adding Kill Bit for ActiveX for GUID: {A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D}
[01/12/2008, 11:39:59] - Deleting ATLEvents/MSEvents Registry entries
[01/12/2008, 11:39:59] - Removing HKLM\...\Winlogon\Notify\ddcyawv
[01/12/2008, 11:39:59] - Searching for Browser Helper Objects:
[01/12/2008, 11:39:59] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[01/12/2008, 11:39:59] - BHO 2: {2AC76C17-A2B4-4665-AB23-079B67BF224C} ()
[01/12/2008, 11:39:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/12/2008, 11:39:59] - No filename found. Continuing.
[01/12/2008, 11:39:59] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[01/12/2008, 11:39:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/12/2008, 11:39:59] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[01/12/2008, 11:39:59] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[01/12/2008, 11:39:59] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[01/12/2008, 11:39:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/12/2008, 11:39:59] - No filename found. Continuing.
[01/12/2008, 11:39:59] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[01/12/2008, 11:39:59] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[01/12/2008, 11:39:59] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[01/12/2008, 11:39:59] - BHO 8: {bd6b092f-d73f-4b47-8b6e-1f6c35138b91} ()
[01/12/2008, 11:39:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/12/2008, 11:39:59] - Checking for HKLM\...\Winlogon\Notify\srhcrkfe
[01/12/2008, 11:39:59] - Key not found: HKLM\...\Winlogon\Notify\srhcrkfe, continuing.
[01/12/2008, 11:39:59] - Finished Searching Browser Helper Objects
[01/12/2008, 11:39:59] - Finishing up...
[01/12/2008, 11:39:59] - A restart is needed.
[01/12/2008, 11:41:05] - Attempting to Restart via STOP error (Blue Screen!)
Logfile of HijackThis v1.99.1
Scan saved at 11:44:16, on 12/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\HP\Bureau\AVG antispy\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\HP\Bureau\AVG antispy\AVG Anti-Spyware 7.5\avgas .exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\HP\Bureau\AVG antispy\AVG Anti-Spyware 7.5\avgas
.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP\Bureau\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\system32\ssttr.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2AC76C17-A2B4-4665-AB23-079B67BF224C} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1
\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} -
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -
C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: {19b83153-c6f1-e6b8-74b4-f37df290b6db} - {bd6b092f-d73f-4b47-8b6e-
1f6c35138b91} - C:\WINDOWS\system32\srhcrkfe.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05
\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\HP\Bureau\AVG
antispy\AVG Anti-Spyware 7.5\avgas .exe" /minimized
O4 - HKLM\..\Run: [8cb89184] rundll32.exe "C:\WINDOWS\system32\rpovpamg.dll",b
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3
\LXCYtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1
\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program
Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%
\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-
f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
https://www.trendmicro.com/en_us/forHome/products/housecall.html
an53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1
\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1
\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers
communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program
Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and
Settings\HP\Bureau\AVG antispy\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY
Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32
\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -
C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program
Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program
Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity
Solution\ServiceLayer.exe
A+
Re, J'ai plus de pb au démarrage d'avast mais au demarrage de windows il me dit impossible de charger SSTTR et RPOVPAMG.
A+
A+
ep44
Messages postés
7393
Date d'inscription
samedi 10 novembre 2007
Statut
Contributeur
Dernière intervention
11 novembre 2010
3
12 janv. 2008 à 13:59
12 janv. 2008 à 13:59
on continu
Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur combofix,
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
@+
Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur combofix,
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
@+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Voila mon scan:
ComboFix 08-01-11.3 - HP 2008-01-12 18:28:22.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.618 [GMT 1:00]
Running from: C:\Documents and Settings\HP\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\Documents and Settings\HP\Bureau\AVG antispy\AVG Anti-Spyware 7.5\avgas .exe
C:\Documents and Settings\HP\Bureau\AVG antispy\AVG Anti-Spyware 7.5\avgas .exe
C:\Documents and Settings\HP\Bureau\AVG antispy\AVG Anti-Spyware 7.5\avgas .exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\eoyrnfic.ini
C:\WINDOWS\system32\f1
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\r3
C:\WINDOWS\system32\RCXE.tmp
C:\WINDOWS\system32\rttss.ini
C:\WINDOWS\system32\rttss.ini2
C:\WINDOWS\system32\ssttr.dll
C:\WINDOWS\system32\y2
[code] <pre>
C:\Documents and Settings\HP\Bureau\AVG antispy\AVG Anti-Spyware 7.5\avgas .exe ---> avgas.exe
C:\WINDOWS\system32\ctfmon .exe ---> QooBox
</pre> [/code]
.
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-12 to 2008-01-12 ))))))))))))))))))))))))))))))))))))
.
