Hijackthis: analyser svp
guyjoc
Messages postés
9
Statut
Membre
-
Pi_Xi Messages postés 2274 Statut Membre -
Pi_Xi Messages postés 2274 Statut Membre -
Bonjour,
ComboFix 08-01-17.5 - guy 2008-01-17 23:58:08.3 - NTFSx86
Running from: C:\Documents and Settings\guy\Mes documents\Mes fichiers reçus\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\stsru.ini
C:\WINDOWS\system32\stsru.ini2
C:\WINDOWS\system32\ursts.dll
C:\WINDOWS\system32\ursts.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-18 to 2008-01-18 ))))))))))))))))))))))))))))))))))))
.
2008-01-18 00:08 . 2008-01-18 00:08 330,816 -----c--- C:\WINDOWS\system32\ursts.dll
2008-01-18 00:08 . 2008-01-18 00:12 321 --ahsc--- C:\WINDOWS\system32\stsru.ini
2008-01-17 21:48 . 2008-01-17 21:48 <REP> d----c--- C:\Program Files\Microsoft Windows OneCare Live
2008-01-17 16:07 . 2008-01-17 17:30 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-17 15:36 . 2008-01-17 15:36 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-17 15:35 . 2008-01-17 15:35 <REP> d----c--- C:\Program Files\Windows Live
2008-01-17 15:35 . 2008-01-17 17:46 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-17 14:51 . 2008-01-17 14:52 330,816 -----c--- C:\WINDOWS\system32\ursts.dll_old
2008-01-17 12:05 . 2008-01-18 00:11 2,476,032 --a--c--- C:\WINDOWS\UpdReg.EXE
2008-01-17 11:59 . 2000-08-31 08:00 58,368 --a--c--- C:\WINDOWS\NirCmd.exe
2008-01-17 10:34 . 2008-01-17 23:39 <REP> d----c--- C:\VundoFix Backups
2008-01-17 10:31 . 2008-01-17 10:31 5,376 --a--c--- C:\WINDOWS\system32\drivers\MS1000.sys
2008-01-17 10:30 . 2008-01-17 11:53 <REP> d----c--- C:\Program Files\The Cleaner Free
2008-01-17 09:57 . 2008-01-17 09:57 22,528 --a--c--- C:\WINDOWS\system32\ctfmon .exe
2008-01-17 08:11 . 2008-01-17 09:36 <REP> d----c--- C:\Program Files\Microsoft IEAK 7
2008-01-17 01:18 . 2008-01-17 01:18 <REP> d----c--- C:\Program Files\AxBx
2008-01-16 21:16 . 2008-01-17 09:47 <REP> d----c--- C:\Program Files\PC Inspector File Recovery
2008-01-16 16:43 . 2008-01-16 16:43 19,456 -----c--- C:\WINDOWS\system32\wupeng .exe
2008-01-16 16:42 . 2008-01-17 23:42 1,800,192 --a--c--- C:\WINDOWS\UpdReg .EXE
2008-01-16 16:42 . 2008-01-17 09:56 413,184 --a--c--- C:\WINDOWS\system32\PSDrvCheck .exe
2008-01-16 16:42 . 2008-01-16 16:41 351,232 --a--c--- C:\WINDOWS\system32\OLD5D.tmp
2008-01-16 15:47 . 2004-08-19 18:09 22,528 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-16 15:33 . 2008-01-16 15:33 54,764 --a--c--- C:\WINDOWS\system32\dxdss.sys
2008-01-16 15:33 . 2008-01-16 15:33 0 --a--c--- C:\-318790359
2008-01-16 15:32 . 2008-01-16 15:32 103,424 --a--c--- C:\WINDOWS\system32\drvvap.dll
2008-01-16 15:20 . 2005-07-29 16:12 2,985,984 -----c--- C:\WINDOWS\UNRecode.exe
2008-01-16 15:20 . 2005-11-15 10:28 56,404 -----c--- C:\WINDOWS\UNRecode.cfg
2008-01-16 14:41 . 2008-01-16 15:17 <REP> d----c--- C:\Program Files\WinAVI Video Converter
2008-01-16 10:54 . 2008-01-16 10:54 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\ViceVersa PRO 2
2008-01-16 10:47 . 2008-01-16 11:02 <REP> d----c--- C:\Program Files\Cobian Backup 8
2007-12-21 19:08 . 2007-12-21 19:08 <REP> d----c--- C:\Program Files\Deer Hunter
2007-12-21 19:08 . 2007-12-21 19:09 4,058 --a--c--- C:\WINDOWS\DeIsL1.isu
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-18 05:12 --------- dc----w C:\Program Files\iTunes
2008-01-17 22:56 --------- dc----w C:\Program Files\MétéoMédia
2008-01-17 20:30 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-01-17 20:25 --------- dc----w C:\Program Files\MSN Messenger
2008-01-17 14:50 --------- dc----w C:\Program Files\Fichiers communs\LightScribe
2008-01-17 14:46 --------- dc----w C:\Program Files\Bell
2008-01-17 05:15 --------- dc----w C:\Documents and Settings\guy\Application Data\Uniblue
2008-01-17 04:12 4,313,678 -c--a-w C:\WINDOWS\java\Packages\JFVLJTNB.ZIP
2008-01-16 23:05 --------- dc----w C:\Program Files\Ahead
2008-01-16 23:03 --------- dc----w C:\Documents and Settings\guy\Application Data\Ahead
2008-01-16 23:03 --------- dc----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-01-16 20:20 --------- dc----w C:\Program Files\Fichiers communs\Ahead
2007-12-20 02:44 12,428 -c--a-w C:\Documents and Settings\guy\Application Data\ViewerApp.dat
2007-12-19 20:47 --------- dc----w C:\Program Files\LimeWire
2007-12-19 20:40 --------- dc----w C:\Program Files\Incomplete
2007-12-19 02:35 --------- dc----w C:\Documents and Settings\guy\Application Data\LimeWire
2007-12-14 00:56 --------- dc----w C:\Program Files\iPod
2007-12-14 00:28 --------- dc----w C:\Program Files\Apple Software Update
2007-12-14 00:26 --------- dc----w C:\Program Files\Fichiers communs\Apple
2007-12-14 00:26 --------- dc----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-10 18:47 --------- dc----w C:\Program Files\F2atv_Forums
2007-11-11 15:53 53,248 -c--a-w C:\WINDOWS\NCUNINST.EXE