2008-01-12 18:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 10:45 . 2008-01-12 10:45 <REP> d-------- C:\VundoFix Backups
2008-01-11 22:07 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-11 22:07 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-11 22:07 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-11 22:07 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-11 22:07 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-11 22:07 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-11 22:07 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-11 22:07 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-05 13:58 . 2008-01-05 13:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-12-30 11:27 . 2007-12-30 11:27 <REP> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-30 11:27 . 2007-12-30 11:27 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-30 11:27 . 2007-12-30 11:27 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-30 11:27 . 2007-12-30 11:27 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-30 11:02 . 2007-12-30 11:03 <REP> d-------- C:\Documents and Settings\HP\.housecall6.6
2007-12-30 01:51 . 2007-12-30 01:51 <REP> d-------- C:\WINDOWS\system32\ardCo01
2007-12-30 01:51 . 2007-12-30 01:51 <REP> d-------- C:\Temp\cEeer12
2007-12-30 01:51 . 2008-01-12 18:34 <REP> d-------- C:\Temp
2007-12-23 17:45 . 2007-12-23 17:46 <REP> d-------- C:\Program Files\iTunes
2007-12-23 17:45 . 2007-12-23 17:45 <REP> d-------- C:\Program Files\iPod
2007-12-23 17:43 . 2008-01-05 14:36 <REP> d-------- C:\Program Files\QuickTime
2007-12-23 17:42 . 2007-12-23 17:42 <REP> d-------- C:\Program Files\Apple Software Update
2007-12-23 17:41 . 2007-12-23 17:41 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-12-23 17:41 . 2007-12-23 17:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-17 17:18 . 2007-12-17 17:18 <REP> d-------- C:\Program Files\Codemasters
2007-12-17 17:18 . 1999-04-23 22:22 151,552 --a------ C:\WINDOWS\system32\MSOSS.DLL
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-12 17:25 --------- d-----w C:\Documents and Settings\HP\Application Data\Azureus
2008-01-11 21:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-11 20:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-05 10:32 --------- d-----w C:\Program Files\lx_cats
2007-12-24 08:27 --------- d-----w C:\Documents and Settings\HP\Application Data\Apple Computer
2007-12-23 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-23 13:05 --------- d-----w C:\Program Files\Azureus
2007-12-17 16:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-17 08:52 --------- d-----w C:\Documents and Settings\HP\Application Data\OpenOffice.org2
2007-12-09 15:30 --------- d-----w C:\Program Files\Maxis
2007-12-05 21:05 --------- d-----w C:\Documents and Settings\HP\Application Data\Nokia
2007-12-05 21:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2007-12-05 20:40 --------- d-----w C:\Program Files\Nokia
2007-12-05 20:40 --------- d-----w C:\Program Files\Fichiers communs\PCSuite
2007-12-05 20:40 --------- d-----w C:\Program Files\Fichiers communs\Nokia
2007-12-05 20:39 --------- d-----w C:\Program Files\PC Connectivity Solution
2007-12-05 20:39 --------- d-----w C:\Program Files\DIFX
2007-12-05 20:39 --------- d-----w C:\Documents and Settings\HP\Application Data\PC Suite
2007-12-05 20:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2007-12-01 11:21 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-11-22 13:35 --------- d-----w C:\Program Files\Fichiers communs\DirectX
2007-11-22 12:57 --------- d-----w C:\Program Files\EA GAMES
2007-11-18 12:36 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2007-11-15 17:18 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-15 08:13 --------- d-----w C:\Program Files\Spyware Doctor
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-22 18:46 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2007-10-22 18:46 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2007-10-22 18:46 267,845 ----a-w C:\WINDOWS\tsc.exe
2007-10-22 18:46 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
2007-10-22 18:24 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2007-10-22 18:24 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2007-10-22 18:24 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2006-12-22 21:32 47,360 -c--a-w C:\Documents and Settings\HP\Application Data\pcouffin.sys
2006-06-12 13:15 701,511 ----a-w C:\Documents and Settings\reparation\WinsockFix.zip
2006-04-30 16:52 41,384 ----a-w C:\Documents and Settings\HP\Application Data\GDIPFONTCACHEV1.DAT
2006-01-04 20:20 2,897,821 ----a-w C:\Program Files\bsplayer137.826.exe
2005-05-27 13:22 824,832 ----a-w C:\Documents and Settings\Ad-Aware SE Personal\Ad-Aware.exe
2005-05-25 15:08 162,816 ----a-w C:\Documents and Settings\Ad-Aware SE Personal\unregaaw.exe
2003-05-13 09:06 1,445,888 ----a-w C:\Documents and Settings\reparation\WinsockFix.exe
2001-09-28 16:00 164,864 ----a-w C:\Documents and Settings\Ad-Aware SE Personal\UNWISE.EXE
.
[code]<pre>
----a-w 68,856 2008-01-05 10:32:07 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w 32,881 2008-01-05 10:31:55 C:\Program Files\Java\j2re1.4.2_05\bin\jusched .exe
----a-w 286,720 2007-12-30 10:15:35 C:\Program Files\QuickTime\QTTask .exe
----a-w 688,218 2008-01-05 10:31:57 C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w 98,394 2008-01-05 10:31:55 C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
----a-w 919,016 2008-01-05 13:45:54 C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
</pre>[/code]
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bd6b092f-d73f-4b47-8b6e-1f6c35138b91}]
C:\WINDOWS\system32\srhcrkfe.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [ ]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [ ]
"!AVG Anti-Spyware"="C:\Documents and Settings\HP\Bureau\AVG antispy\AVG Anti-Spyware 7.5\avgas .exe" [ ]
"8cb89184"="C:\WINDOWS\system32\rpovpamg.dll" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"LXCYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2005-12-01 19:38 65536]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]]
Source= C:\WINDOWS\warnhp.html
FriendlyName= Desktop Uninstall
R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2005-06-29 01:38]
R3 HidMouse Filter;HidMouse Filter;C:\WINDOWS\system32\Drivers\HidMouse.sys [2004-03-21 22:25]
R3 lxcy_device;lxcy_device;C:\WINDOWS\system32\lxcycoms.exe [2006-02-20 20:23]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2005-12-24 17:40]
S3 el575nd5;Pilote de carte réseau PC Card 3Com Megahertz 10/100 CardBus;C:\WINDOWS\system32\DRIVERS\el575nd5.sys [2001-08-17 19:10]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\Auto\command - C:\meipoidto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL meipoidto.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\Launcher.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{943b53c2-067d-11db-b0b0-00c09f89de2c}]
\Shell\Auto\command - G:\xkfykveze.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL xkfykveze.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0a6f0d7-9ee2-11da-aff4-00c09f89de2c}]
\Shell\AutoRun\command - E:\jedi.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2006-04-29 13:55:20 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1138368217.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-12 18:38:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-12 18:41:55 - machine was rebooted [HP]
ComboFix-quarantined-files.txt 2008-01-12 17:41:51
.
2008-01-10 02:04:56 --- E O F ---
A+
ComboFix 08-01-11.3 - HP 2008-01-12 18:28:22.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.618 [GMT 1:00]
Running from: C:\Documents and Settings\HP\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\Documents and Settings\HP\Bureau\AVG antispy\AVG Anti-Spyware 7.5\avgas .exe
C:\Documents and Settings\HP\Bureau\AVG antispy\AVG Anti-Spyware 7.5\avgas .exe
C:\Documents and Settings\HP\Bureau\AVG antispy\AVG Anti-Spyware 7.5\avgas .exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\eoyrnfic.ini
C:\WINDOWS\system32\f1
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\r3
C:\WINDOWS\system32\RCXE.tmp
C:\WINDOWS\system32\rttss.ini
C:\WINDOWS\system32\rttss.ini2
C:\WINDOWS\system32\ssttr.dll
C:\WINDOWS\system32\y2
[code] <pre>
C:\Documents and Settings\HP\Bureau\AVG antispy\AVG Anti-Spyware 7.5\avgas .exe ---> avgas.exe
C:\WINDOWS\system32\ctfmon .exe ---> QooBox
</pre> [/code]
.
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-12 to 2008-01-12 ))))))))))))))))))))))))))))))))))))
.
2008-01-12 18:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 10:45 . 2008-01-12 10:45 <REP> d-------- C:\VundoFix Backups
2008-01-11 22:07 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-11 22:07 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-11 22:07 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-11 22:07 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-11 22:07 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-11 22:07 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-11 22:07 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-11 22:07 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-05 13:58 . 2008-01-05 13:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-12-30 11:27 . 2007-12-30 11:27 <REP> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-30 11:27 . 2007-12-30 11:27 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-30 11:27 . 2007-12-30 11:27 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-30 11:27 . 2007-12-30 11:27 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-30 11:02 . 2007-12-30 11:03 <REP> d-------- C:\Documents and Settings\HP\.housecall6.6
2007-12-30 01:51 . 2007-12-30 01:51 <REP> d-------- C:\WINDOWS\system32\ardCo01
2007-12-30 01:51 . 2007-12-30 01:51 <REP> d-------- C:\Temp\cEeer12
2007-12-30 01:51 . 2008-01-12 18:34 <REP> d-------- C:\Temp
2007-12-23 17:45 . 2007-12-23 17:46 <REP> d-------- C:\Program Files\iTunes
2007-12-23 17:45 . 2007-12-23 17:45 <REP> d-------- C:\Program Files\iPod
2007-12-23 17:43 . 2008-01-05 14:36 <REP> d-------- C:\Program Files\QuickTime
2007-12-23 17:42 . 2007-12-23 17:42 <REP> d-------- C:\Program Files\Apple Software Update
2007-12-23 17:41 . 2007-12-23 17:41 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-12-23 17:41 . 2007-12-23 17:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-17 17:18 . 2007-12-17 17:18 <REP> d-------- C:\Program Files\Codemasters
2007-12-17 17:18 . 1999-04-23 22:22 151,552 --a------ C:\WINDOWS\system32\MSOSS.DLL
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-12 17:25 --------- d-----w C:\Documents and Settings\HP\Application Data\Azureus
2008-01-11 21:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-11 20:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-05 10:32 --------- d-----w C:\Program Files\lx_cats
2007-12-24 08:27 --------- d-----w C:\Documents and Settings\HP\Application Data\Apple Computer
2007-12-23 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-23 13:05 --------- d-----w C:\Program Files\Azureus
2007-12-17 16:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-17 08:52 --------- d-----w C:\Documents and Settings\HP\Application Data\OpenOffice.org2
2007-12-09 15:30 --------- d-----w C:\Program Files\Maxis
2007-12-05 21:05 --------- d-----w C:\Documents and Settings\HP\Application Data\Nokia
2007-12-05 21:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2007-12-05 20:40 --------- d-----w C:\Program Files\Nokia
2007-12-05 20:40 --------- d-----w C:\Program Files\Fichiers communs\PCSuite
2007-12-05 20:40 --------- d-----w C:\Program Files\Fichiers communs\Nokia
2007-12-05 20:39 --------- d-----w C:\Program Files\PC Connectivity Solution
2007-12-05 20:39 --------- d-----w C:\Program Files\DIFX
2007-12-05 20:39 --------- d-----w C:\Documents and Settings\HP\Application Data\PC Suite
2007-12-05 20:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2007-12-01 11:21 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-11-22 13:35 --------- d-----w C:\Program Files\Fichiers communs\DirectX
2007-11-22 12:57 --------- d-----w C:\Program Files\EA GAMES
2007-11-18 12:36 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2007-11-15 17:18 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-15 08:13 --------- d-----w C:\Program Files\Spyware Doctor
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-22 18:46 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2007-10-22 18:46 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2007-10-22 18:46 267,845 ----a-w C:\WINDOWS\tsc.exe
2007-10-22 18:46 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