2007-11-07 09:50 733,696 -c--a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 -c--a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 14:28 222,720 -c--a-w C:\WINDOWS\system32\wmasf.dll
2007-09-07 21:34 47,360 -c--a-w C:\Documents and Settings\guy\Application Data\pcouffin.sys
2006-03-18 01:48 95 -c--a-w C:\Program Files\satsukidecodersettings.ini
2005-12-27 02:43 2,148 -c--a-w C:\Program Files\INSTALL.LOG
2003-01-31 16:08 77,444 -c----w C:\WINDOWS\inf\setup\bcr.exe
2003-01-31 16:08 50,934 -c----w C:\WINDOWS\inf\ssdsl3x\drivers\vvpciusb.sys
2003-01-31 16:08 50,911 -c----w C:\WINDOWS\inf\ssdsl3x\drivers\vvbususb.sys
2003-01-31 16:08 49,296 -c----w C:\WINDOWS\inf\setup\efnt16.dll
2003-01-31 16:08 49,152 -c----w C:\WINDOWS\inf\enclss32.dll
2003-01-31 16:08 32,768 -c----w C:\WINDOWS\inf\setup\efnt32.dll
2003-01-31 16:08 3,698,688 -c----w C:\WINDOWS\inf\setup.exe
2003-01-31 16:08 28,005 -c----w C:\WINDOWS\inf\ssdsl3x\drivers\enethusb.sys
2003-01-31 16:08 241,664 -c----w C:\WINDOWS\inf\setup\bohica.dll
2003-01-31 16:08 23,560 -c----w C:\WINDOWS\inf\enclss16.dll
2003-01-31 16:08 163,840 -c----w C:\WINDOWS\inf\setup\enisnmp.dll
2003-01-31 16:08 163,840 -c----w C:\WINDOWS\inf\setup\efntsw.dll
2003-01-31 16:08 163,840 -c----w C:\WINDOWS\inf\setup\ClearMB.exe
2003-01-31 16:08 159,744 -c----w C:\WINDOWS\inf\setup\l2xpdrv.dll
2003-01-31 16:08 159,744 -c----w C:\WINDOWS\inf\setup\csshim.dll
2003-01-31 16:08 155,648 -c----w C:\WINDOWS\inf\setup\prox.dll
2003-01-31 16:08 155,648 -c----w C:\WINDOWS\inf\setup\efntos2k.dll
2003-01-31 16:08 15,332 -c----w C:\WINDOWS\inf\ssdsl3x\drivers\vvbeth.sys
2003-01-31 16:08 15,309 -c----w C:\WINDOWS\inf\ssdsl3x\drivers\vvbetht.sys
2003-01-31 16:08 147,456 -c----w C:\WINDOWS\inf\setup\efntos9x.dll
2003-01-31 16:08 143,360 -c----w C:\WINDOWS\inf\setup\EnCmnSvr.exe
2003-01-31 16:08 139,264 -c----w C:\WINDOWS\inf\setup\enicommon.dll
2003-01-31 16:08 126,976 -c----w C:\WINDOWS\inf\setup\defdel.exe
2003-01-31 16:08 122,880 -c----w C:\WINDOWS\inf\setup\efntos.dll
2003-01-31 16:08 122,880 -c----w C:\WINDOWS\inf\setup\efntnio.dll
2002-06-04 09:06 75,760 -c----w C:\WINDOWS\inf\copyinf.exe
1998-08-24 17:09 17,168 -c--a-w C:\WINDOWS\inf\unregpn.exe
.
[code]<pre>
-c--a-w 1,748,480 2008-01-18 05:09:09 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
-c--a-w 1,087,488 2008-01-18 04:41:59 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
-c--a-w 1,101,312 2008-01-18 05:08:59 C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
-c--a-w 1,702,912 2008-01-18 05:09:45 C:\Program Files\Bell\Gestionnaire de securite\Rps .exe
-c--a-w 1,380,864 2008-01-18 05:10:06 C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR .exe
-c--a-w 3,454,464 2008-01-18 05:09:53 C:\Program Files\Bell\Sympatico Security Advisor\SSA .exe
-c--a-w 2,167,808 2008-01-18 05:10:39 C:\Program Files\Creative\MediaSource\Detector\CTDetect .exe
-c--a-w 1,095,168 2008-01-18 05:08:59 C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol .exe
-c--a-w 2,168,832 2008-01-18 05:10:08 C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq .exe
-c--a-w 1,382,912 2008-01-18 05:10:04 C:\Program Files\iTunes\iTunesHelper .exe
-c--a-w 1,161,216 2008-01-18 05:09:14 C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe
-c--a-w 2,029,568 2008-01-18 05:10:07 C:\Program Files\K-Lite Codec Pack\QuickTime\qttask .exe
-c--a-w 2,363,904 2008-01-18 05:12:11 C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask .exe
-c--a-w 777,728 2008-01-17 17:25:23 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
-c--a-w 6,388,736 2008-01-17 20:19:24 C:\Program Files\MSN Messenger\MsnMsgr .Exe
-c--a-w 5,931,520 2008-01-17 22:29:34 C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye .exe
-c--a-w 5,248,512 2008-01-18 04:44:13 C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye .exe
-c--a-w 1,421,312 2008-01-18 05:08:59 C:\Program Files\NetAssistant\SmartBridge\MotiveSB .exe
-c--a-w 1,204,224 2008-01-18 05:08:55 C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd .exe
-c--a-w 1,197,056 2008-01-18 05:08:55 C:\Program Files\Saitek\Software\Profiler .exe
-c--a-w 1,112,576 2008-01-18 05:08:50 C:\Program Files\Saitek\Software\SaiSmart .exe
-c--a-w 1,805,824 2008-01-18 05:10:43 C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
-c--a-w 1,070,592 2008-01-18 05:08:38 C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor .exe
-c--a-w 1,082,880 2008-01-18 05:08:44 C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor .exe
-c--a-w 1,800,192 2008-01-18 04:42:53 C:\WINDOWS\UpdReg .EXE
-c--a-w 22,528 2008-01-17 14:57:42 C:\WINDOWS\system32\ctfmon .exe
-c--a-w 413,184 2008-01-17 14:56:50 C:\WINDOWS\system32\PSDrvCheck .exe
-c----w 19,456 2008-01-16 21:43:27 C:\WINDOWS\system32\wupeng .exe
</pre>[/code]
((((((((((((((((((((((((((((( snapshot_2008-01-17_15.03.40.58 )))))))))))))))))))))))))))))))))))))))))
.