2007-10-22 18:24 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2007-10-22 18:24 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2007-10-22 18:24 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2006-12-22 21:32 47,360 -c--a-w C:\Documents and Settings\HP\Application Data\pcouffin.sys
2006-06-12 13:15 701,511 ----a-w C:\Documents and Settings\reparation\WinsockFix.zip
2006-04-30 16:52 41,384 ----a-w C:\Documents and Settings\HP\Application Data\GDIPFONTCACHEV1.DAT
2006-01-04 20:20 2,897,821 ----a-w C:\Program Files\bsplayer137.826.exe
2005-05-27 13:22 824,832 ----a-w C:\Documents and Settings\Ad-Aware SE Personal\Ad-Aware.exe
2005-05-25 15:08 162,816 ----a-w C:\Documents and Settings\Ad-Aware SE Personal\unregaaw.exe
2003-05-13 09:06 1,445,888 ----a-w C:\Documents and Settings\reparation\WinsockFix.exe
2001-09-28 16:00 164,864 ----a-w C:\Documents and Settings\Ad-Aware SE Personal\UNWISE.EXE
.
[code]<pre>
----a-w 68,856 2008-01-05 10:32:07 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w 32,881 2008-01-05 10:31:55 C:\Program Files\Java\j2re1.4.2_05\bin\jusched .exe
----a-w 286,720 2007-12-30 10:15:35 C:\Program Files\QuickTime\QTTask .exe
----a-w 688,218 2008-01-05 10:31:57 C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w 98,394 2008-01-05 10:31:55 C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
----a-w 919,016 2008-01-05 13:45:54 C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
</pre>[/code]
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bd6b092f-d73f-4b47-8b6e-1f6c35138b91}]
C:\WINDOWS\system32\srhcrkfe.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [ ]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [ ]
"!AVG Anti-Spyware"="C:\Documents and Settings\HP\Bureau\AVG antispy\AVG Anti-Spyware 7.5\avgas .exe" [ ]
"8cb89184"="C:\WINDOWS\system32\rpovpamg.dll" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"LXCYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2005-12-01 19:38 65536]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]]
Source= C:\WINDOWS\warnhp.html
FriendlyName= Desktop Uninstall
R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2005-06-29 01:38]
R3 HidMouse Filter;HidMouse Filter;C:\WINDOWS\system32\Drivers\HidMouse.sys [2004-03-21 22:25]
R3 lxcy_device;lxcy_device;C:\WINDOWS\system32\lxcycoms.exe [2006-02-20 20:23]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2005-12-24 17:40]
S3 el575nd5;Pilote de carte réseau PC Card 3Com Megahertz 10/100 CardBus;C:\WINDOWS\system32\DRIVERS\el575nd5.sys [2001-08-17 19:10]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\Auto\command - C:\meipoidto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL meipoidto.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\Launcher.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{943b53c2-067d-11db-b0b0-00c09f89de2c}]
\Shell\Auto\command - G:\xkfykveze.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL xkfykveze.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0a6f0d7-9ee2-11da-aff4-00c09f89de2c}]
\Shell\AutoRun\command - E:\jedi.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2006-04-29 13:55:20 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1138368217.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-12 18:38:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-12 18:41:55 - machine was rebooted [HP]
ComboFix-quarantined-files.txt 2008-01-12 17:41:51
.
2008-01-10 02:04:56 --- E O F ---
A+
ep44
Messages postés
7393
Date d'inscription
samedi 10 novembre 2007
Statut
Contributeur
Dernière intervention
11 novembre 2010
3
12 janv. 2008 à 19:19
12 janv. 2008 à 19:19
selectionne ceci
registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bd6b092f-d73f-4b47-8b6e-1f6c35138b91}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"8cb89184"=-
=> Copie le texte sélectionné (CTRL+C).
=> Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
=> Colle le texte copié dans ce bloc-notes (CTRL+V).
=> Sauvegarde ce fichier sous le nom de CFScript.txt
=> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
=> Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
=> Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
=> Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
=> Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
@+
registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bd6b092f-d73f-4b47-8b6e-1f6c35138b91}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"8cb89184"=-
=> Copie le texte sélectionné (CTRL+C).
=> Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
=> Colle le texte copié dans ce bloc-notes (CTRL+V).
=> Sauvegarde ce fichier sous le nom de CFScript.txt
=> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
=> Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
=> Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
=> Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
=> Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
@+
Voila le rapport combot fix:
ComboFix 08-01-11.3 - HP 2008-01-12 20:13:34.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.562 [GMT 1:00]
Running from: C:\Documents and Settings\HP\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP\Bureau\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-12 to 2008-01-12 ))))))))))))))))))))))))))))))))))))
.