- 2003-03-16 06:02:00 48,640 -c--a-w C:\WINDOWS\system32\cd_clint.dll
+ 2007-04-19 21:42:14 54,440 -c--a-w C:\WINDOWS\system32\cd_clint.dll
- 2008-01-17 19:12:37 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-01-18 05:06:53 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-01-17 19:12:37 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-01-18 05:06:53 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-01-17 19:12:37 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-18 05:06:53 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2004-08-19 23:10:07 19,968 -c--a-w C:\WINDOWS\system32\ssbezier.scr
+ 2004-08-19 23:10:07 27,136 -c--a-w C:\WINDOWS\system32\ssbezier.scr
- 2004-08-19 23:10:07 20,992 -c--a-w C:\WINDOWS\system32\ssmarque.scr
+ 2004-08-19 23:10:07 28,160 -c--a-w C:\WINDOWS\system32\ssmarque.scr
- 2004-08-19 23:10:07 18,944 -c--a-w C:\WINDOWS\system32\ssmyst.scr
+ 2004-08-19 23:10:07 26,112 -c--a-w C:\WINDOWS\system32\ssmyst.scr
- 2003-01-13 14:55:40 106,496 -c----w C:\WINDOWS\UPSCR.Scr
+ 2003-01-13 14:55:40 114,688 -c----w C:\WINDOWS\UPSCR.Scr
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0ff9a677-542a-481d-a6d6-3fa32d8a806d}]
2007-12-10 13:46 1510424 --a--c--- C:\Program Files\F2atv_Forums\tbF2at.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CB1B6AC-4446-49BA-A48D-43747B18B215}]
2008-01-18 00:08 330816 -----c--- C:\WINDOWS\system32\ursts.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{0FF9A677-542A-481D-A6D6-3FA32D8A806D}
[HKEY_CLASSES_ROOT\clsid\{0ff9a677-542a-481d-a6d6-3fa32d8a806d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0FF9A677-542A-481D-A6D6-3FA32D8A806D}"= C:\Program Files\F2atv_Forums\tbF2at.dll [2007-12-10 13:46 1510424]
[HKEY_CLASSES_ROOT\clsid\{0ff9a677-542a-481d-a6d6-3fa32d8a806d}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [ ]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [ ]
"Start WingMan Profiler"="" []
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe" [ ]
"MtdAcq"="C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe" [2008-01-18 00:08 2503168]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2008-01-18 00:09 2502144]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-18 00:09 2147328]
"WeatherEye"="C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2008-01-18 00:09 1763328]
"Windows Automation"="mslaugh.exe" []
"Ulead Memory Card Detector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe" [2008-01-18 00:10 1412096]
"Ulead AutoDetector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2008-01-18 00:10 1424384]
"SaiSmart"="C:\Program Files\Saitek\Software\SaiSmart.exe" [2008-01-18 00:10 1454080]
"Profiler"="C:\Program Files\Saitek\Software\Profiler.exe" [2008-01-18 00:10 1538560]
"MULTIMEDIA KEYBOARD"="C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2008-01-18 00:10 1545728]
"Motive SmartBridge"="C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe" [2008-01-18 00:10 1762816]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 04:50 27136 C:\WINDOWS\LOGI_MWX.EXE]
"LWBMOUSE"="C:\MMaestro\BWheel35.exe" [ ]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2008-01-18 00:10 1442816]
"CTSysVol"="C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2008-01-18 00:11 1429504]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2008-01-18 00:11 2476032]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [ ]
"EoEngine"="" []
"EoWeather"="" []
"EoClock"="" []
"EoComputer"="" []
"EoRss"="" []
"EoNet"="" []
"EoSudoku"="" []
"EoPhoto"="" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-18 00:11 2089984]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2008-01-18 00:11 1502720]
"NWEReboot"="" []
"SSA.exe"="C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" [2008-01-18 00:11 3795968]
"Gestionnaire de sécurité Sympatico"="C:\Program Files\Bell\Gestionnaire de securite\Rps.exe" [2008-01-18 00:11 2044416]
"-FreedomNeedsReboot"="C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR.exe" [2008-01-18 00:12 1715200]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask .exe" [2008-01-18 00:12 2363904]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-18 00:12 1717248]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [ ]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\WINDOWS\system32\ursts.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\ursts
R0 sonypvl3;sonypvl3;C:\WINDOWS\system32\drivers\sonypvl3.sys [2004-09-22 11:55]
R1 sonypvf3;sonypvf3;C:\WINDOWS\system32\drivers\sonypvf3.sys [2004-11-15 13:55]
R1 sonypvt3;sonypvt3;C:\WINDOWS\system32\drivers\sonypvt3.sys [2004-12-06 14:26]
R2 msikbd2k;Multimedia Keyboard;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2001-09-24 08:31]
R3 SaiClass;SaiClass;C:\WINDOWS\system32\drivers\SaiNtBus.sys [2003-04-10 11:41]
S1 sonypvd3;Sony DVD Handycam;C:\WINDOWS\system32\DRIVERS\sonypvd3.sys [2004-12-07 15:00]
S2 Ca533av;Concord 1500 Video Device;C:\WINDOWS\system32\Drivers\Ca533av.sys [2002-10-20 22:37]
S3 MS1000;MS1000;C:\WINDOWS\system32\DRIVERS\MS1000.sys [2008-01-17 10:31]
S3 SaiNtHid;SaiNtHid;C:\WINDOWS\system32\DRIVERS\SaiNtHid.sys [2003-04-10 11:42]
S3 SaiNtSub;SaiNtSub;C:\WINDOWS\system32\DRIVERS\SaiNtSub.sys [2003-04-10 11:42]
S3 StMp3Rec;Pilote de périphérique de la restauration de lecteur;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2007-01-04 15:38]
S3 USBCamera;Concord 1500 Digital Camera;C:\WINDOWS\system32\Drivers\Bulk533.sys []
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-12 18:41:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 00:10:59
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\system32\stsru.ini2 393 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\ursts.dll
.
Completion time: 2008-01-18 0:18:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-18 05:18:48
ComboFix2.txt 2008-01-17 20:04:57
ComboFix3.txt 2008-01-17 17:36:37
.
2007-12-12 22:10:59 --- E O F ---
[01/17/2008, 11:57:48] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\guy\Mes documents\Mes fichiers reçus\VirtumundoBeGone.exe" )
[01/17/2008, 11:57:59] - Detected System Information:
[01/17/2008, 11:57:59] - Windows Version: 5.1.2600, Service Pack 2
[01/17/2008, 11:57:59] - Current Username: guy (Admin)
[01/17/2008, 11:57:59] - Windows is in NORMAL mode.