2008-01-12 18:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 10:45 . 2008-01-12 10:45 <REP> d-------- C:\VundoFix Backups
2008-01-11 22:07 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-11 22:07 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-11 22:07 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-11 22:07 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-11 22:07 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-11 22:07 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-11 22:07 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-11 22:07 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-05 13:58 . 2008-01-05 13:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-12-30 11:27 . 2007-12-30 11:27 <REP> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-30 11:27 . 2007-12-30 11:27 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-30 11:27 . 2007-12-30 11:27 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-30 11:27 . 2007-12-30 11:27 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-30 11:02 . 2007-12-30 11:03 <REP> d-------- C:\Documents and Settings\HP\.housecall6.6
2007-12-30 01:51 . 2007-12-30 01:51 <REP> d-------- C:\WINDOWS\system32\ardCo01
2007-12-30 01:51 . 2007-12-30 01:51 <REP> d-------- C:\Temp\cEeer12
2007-12-30 01:51 . 2008-01-12 18:34 <REP> d-------- C:\Temp
2007-12-23 17:45 . 2007-12-23 17:46 <REP> d-------- C:\Program Files\iTunes
2007-12-23 17:45 . 2007-12-23 17:45 <REP> d-------- C:\Program Files\iPod
2007-12-23 17:43 . 2008-01-05 14:36 <REP> d-------- C:\Program Files\QuickTime
2007-12-23 17:42 . 2007-12-23 17:42 <REP> d-------- C:\Program Files\Apple Software Update
2007-12-23 17:41 . 2007-12-23 17:41 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-12-23 17:41 . 2007-12-23 17:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-17 17:18 . 2007-12-17 17:18 <REP> d-------- C:\Program Files\Codemasters
2007-12-17 17:18 . 1999-04-23 22:22 151,552 --a------ C:\WINDOWS\system32\MSOSS.DLL
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-12 17:25 --------- d-----w C:\Documents and Settings\HP\Application Data\Azureus
2008-01-11 21:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-11 20:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-05 10:32 --------- d-----w C:\Program Files\lx_cats
2007-12-24 08:27 --------- d-----w C:\Documents and Settings\HP\Application Data\Apple Computer
2007-12-23 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-23 13:05 --------- d-----w C:\Program Files\Azureus
2007-12-17 16:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-17 08:52 --------- d-----w C:\Documents and Settings\HP\Application Data\OpenOffice.org2
2007-12-09 15:30 --------- d-----w C:\Program Files\Maxis
2007-12-05 21:05 --------- d-----w C:\Documents and Settings\HP\Application Data\Nokia
2007-12-05 21:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2007-12-05 20:40 --------- d-----w C:\Program Files\Nokia
2007-12-05 20:40 --------- d-----w C:\Program Files\Fichiers communs\PCSuite
2007-12-05 20:40 --------- d-----w C:\Program Files\Fichiers communs\Nokia
2007-12-05 20:39 --------- d-----w C:\Program Files\PC Connectivity Solution
2007-12-05 20:39 --------- d-----w C:\Program Files\DIFX
2007-12-05 20:39 --------- d-----w C:\Documents and Settings\HP\Application Data\PC Suite
2007-12-05 20:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2007-12-01 11:21 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-11-22 13:35 --------- d-----w C:\Program Files\Fichiers communs\DirectX
2007-11-22 12:57 --------- d-----w C:\Program Files\EA GAMES
2007-11-18 12:36 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2007-11-15 17:18 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-15 08:13 --------- d-----w C:\Program Files\Spyware Doctor
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-22 18:46 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2007-10-22 18:46 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2007-10-22 18:46 267,845 ----a-w C:\WINDOWS\tsc.exe
2007-10-22 18:46 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
2007-10-22 18:24 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2007-10-22 18:24 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2007-10-22 18:24 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2007-04-23 16:39 16,411,643 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_04_22_13_21_43_full.dmp.zip
2007-04-23 16:39 104,618 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_22_13_14_15_small.dmp.zip
2006-12-22 21:32 47,360 -c--a-w C:\Documents and Settings\HP\Application Data\pcouffin.sys
2006-06-12 13:15 701,511 ----a-w C:\Documents and Settings\reparation\WinsockFix.zip
2006-04-30 16:52 41,384 ----a-w C:\Documents and Settings\HP\Application Data\GDIPFONTCACHEV1.DAT
2006-01-04 20:20 2,897,821 ----a-w C:\Program Files\bsplayer137.826.exe
2005-05-27 13:22 824,832 ----a-w C:\Documents and Settings\Ad-Aware SE Personal\Ad-Aware.exe
2005-05-25 15:08 162,816 ----a-w C:\Documents and Settings\Ad-Aware SE Personal\unregaaw.exe
2003-05-13 09:06 1,445,888 ----a-w C:\Documents and Settings\reparation\WinsockFix.exe
2001-09-28 16:00 164,864 ----a-w C:\Documents and Settings\Ad-Aware SE Personal\UNWISE.EXE
.