[01/17/2008, 11:57:59] - Searching for Browser Helper Objects:
[01/17/2008, 11:57:59] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[01/17/2008, 11:57:59] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[01/17/2008, 11:58:00] - BHO 3: {0ff9a677-542a-481d-a6d6-3fa32d8a806d} (F2atv Forums Toolbar)
[01/17/2008, 11:58:00] - BHO 4: {3C060EA2-E6A9-4E49-A530-D4657B8C449A} (PopKill Class)
[01/17/2008, 11:58:00] - BHO 5: {64F56FC1-1272-44CD-BA6E-39723696E350} (EoBho Class)
[01/17/2008, 11:58:00] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/17/2008, 11:58:00] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[01/17/2008, 11:58:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/17/2008, 11:58:00] - No filename found. Continuing.
[01/17/2008, 11:58:00] - BHO 8: {812FEBBA-D4DE-403D-B7D5-D8463639FBF0} ()
[01/17/2008, 11:58:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/17/2008, 11:58:00] - Checking for HKLM\...\Winlogon\Notify\ursts
[01/17/2008, 11:58:00] - Key not found: HKLM\...\Winlogon\Notify\ursts, continuing.
[01/17/2008, 11:58:00] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[01/17/2008, 11:58:00] - Finished Searching Browser Helper Objects
[01/17/2008, 11:58:00] - Finishing up...
[01/17/2008, 11:58:00] - Nothing found! Exiting...
[01/17/2008, 14:00:04] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\guy\Mes documents\Mes fichiers reçus\VirtumundoBeGone.exe" )
[01/17/2008, 14:00:14] - Detected System Information:
[01/17/2008, 14:00:14] - Windows Version: 5.1.2600, Service Pack 2
[01/17/2008, 14:00:14] - Current Username: guy (Admin)
[01/17/2008, 14:00:15] - Windows is in NORMAL mode.
[01/17/2008, 14:00:15] - Searching for Browser Helper Objects:
[01/17/2008, 14:00:15] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[01/17/2008, 14:00:15] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[01/17/2008, 14:00:15] - BHO 3: {06FBAFB1-40D1-4CA0-98CA-DFD8EE7C8CA9} ()
[01/17/2008, 14:00:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/17/2008, 14:00:15] - Checking for HKLM\...\Winlogon\Notify\ursts
[01/17/2008, 14:00:15] - Key not found: HKLM\...\Winlogon\Notify\ursts, continuing.
[01/17/2008, 14:00:15] - BHO 4: {0ff9a677-542a-481d-a6d6-3fa32d8a806d} (F2atv Forums Toolbar)
[01/17/2008, 14:00:15] - BHO 5: {3C060EA2-E6A9-4E49-A530-D4657B8C449A} (PopKill Class)
[01/17/2008, 14:00:15] - BHO 6: {64F56FC1-1272-44CD-BA6E-39723696E350} (EoBho Class)
[01/17/2008, 14:00:15] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/17/2008, 14:00:15] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[01/17/2008, 14:00:15] - Finished Searching Browser Helper Objects
[01/17/2008, 14:00:15] - Finishing up...
[01/17/2008, 14:00:15] - Nothing found! Exiting...
[01/17/2008, 23:54:17] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\guy\Mes documents\Mes fichiers reçus\VirtumundoBeGone.exe" )
[01/17/2008, 23:54:18] - Detected System Information:
[01/17/2008, 23:54:18] - Windows Version: 5.1.2600, Service Pack 2
[01/17/2008, 23:54:18] - Current Username: guy (Admin)
[01/17/2008, 23:54:18] - Windows is in NORMAL mode.
[01/17/2008, 23:54:18] - Searching for Browser Helper Objects:
[01/17/2008, 23:54:18] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[01/17/2008, 23:54:18] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[01/17/2008, 23:54:18] - BHO 3: {0ff9a677-542a-481d-a6d6-3fa32d8a806d} (F2atv Forums Toolbar)
[01/17/2008, 23:54:18] - BHO 4: {3C060EA2-E6A9-4E49-A530-D4657B8C449A} (PopKill Class)
[01/17/2008, 23:54:18] - BHO 5: {42FDC41C-3BF0-44AB-8D0A-BE42B765BAB4} ()
[01/17/2008, 23:54:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/17/2008, 23:54:18] - Checking for HKLM\...\Winlogon\Notify\ursts
[01/17/2008, 23:54:18] - Key not found: HKLM\...\Winlogon\Notify\ursts, continuing.
[01/17/2008, 23:54:18] - BHO 6: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[01/17/2008, 23:54:18] - BHO 7: {64F56FC1-1272-44CD-BA6E-39723696E350} (EoBho Class)
[01/17/2008, 23:54:18] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/17/2008, 23:54:18] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[01/17/2008, 23:54:18] - Finished Searching Browser Helper Objects
[01/17/2008, 23:54:18] - Finishing up...
[01/17/2008, 23:54:18] - Nothing found! Exiting...
VundoFix V6.7.7
Checking Java version...
Scan started at 10:34:36 2008-01-17
Listing files found while scanning....
C:\WINDOWS\avp .exe
C:\WINDOWS\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\windows\system32\drvvapr.dll
C:\WINDOWS\system32\PSDrvCheck.exe
C:\WINDOWS\system32\rqrpomm.dll
C:\WINDOWS\system32\stsru.ini
C:\WINDOWS\system32\stsru.ini2
C:\WINDOWS\system32\ursts.dll
C:\WINDOWS\system32\ursts.exe
C:\WINDOWS\system32\winafd32.dll
C:\WINDOWS\system32\wupeng.exe
Beginning removal...
Attempting to delete C:\WINDOWS\avp .exe
C:\WINDOWS\avp .exe Has been deleted!
Attempting to delete C:\WINDOWS\avp.exe
C:\WINDOWS\avp.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe Has been deleted!
Attempting to delete C:\windows\system32\drvvapr.dll
C:\windows\system32\drvvapr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\PSDrvCheck.exe
C:\WINDOWS\system32\PSDrvCheck.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\rqrpomm.dll
C:\WINDOWS\system32\rqrpomm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\stsru.ini
C:\WINDOWS\system32\stsru.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\stsru.ini2
C:\WINDOWS\system32\stsru.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ursts.dll
C:\WINDOWS\system32\ursts.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ursts.exe
C:\WINDOWS\system32\ursts.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\winafd32.dll
C:\WINDOWS\system32\winafd32.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wupeng.exe
C:\WINDOWS\system32\wupeng.exe Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.7.7
Checking Java version...
Scan started at 12:47:08 2008-01-17
Listing files found while scanning....
C:\WINDOWS\system32\stsru.ini
C:\WINDOWS\system32\stsru.ini2
C:\WINDOWS\system32\ursts.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\stsru.ini
C:\WINDOWS\system32\stsru.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\stsru.ini2
C:\WINDOWS\system32\stsru.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ursts.dll
C:\WINDOWS\system32\ursts.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.7.7
Checking Java version...
Scan started at 22:49:19 2008-01-17
Listing files found while scanning....
C:\WINDOWS\system32\stsru.ini
C:\WINDOWS\system32\stsru.ini2
C:\WINDOWS\system32\ursts.dll
C:\WINDOWS\system32\ursts.exe
Beginning removal...
Attempting to delete C:\WINDOWS\system32\stsru.ini
C:\WINDOWS\system32\stsru.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\stsru.ini2
C:\WINDOWS\system32\stsru.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ursts.dll
C:\WINDOWS\system32\ursts.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\ursts.exe
C:\WINDOWS\system32\ursts.exe Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\stsru.ini
C:\WINDOWS\system32\stsru.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\stsru.ini2
C:\WINDOWS\system32\stsru.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ursts.dll
C:\WINDOWS\system32\ursts.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ursts.exe
C:\WINDOWS\system32\ursts.exe Has been deleted!
Performing Repairs to the registry.
Done!
ComboFix 08-01-17.5 - guy 2008-01-17 23:58:08.3 - NTFSx86
Running from: C:\Documents and Settings\guy\Mes documents\Mes fichiers reçus\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\stsru.ini
C:\WINDOWS\system32\stsru.ini2
C:\WINDOWS\system32\ursts.dll
C:\WINDOWS\system32\ursts.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-18 to 2008-01-18 ))))))))))))))))))))))))))))))))))))
.
2008-01-18 00:08 . 2008-01-18 00:08 330,816 -----c--- C:\WINDOWS\system32\ursts.dll
2008-01-18 00:08 . 2008-01-18 00:12 321 --ahsc--- C:\WINDOWS\system32\stsru.ini
2008-01-17 21:48 . 2008-01-17 21:48 <REP> d----c--- C:\Program Files\Microsoft Windows OneCare Live
2008-01-17 16:07 . 2008-01-17 17:30 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-17 15:36 . 2008-01-17 15:36 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-17 15:35 . 2008-01-17 15:35 <REP> d----c--- C:\Program Files\Windows Live
2008-01-17 15:35 . 2008-01-17 17:46 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-17 14:51 . 2008-01-17 14:52 330,816 -----c--- C:\WINDOWS\system32\ursts.dll_old
2008-01-17 12:05 . 2008-01-18 00:11 2,476,032 --a--c--- C:\WINDOWS\UpdReg.EXE
2008-01-17 11:59 . 2000-08-31 08:00 58,368 --a--c--- C:\WINDOWS\NirCmd.exe
2008-01-17 10:34 . 2008-01-17 23:39 <REP> d----c--- C:\VundoFix Backups
2008-01-17 10:31 . 2008-01-17 10:31 5,376 --a--c--- C:\WINDOWS\system32\drivers\MS1000.sys
2008-01-17 10:30 . 2008-01-17 11:53 <REP> d----c--- C:\Program Files\The Cleaner Free
2008-01-17 09:57 . 2008-01-17 09:57 22,528 --a--c--- C:\WINDOWS\system32\ctfmon .exe
2008-01-17 08:11 . 2008-01-17 09:36 <REP> d----c--- C:\Program Files\Microsoft IEAK 7
2008-01-17 01:18 . 2008-01-17 01:18 <REP> d----c--- C:\Program Files\AxBx
2008-01-16 21:16 . 2008-01-17 09:47 <REP> d----c--- C:\Program Files\PC Inspector File Recovery
2008-01-16 16:43 . 2008-01-16 16:43 19,456 -----c--- C:\WINDOWS\system32\wupeng .exe
2008-01-16 16:42 . 2008-01-17 23:42 1,800,192 --a--c--- C:\WINDOWS\UpdReg .EXE
2008-01-16 16:42 . 2008-01-17 09:56 413,184 --a--c--- C:\WINDOWS\system32\PSDrvCheck .exe
2008-01-16 16:42 . 2008-01-16 16:41 351,232 --a--c--- C:\WINDOWS\system32\OLD5D.tmp
2008-01-16 15:47 . 2004-08-19 18:09 22,528 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-16 15:33 . 2008-01-16 15:33 54,764 --a--c--- C:\WINDOWS\system32\dxdss.sys
2008-01-16 15:33 . 2008-01-16 15:33 0 --a--c--- C:\-318790359
2008-01-16 15:32 . 2008-01-16 15:32 103,424 --a--c--- C:\WINDOWS\system32\drvvap.dll
2008-01-16 15:20 . 2005-07-29 16:12 2,985,984 -----c--- C:\WINDOWS\UNRecode.exe
2008-01-16 15:20 . 2005-11-15 10:28 56,404 -----c--- C:\WINDOWS\UNRecode.cfg
2008-01-16 14:41 . 2008-01-16 15:17 <REP> d----c--- C:\Program Files\WinAVI Video Converter
2008-01-16 10:54 . 2008-01-16 10:54 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\ViceVersa PRO 2
2008-01-16 10:47 . 2008-01-16 11:02 <REP> d----c--- C:\Program Files\Cobian Backup 8
2007-12-21 19:08 . 2007-12-21 19:08 <REP> d----c--- C:\Program Files\Deer Hunter
2007-12-21 19:08 . 2007-12-21 19:09 4,058 --a--c--- C:\WINDOWS\DeIsL1.isu
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-18 05:12 --------- dc----w C:\Program Files\iTunes
2008-01-17 22:56 --------- dc----w C:\Program Files\MétéoMédia
2008-01-17 20:30 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-01-17 20:25 --------- dc----w C:\Program Files\MSN Messenger
2008-01-17 14:50 --------- dc----w C:\Program Files\Fichiers communs\LightScribe
2008-01-17 14:46 --------- dc----w C:\Program Files\Bell
2008-01-17 05:15 --------- dc----w C:\Documents and Settings\guy\Application Data\Uniblue
2008-01-17 04:12 4,313,678 -c--a-w C:\WINDOWS\java\Packages\JFVLJTNB.ZIP
2008-01-16 23:05 --------- dc----w C:\Program Files\Ahead
2008-01-16 23:03 --------- dc----w C:\Documents and Settings\guy\Application Data\Ahead
2008-01-16 23:03 --------- dc----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-01-16 20:20 --------- dc----w C:\Program Files\Fichiers communs\Ahead
2007-12-20 02:44 12,428 -c--a-w C:\Documents and Settings\guy\Application Data\ViewerApp.dat
2007-12-19 20:47 --------- dc----w C:\Program Files\LimeWire
2007-12-19 20:40 --------- dc----w C:\Program Files\Incomplete
2007-12-19 02:35 --------- dc----w C:\Documents and Settings\guy\Application Data\LimeWire