[code]<pre>
----a-w 68,856 2008-01-05 10:32:07 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w 32,881 2008-01-05 10:31:55 C:\Program Files\Java\j2re1.4.2_05\bin\jusched .exe
----a-w 286,720 2007-12-30 10:15:35 C:\Program Files\QuickTime\QTTask .exe
----a-w 688,218 2008-01-05 10:31:57 C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w 98,394 2008-01-05 10:31:55 C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
----a-w 919,016 2008-01-05 13:45:54 C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
</pre>[/code]
((((((((((((((((((((((((((((( snapshot@2008-01-12_18.41.37.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-12 17:27:57 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-01-12 19:13:27 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
- 2008-01-12 17:27:57 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-01-12 19:13:27 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-01-12 17:27:58 8,519,680 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
+ 2008-01-12 19:13:28 8,519,680 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
- 2008-01-12 17:27:58 49,152 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
+ 2008-01-12 19:13:28 49,152 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
- 2008-01-12 17:27:58 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
+ 2008-01-12 19:13:28 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
- 2008-01-12 17:27:59 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2008-01-12 19:13:28 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
- 2008-01-12 10:55:02 53,098 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-12 17:42:03 53,098 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-01-12 10:55:02 64,052 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-01-12 17:42:03 64,052 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-01-12 10:55:02 380,684 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-12 17:42:03 380,684 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-01-12 10:55:02 445,672 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-01-12 17:42:03 445,672 ----a-w C:\WINDOWS\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [ ]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [ ]
"!AVG Anti-Spyware"="C:\Documents and Settings\HP\Bureau\AVG antispy\AVG Anti-Spyware 7.5\avgas .exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"LXCYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2005-12-01 19:38 65536]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]]
Source= C:\WINDOWS\warnhp.html
FriendlyName= Desktop Uninstall
R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2005-06-29 01:38]
R3 HidMouse Filter;HidMouse Filter;C:\WINDOWS\system32\Drivers\HidMouse.sys [2004-03-21 22:25]
R3 lxcy_device;lxcy_device;C:\WINDOWS\system32\lxcycoms.exe [2006-02-20 20:23]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2005-12-24 17:40]
S3 el575nd5;Pilote de carte réseau PC Card 3Com Megahertz 10/100 CardBus;C:\WINDOWS\system32\DRIVERS\el575nd5.sys [2001-08-17 19:10]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\Auto\command - C:\meipoidto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL meipoidto.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\Launcher.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{943b53c2-067d-11db-b0b0-00c09f89de2c}]
\Shell\Auto\command - G:\xkfykveze.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL xkfykveze.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0a6f0d7-9ee2-11da-aff4-00c09f89de2c}]
\Shell\AutoRun\command - E:\jedi.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2006-04-29 13:55:20 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1138368217.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-12 20:15:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-12 20:16:05
ComboFix-quarantined-files.txt 2008-01-12 19:15:43
ComboFix2.txt 2008-01-12 17:41:55
.
2008-01-10 02:04:56 --- E O F ---
A+
ComboFix 08-01-11.3 - HP 2008-01-12 20:13:34.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.562 [GMT 1:00]
Running from: C:\Documents and Settings\HP\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP\Bureau\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-12 to 2008-01-12 ))))))))))))))))))))))))))))))))))))
.
2008-01-12 18:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 10:45 . 2008-01-12 10:45 <REP> d-------- C:\VundoFix Backups
2008-01-11 22:07 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-11 22:07 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-11 22:07 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-11 22:07 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-11 22:07 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-11 22:07 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-11 22:07 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-11 22:07 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-05 13:58 . 2008-01-05 13:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-12-30 11:27 . 2007-12-30 11:27 <REP> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-30 11:27 . 2007-12-30 11:27 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-30 11:27 . 2007-12-30 11:27 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-30 11:27 . 2007-12-30 11:27 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-30 11:02 . 2007-12-30 11:03 <REP> d-------- C:\Documents and Settings\HP\.housecall6.6
2007-12-30 01:51 . 2007-12-30 01:51 <REP> d-------- C:\WINDOWS\system32\ardCo01
2007-12-30 01:51 . 2007-12-30 01:51 <REP> d-------- C:\Temp\cEeer12
2007-12-30 01:51 . 2008-01-12 18:34 <REP> d-------- C:\Temp
2007-12-23 17:45 . 2007-12-23 17:46 <REP> d-------- C:\Program Files\iTunes
2007-12-23 17:45 . 2007-12-23 17:45 <REP> d-------- C:\Program Files\iPod
2007-12-23 17:43 . 2008-01-05 14:36 <REP> d-------- C:\Program Files\QuickTime
2007-12-23 17:42 . 2007-12-23 17:42 <REP> d-------- C:\Program Files\Apple Software Update
2007-12-23 17:41 . 2007-12-23 17:41 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-12-23 17:41 . 2007-12-23 17:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-17 17:18 . 2007-12-17 17:18 <REP> d-------- C:\Program Files\Codemasters
2007-12-17 17:18 . 1999-04-23 22:22 151,552 --a------ C:\WINDOWS\system32\MSOSS.DLL
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-12 17:25 --------- d-----w C:\Documents and Settings\HP\Application Data\Azureus
2008-01-11 21:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-11 20:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-05 10:32 --------- d-----w C:\Program Files\lx_cats
2007-12-24 08:27 --------- d-----w C:\Documents and Settings\HP\Application Data\Apple Computer