2007-12-14 00:56 --------- dc----w C:\Program Files\iPod
2007-12-14 00:28 --------- dc----w C:\Program Files\Apple Software Update
2007-12-14 00:26 --------- dc----w C:\Program Files\Fichiers communs\Apple
2007-12-14 00:26 --------- dc----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-10 18:47 --------- dc----w C:\Program Files\F2atv_Forums
2007-11-11 15:53 53,248 -c--a-w C:\WINDOWS\NCUNINST.EXE
2007-11-07 09:50 733,696 -c--a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 -c--a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 14:28 222,720 -c--a-w C:\WINDOWS\system32\wmasf.dll
2007-09-07 21:34 47,360 -c--a-w C:\Documents and Settings\guy\Application Data\pcouffin.sys
2006-03-18 01:48 95 -c--a-w C:\Program Files\satsukidecodersettings.ini
2005-12-27 02:43 2,148 -c--a-w C:\Program Files\INSTALL.LOG
2003-01-31 16:08 77,444 -c----w C:\WINDOWS\inf\setup\bcr.exe
2003-01-31 16:08 50,934 -c----w C:\WINDOWS\inf\ssdsl3x\drivers\vvpciusb.sys
2003-01-31 16:08 50,911 -c----w C:\WINDOWS\inf\ssdsl3x\drivers\vvbususb.sys
2003-01-31 16:08 49,296 -c----w C:\WINDOWS\inf\setup\efnt16.dll
2003-01-31 16:08 49,152 -c----w C:\WINDOWS\inf\enclss32.dll
2003-01-31 16:08 32,768 -c----w C:\WINDOWS\inf\setup\efnt32.dll
2003-01-31 16:08 3,698,688 -c----w C:\WINDOWS\inf\setup.exe
2003-01-31 16:08 28,005 -c----w C:\WINDOWS\inf\ssdsl3x\drivers\enethusb.sys
2003-01-31 16:08 241,664 -c----w C:\WINDOWS\inf\setup\bohica.dll
2003-01-31 16:08 23,560 -c----w C:\WINDOWS\inf\enclss16.dll
2003-01-31 16:08 163,840 -c----w C:\WINDOWS\inf\setup\enisnmp.dll
2003-01-31 16:08 163,840 -c----w C:\WINDOWS\inf\setup\efntsw.dll
2003-01-31 16:08 163,840 -c----w C:\WINDOWS\inf\setup\ClearMB.exe
2003-01-31 16:08 159,744 -c----w C:\WINDOWS\inf\setup\l2xpdrv.dll
2003-01-31 16:08 159,744 -c----w C:\WINDOWS\inf\setup\csshim.dll
2003-01-31 16:08 155,648 -c----w C:\WINDOWS\inf\setup\prox.dll
2003-01-31 16:08 155,648 -c----w C:\WINDOWS\inf\setup\efntos2k.dll
2003-01-31 16:08 15,332 -c----w C:\WINDOWS\inf\ssdsl3x\drivers\vvbeth.sys
2003-01-31 16:08 15,309 -c----w C:\WINDOWS\inf\ssdsl3x\drivers\vvbetht.sys
2003-01-31 16:08 147,456 -c----w C:\WINDOWS\inf\setup\efntos9x.dll
2003-01-31 16:08 143,360 -c----w C:\WINDOWS\inf\setup\EnCmnSvr.exe
2003-01-31 16:08 139,264 -c----w C:\WINDOWS\inf\setup\enicommon.dll
2003-01-31 16:08 126,976 -c----w C:\WINDOWS\inf\setup\defdel.exe
2003-01-31 16:08 122,880 -c----w C:\WINDOWS\inf\setup\efntos.dll
2003-01-31 16:08 122,880 -c----w C:\WINDOWS\inf\setup\efntnio.dll
2002-06-04 09:06 75,760 -c----w C:\WINDOWS\inf\copyinf.exe
1998-08-24 17:09 17,168 -c--a-w C:\WINDOWS\inf\unregpn.exe
.
[code]<pre>
-c--a-w 1,748,480 2008-01-18 05:09:09 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
-c--a-w 1,087,488 2008-01-18 04:41:59 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
-c--a-w 1,101,312 2008-01-18 05:08:59 C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
-c--a-w 1,702,912 2008-01-18 05:09:45 C:\Program Files\Bell\Gestionnaire de securite\Rps .exe
-c--a-w 1,380,864 2008-01-18 05:10:06 C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR .exe
-c--a-w 3,454,464 2008-01-18 05:09:53 C:\Program Files\Bell\Sympatico Security Advisor\SSA .exe
-c--a-w 2,167,808 2008-01-18 05:10:39 C:\Program Files\Creative\MediaSource\Detector\CTDetect .exe
-c--a-w 1,095,168 2008-01-18 05:08:59 C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol .exe
-c--a-w 2,168,832 2008-01-18 05:10:08 C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq .exe
-c--a-w 1,382,912 2008-01-18 05:10:04 C:\Program Files\iTunes\iTunesHelper .exe
-c--a-w 1,161,216 2008-01-18 05:09:14 C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe
-c--a-w 2,029,568 2008-01-18 05:10:07 C:\Program Files\K-Lite Codec Pack\QuickTime\qttask .exe
-c--a-w 2,363,904 2008-01-18 05:12:11 C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask .exe
-c--a-w 777,728 2008-01-17 17:25:23 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
-c--a-w 6,388,736 2008-01-17 20:19:24 C:\Program Files\MSN Messenger\MsnMsgr .Exe
-c--a-w 5,931,520 2008-01-17 22:29:34 C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye .exe
-c--a-w 5,248,512 2008-01-18 04:44:13 C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye .exe
-c--a-w 1,421,312 2008-01-18 05:08:59 C:\Program Files\NetAssistant\SmartBridge\MotiveSB .exe
-c--a-w 1,204,224 2008-01-18 05:08:55 C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd .exe
-c--a-w 1,197,056 2008-01-18 05:08:55 C:\Program Files\Saitek\Software\Profiler .exe
-c--a-w 1,112,576 2008-01-18 05:08:50 C:\Program Files\Saitek\Software\SaiSmart .exe
-c--a-w 1,805,824 2008-01-18 05:10:43 C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
-c--a-w 1,070,592 2008-01-18 05:08:38 C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor .exe
-c--a-w 1,082,880 2008-01-18 05:08:44 C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor .exe
-c--a-w 1,800,192 2008-01-18 04:42:53 C:\WINDOWS\UpdReg .EXE
-c--a-w 22,528 2008-01-17 14:57:42 C:\WINDOWS\system32\ctfmon .exe
-c--a-w 413,184 2008-01-17 14:56:50 C:\WINDOWS\system32\PSDrvCheck .exe
-c----w 19,456 2008-01-16 21:43:27 C:\WINDOWS\system32\wupeng .exe
</pre>[/code]
((((((((((((((((((((((((((((( snapshot_2008-01-17_15.03.40.58 )))))))))))))))))))))))))))))))))))))))))
.