2007-12-23 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-23 13:05 --------- d-----w C:\Program Files\Azureus
2007-12-17 16:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-17 08:52 --------- d-----w C:\Documents and Settings\HP\Application Data\OpenOffice.org2
2007-12-09 15:30 --------- d-----w C:\Program Files\Maxis
2007-12-05 21:05 --------- d-----w C:\Documents and Settings\HP\Application Data\Nokia
2007-12-05 21:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2007-12-05 20:40 --------- d-----w C:\Program Files\Nokia
2007-12-05 20:40 --------- d-----w C:\Program Files\Fichiers communs\PCSuite
2007-12-05 20:40 --------- d-----w C:\Program Files\Fichiers communs\Nokia
2007-12-05 20:39 --------- d-----w C:\Program Files\PC Connectivity Solution
2007-12-05 20:39 --------- d-----w C:\Program Files\DIFX
2007-12-05 20:39 --------- d-----w C:\Documents and Settings\HP\Application Data\PC Suite
2007-12-05 20:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2007-12-01 11:21 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-11-22 13:35 --------- d-----w C:\Program Files\Fichiers communs\DirectX
2007-11-22 12:57 --------- d-----w C:\Program Files\EA GAMES
2007-11-18 12:36 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2007-11-15 17:18 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-15 08:13 --------- d-----w C:\Program Files\Spyware Doctor
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-22 18:46 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2007-10-22 18:46 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2007-10-22 18:46 267,845 ----a-w C:\WINDOWS\tsc.exe
2007-10-22 18:46 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
2007-10-22 18:24 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2007-10-22 18:24 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2007-10-22 18:24 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2007-04-23 16:39 16,411,643 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_04_22_13_21_43_full.dmp.zip
2007-04-23 16:39 104,618 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_22_13_14_15_small.dmp.zip
2006-12-22 21:32 47,360 -c--a-w C:\Documents and Settings\HP\Application Data\pcouffin.sys
2006-06-12 13:15 701,511 ----a-w C:\Documents and Settings\reparation\WinsockFix.zip
2006-04-30 16:52 41,384 ----a-w C:\Documents and Settings\HP\Application Data\GDIPFONTCACHEV1.DAT
2006-01-04 20:20 2,897,821 ----a-w C:\Program Files\bsplayer137.826.exe
2005-05-27 13:22 824,832 ----a-w C:\Documents and Settings\Ad-Aware SE Personal\Ad-Aware.exe
2005-05-25 15:08 162,816 ----a-w C:\Documents and Settings\Ad-Aware SE Personal\unregaaw.exe
2003-05-13 09:06 1,445,888 ----a-w C:\Documents and Settings\reparation\WinsockFix.exe
2001-09-28 16:00 164,864 ----a-w C:\Documents and Settings\Ad-Aware SE Personal\UNWISE.EXE
.
[code]<pre>
----a-w 68,856 2008-01-05 10:32:07 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w 32,881 2008-01-05 10:31:55 C:\Program Files\Java\j2re1.4.2_05\bin\jusched .exe
----a-w 286,720 2007-12-30 10:15:35 C:\Program Files\QuickTime\QTTask .exe
----a-w 688,218 2008-01-05 10:31:57 C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w 98,394 2008-01-05 10:31:55 C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
----a-w 919,016 2008-01-05 13:45:54 C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
</pre>[/code]
((((((((((((((((((((((((((((( snapshot@2008-01-12_18.41.37.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-12 17:27:57 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-01-12 19:13:27 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
- 2008-01-12 17:27:57 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-01-12 19:13:27 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-01-12 17:27:58 8,519,680 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
+ 2008-01-12 19:13:28 8,519,680 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
- 2008-01-12 17:27:58 49,152 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
+ 2008-01-12 19:13:28 49,152 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
- 2008-01-12 17:27:58 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
+ 2008-01-12 19:13:28 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
- 2008-01-12 17:27:59 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2008-01-12 19:13:28 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
- 2008-01-12 10:55:02 53,098 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-12 17:42:03 53,098 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-01-12 10:55:02 64,052 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-01-12 17:42:03 64,052 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-01-12 10:55:02 380,684 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-12 17:42:03 380,684 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-01-12 10:55:02 445,672 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-01-12 17:42:03 445,672 ----a-w C:\WINDOWS\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [ ]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [ ]
"!AVG Anti-Spyware"="C:\Documents and Settings\HP\Bureau\AVG antispy\AVG Anti-Spyware 7.5\avgas .exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"LXCYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2005-12-01 19:38 65536]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]]
Source= C:\WINDOWS\warnhp.html
FriendlyName= Desktop Uninstall
R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2005-06-29 01:38]
R3 HidMouse Filter;HidMouse Filter;C:\WINDOWS\system32\Drivers\HidMouse.sys [2004-03-21 22:25]
R3 lxcy_device;lxcy_device;C:\WINDOWS\system32\lxcycoms.exe [2006-02-20 20:23]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2005-12-24 17:40]
S3 el575nd5;Pilote de carte réseau PC Card 3Com Megahertz 10/100 CardBus;C:\WINDOWS\system32\DRIVERS\el575nd5.sys [2001-08-17 19:10]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\Auto\command - C:\meipoidto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL meipoidto.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\Launcher.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{943b53c2-067d-11db-b0b0-00c09f89de2c}]
\Shell\Auto\command - G:\xkfykveze.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL xkfykveze.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0a6f0d7-9ee2-11da-aff4-00c09f89de2c}]
\Shell\AutoRun\command - E:\jedi.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2006-04-29 13:55:20 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1138368217.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-12 20:15:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-12 20:16:05
ComboFix-quarantined-files.txt 2008-01-12 19:15:43
ComboFix2.txt 2008-01-12 17:41:55
.
2008-01-10 02:04:56 --- E O F ---
A+
ep44
Messages postés
7393
Date d'inscription
samedi 10 novembre 2007
Statut
Contributeur
Dernière intervention
11 novembre 2010
3
12 janv. 2008 à 21:17
12 janv. 2008 à 21:17
refais hijack stp
Dsl, voila le rapport hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 03:41:03, on 13/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\HP\Bureau\AVG antispy\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Azureus\Azureus.exe
C:\Documents and Settings\HP\Bureau\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\HP\Bureau\AVG antispy\AVG Anti-Spyware 7.5\avgas .exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\HP\Bureau\AVG antispy\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
Logfile of HijackThis v1.99.1
Scan saved at 03:41:03, on 13/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\HP\Bureau\AVG antispy\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Azureus\Azureus.exe
C:\Documents and Settings\HP\Bureau\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\HP\Bureau\AVG antispy\AVG Anti-Spyware 7.5\avgas .exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\HP\Bureau\AVG antispy\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
ep44
Messages postés
7393
Date d'inscription
samedi 10 novembre 2007
Statut
Contributeur
Dernière intervention
11 novembre 2010
3
13 janv. 2008 à 11:22
13 janv. 2008 à 11:22
Bonjour
Regarde ce lien.
http://www.commentcamarche.net/faq/sujet 3446 windows xp mon pc rame que faire
Suit les étapes de ce lien, une fois fait redémarre ton pc et dit moi si tu as encore des soucis
@+
Regarde ce lien.
http://www.commentcamarche.net/faq/sujet 3446 windows xp mon pc rame que faire
Suit les étapes de ce lien, une fois fait redémarre ton pc et dit moi si tu as encore des soucis
@+
ep44
Messages postés
7393
Date d'inscription
samedi 10 novembre 2007
Statut
Contributeur
Dernière intervention
11 novembre 2010
3
13 janv. 2008 à 13:43
13 janv. 2008 à 13:43
Tu peux supprimer tous les logiciels que nous avons utilisés
va dans ajout/suppression de programes et dans programmes files
pour vérifier
ensuite fais ceci (IMPORTANT)
=> démarrer
=> panneau de configuration
=> système
=> onglet Restauration système
=> coche la case (Désactiver la restauration système)
=> redémarre l'ordinateur
=> réactive la ensuite
-------------------------------------------
Logiciels intéressants a avoir
=>CCleaner
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
tuto
https://forums.cnetfrance.fr
=> Ad-aware SE (scan passif )
https://www.google.com ou http://www.lavasoft.de/support/download/#free
Tutos :
http://home.tiscali.be/schouppeguy/adawarese/adawase.htm
=> SpyBot-Search & Destroy 1.5 (scan passif + protection préventive avec ces 2 résidents, ses vaccinations et sa list Hosts )
https://www.safer-networking.org/download/
démo d utilisation
http://perso.orange.fr/rginformatique/section%20virus/demo%20spybot.htm
https://www.malekal.com/spybot-search-destroy-proteger-desinfecter-pc-virus/
Tuto :
http://perso.orange.fr/jesses/Docs/Logiciels/Spybot.htm
=> a² free (anti-trojans) (scan passif )
- Téléchargement : https://www.emsisoft.com/fr/home/antimalware/
- Tuto : http://perso.orange.fr/jesses/Docs/Logiciels/a-squared.htm
=> ZebProtect (application ne nécessitant pas d installation)
https://www.zebulon.fr/dossiers/autres/40-zebprotect.html
http://telechargement.zebulon.fr/123.html
@+
va dans ajout/suppression de programes et dans programmes files
pour vérifier
ensuite fais ceci (IMPORTANT)
=> démarrer
=> panneau de configuration
=> système
=> onglet Restauration système
=> coche la case (Désactiver la restauration système)
=> redémarre l'ordinateur
=> réactive la ensuite
-------------------------------------------
Logiciels intéressants a avoir
=>CCleaner
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
tuto
https://forums.cnetfrance.fr
=> Ad-aware SE (scan passif )
https://www.google.com ou http://www.lavasoft.de/support/download/#free
Tutos :
http://home.tiscali.be/schouppeguy/adawarese/adawase.htm
=> SpyBot-Search & Destroy 1.5 (scan passif + protection préventive avec ces 2 résidents, ses vaccinations et sa list Hosts )
https://www.safer-networking.org/download/
démo d utilisation
http://perso.orange.fr/rginformatique/section%20virus/demo%20spybot.htm
https://www.malekal.com/spybot-search-destroy-proteger-desinfecter-pc-virus/
Tuto :
http://perso.orange.fr/jesses/Docs/Logiciels/Spybot.htm
=> a² free (anti-trojans) (scan passif )
- Téléchargement : https://www.emsisoft.com/fr/home/antimalware/
- Tuto : http://perso.orange.fr/jesses/Docs/Logiciels/a-squared.htm
=> ZebProtect (application ne nécessitant pas d installation)
https://www.zebulon.fr/dossiers/autres/40-zebprotect.html
http://telechargement.zebulon.fr/123.html
@+
ep44
Messages postés
7393
Date d'inscription
samedi 10 novembre 2007
Statut
Contributeur
Dernière intervention
11 novembre 2010
3
13 janv. 2008 à 19:32
13 janv. 2008 à 19:32
avec plaisir ;-)