- 2003-03-16 06:02:00 48,640 -c--a-w C:\WINDOWS\system32\cd_clint.dll
+ 2007-04-19 21:42:14 54,440 -c--a-w C:\WINDOWS\system32\cd_clint.dll
- 2008-01-17 19:12:37 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-01-18 05:06:53 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-01-17 19:12:37 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-01-18 05:06:53 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-01-17 19:12:37 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-18 05:06:53 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2004-08-19 23:10:07 19,968 -c--a-w C:\WINDOWS\system32\ssbezier.scr
+ 2004-08-19 23:10:07 27,136 -c--a-w C:\WINDOWS\system32\ssbezier.scr
- 2004-08-19 23:10:07 20,992 -c--a-w C:\WINDOWS\system32\ssmarque.scr
+ 2004-08-19 23:10:07 28,160 -c--a-w C:\WINDOWS\system32\ssmarque.scr
- 2004-08-19 23:10:07 18,944 -c--a-w C:\WINDOWS\system32\ssmyst.scr
+ 2004-08-19 23:10:07 26,112 -c--a-w C:\WINDOWS\system32\ssmyst.scr
- 2003-01-13 14:55:40 106,496 -c----w C:\WINDOWS\UPSCR.Scr
+ 2003-01-13 14:55:40 114,688 -c----w C:\WINDOWS\UPSCR.Scr
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0ff9a677-542a-481d-a6d6-3fa32d8a806d}]
2007-12-10 13:46 1510424 --a--c--- C:\Program Files\F2atv_Forums\tbF2at.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CB1B6AC-4446-49BA-A48D-43747B18B215}]
2008-01-18 00:08 330816 -----c--- C:\WINDOWS\system32\ursts.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{0FF9A677-542A-481D-A6D6-3FA32D8A806D}
[HKEY_CLASSES_ROOT\clsid\{0ff9a677-542a-481d-a6d6-3fa32d8a806d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0FF9A677-542A-481D-A6D6-3FA32D8A806D}"= C:\Program Files\F2atv_Forums\tbF2at.dll [2007-12-10 13:46 1510424]
[HKEY_CLASSES_ROOT\clsid\{0ff9a677-542a-481d-a6d6-3fa32d8a806d}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [ ]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [ ]
"Start WingMan Profiler"="" []
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe" [ ]
"MtdAcq"="C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe" [2008-01-18 00:08 2503168]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2008-01-18 00:09 2502144]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-18 00:09 2147328]
"WeatherEye"="C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2008-01-18 00:09 1763328]
"Windows Automation"="mslaugh.exe" []
"Ulead Memory Card Detector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe" [2008-01-18 00:10 1412096]
"Ulead AutoDetector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2008-01-18 00:10 1424384]
"SaiSmart"="C:\Program Files\Saitek\Software\SaiSmart.exe" [2008-01-18 00:10 1454080]
"Profiler"="C:\Program Files\Saitek\Software\Profiler.exe" [2008-01-18 00:10 1538560]
"MULTIMEDIA KEYBOARD"="C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2008-01-18 00:10 1545728]
"Motive SmartBridge"="C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe" [2008-01-18 00:10 1762816]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 04:50 27136 C:\WINDOWS\LOGI_MWX.EXE]
"LWBMOUSE"="C:\MMaestro\BWheel35.exe" [ ]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2008-01-18 00:10 1442816]
"CTSysVol"="C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2008-01-18 00:11 1429504]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2008-01-18 00:11 2476032]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [ ]
"EoEngine"="" []
"EoWeather"="" []
"EoClock"="" []
"EoComputer"="" []
"EoRss"="" []
"EoNet"="" []
"EoSudoku"="" []
"EoPhoto"="" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-18 00:11 2089984]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2008-01-18 00:11 1502720]
"NWEReboot"="" []
"SSA.exe"="C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" [2008-01-18 00:11 3795968]
"Gestionnaire de sécurité Sympatico"="C:\Program Files\Bell\Gestionnaire de securite\Rps.exe" [2008-01-18 00:11 2044416]
"-FreedomNeedsReboot"="C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR.exe" [2008-01-18 00:12 1715200]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask .exe" [2008-01-18 00:12 2363904]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-18 00:12 1717248]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [ ]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\WINDOWS\system32\ursts.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\ursts
R0 sonypvl3;sonypvl3;C:\WINDOWS\system32\drivers\sonypvl3.sys [2004-09-22 11:55]
R1 sonypvf3;sonypvf3;C:\WINDOWS\system32\drivers\sonypvf3.sys [2004-11-15 13:55]
R1 sonypvt3;sonypvt3;C:\WINDOWS\system32\drivers\sonypvt3.sys [2004-12-06 14:26]
R2 msikbd2k;Multimedia Keyboard;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2001-09-24 08:31]
R3 SaiClass;SaiClass;C:\WINDOWS\system32\drivers\SaiNtBus.sys [2003-04-10 11:41]
S1 sonypvd3;Sony DVD Handycam;C:\WINDOWS\system32\DRIVERS\sonypvd3.sys [2004-12-07 15:00]
S2 Ca533av;Concord 1500 Video Device;C:\WINDOWS\system32\Drivers\Ca533av.sys [2002-10-20 22:37]
S3 MS1000;MS1000;C:\WINDOWS\system32\DRIVERS\MS1000.sys [2008-01-17 10:31]
S3 SaiNtHid;SaiNtHid;C:\WINDOWS\system32\DRIVERS\SaiNtHid.sys [2003-04-10 11:42]
S3 SaiNtSub;SaiNtSub;C:\WINDOWS\system32\DRIVERS\SaiNtSub.sys [2003-04-10 11:42]
S3 StMp3Rec;Pilote de périphérique de la restauration de lecteur;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2007-01-04 15:38]
S3 USBCamera;Concord 1500 Digital Camera;C:\WINDOWS\system32\Drivers\Bulk533.sys []
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-12 18:41:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 00:10:59
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\system32\stsru.ini2 393 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\ursts.dll
.
Completion time: 2008-01-18 0:18:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-18 05:18:48
ComboFix2.txt 2008-01-17 20:04:57
ComboFix3.txt 2008-01-17 17:36:37
.
2007-12-12 22:10:59 --- E O F ---
[01/17/2008, 11:57:48] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\guy\Mes documents\Mes fichiers reçus\VirtumundoBeGone.exe" )
[01/17/2008, 11:57:59] - Detected System Information:
[01/17/2008, 11:57:59] - Windows Version: 5.1.2600, Service Pack 2
[01/17/2008, 11:57:59] - Current Username: guy (Admin)
[01/17/2008, 11:57:59] - Windows is in NORMAL mode.
[01/17/2008, 11:57:59] - Searching for Browser Helper Objects:
[01/17/2008, 11:57:59] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[01/17/2008, 11:57:59] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[01/17/2008, 11:58:00] - BHO 3: {0ff9a677-542a-481d-a6d6-3fa32d8a806d} (F2atv Forums Toolbar)
[01/17/2008, 11:58:00] - BHO 4: {3C060EA2-E6A9-4E49-A530-D4657B8C449A} (PopKill Class)
[01/17/2008, 11:58:00] - BHO 5: {64F56FC1-1272-44CD-BA6E-39723696E350} (EoBho Class)
[01/17/2008, 11:58:00] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/17/2008, 11:58:00] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[01/17/2008, 11:58:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/17/2008, 11:58:00] - No filename found. Continuing.
[01/17/2008, 11:58:00] - BHO 8: {812FEBBA-D4DE-403D-B7D5-D8463639FBF0} ()
[01/17/2008, 11:58:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/17/2008, 11:58:00] - Checking for HKLM\...\Winlogon\Notify\ursts
[01/17/2008, 11:58:00] - Key not found: HKLM\...\Winlogon\Notify\ursts, continuing.
[01/17/2008, 11:58:00] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[01/17/2008, 11:58:00] - Finished Searching Browser Helper Objects
[01/17/2008, 11:58:00] - Finishing up...
[01/17/2008, 11:58:00] - Nothing found! Exiting...
[01/17/2008, 14:00:04] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\guy\Mes documents\Mes fichiers reçus\VirtumundoBeGone.exe" )
[01/17/2008, 14:00:14] - Detected System Information:
[01/17/2008, 14:00:14] - Windows Version: 5.1.2600, Service Pack 2
[01/17/2008, 14:00:14] - Current Username: guy (Admin)
[01/17/2008, 14:00:15] - Windows is in NORMAL mode.
[01/17/2008, 14:00:15] - Searching for Browser Helper Objects:
[01/17/2008, 14:00:15] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[01/17/2008, 14:00:15] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[01/17/2008, 14:00:15] - BHO 3: {06FBAFB1-40D1-4CA0-98CA-DFD8EE7C8CA9} ()
[01/17/2008, 14:00:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/17/2008, 14:00:15] - Checking for HKLM\...\Winlogon\Notify\ursts
[01/17/2008, 14:00:15] - Key not found: HKLM\...\Winlogon\Notify\ursts, continuing.
[01/17/2008, 14:00:15] - BHO 4: {0ff9a677-542a-481d-a6d6-3fa32d8a806d} (F2atv Forums Toolbar)
[01/17/2008, 14:00:15] - BHO 5: {3C060EA2-E6A9-4E49-A530-D4657B8C449A} (PopKill Class)
[01/17/2008, 14:00:15] - BHO 6: {64F56FC1-1272-44CD-BA6E-39723696E350} (EoBho Class)
[01/17/2008, 14:00:15] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/17/2008, 14:00:15] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[01/17/2008, 14:00:15] - Finished Searching Browser Helper Objects
[01/17/2008, 14:00:15] - Finishing up...
[01/17/2008, 14:00:15] - Nothing found! Exiting...
[01/17/2008, 23:54:17] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\guy\Mes documents\Mes fichiers reçus\VirtumundoBeGone.exe" )
[01/17/2008, 23:54:18] - Detected System Information:
[01/17/2008, 23:54:18] - Windows Version: 5.1.2600, Service Pack 2
[01/17/2008, 23:54:18] - Current Username: guy (Admin)
[01/17/2008, 23:54:18] - Windows is in NORMAL mode.
[01/17/2008, 23:54:18] - Searching for Browser Helper Objects:
[01/17/2008, 23:54:18] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[01/17/2008, 23:54:18] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[01/17/2008, 23:54:18] - BHO 3: {0ff9a677-542a-481d-a6d6-3fa32d8a806d} (F2atv Forums Toolbar)
[01/17/2008, 23:54:18] - BHO 4: {3C060EA2-E6A9-4E49-A530-D4657B8C449A} (PopKill Class)
[01/17/2008, 23:54:18] - BHO 5: {42FDC41C-3BF0-44AB-8D0A-BE42B765BAB4} ()
[01/17/2008, 23:54:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/17/2008, 23:54:18] - Checking for HKLM\...\Winlogon\Notify\ursts
[01/17/2008, 23:54:18] - Key not found: HKLM\...\Winlogon\Notify\ursts, continuing.
[01/17/2008, 23:54:18] - BHO 6: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[01/17/2008, 23:54:18] - BHO 7: {64F56FC1-1272-44CD-BA6E-39723696E350} (EoBho Class)
[01/17/2008, 23:54:18] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/17/2008, 23:54:18] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[01/17/2008, 23:54:18] - Finished Searching Browser Helper Objects
[01/17/2008, 23:54:18] - Finishing up...
[01/17/2008, 23:54:18] - Nothing found! Exiting...
VundoFix V6.7.7
Checking Java version...
Scan started at 10:34:36 2008-01-17
Listing files found while scanning....
C:\WINDOWS\avp .exe
C:\WINDOWS\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\windows\system32\drvvapr.dll
C:\WINDOWS\system32\PSDrvCheck.exe
C:\WINDOWS\system32\rqrpomm.dll
C:\WINDOWS\system32\stsru.ini
C:\WINDOWS\system32\stsru.ini2
C:\WINDOWS\system32\ursts.dll
C:\WINDOWS\system32\ursts.exe
C:\WINDOWS\system32\winafd32.dll
C:\WINDOWS\system32\wupeng.exe
Beginning removal...
Attempting to delete C:\WINDOWS\avp .exe
C:\WINDOWS\avp .exe Has been deleted!
Attempting to delete C:\WINDOWS\avp.exe
C:\WINDOWS\avp.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe Has been deleted!
Attempting to delete C:\windows\system32\drvvapr.dll
C:\windows\system32\drvvapr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\PSDrvCheck.exe
C:\WINDOWS\system32\PSDrvCheck.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\rqrpomm.dll
C:\WINDOWS\system32\rqrpomm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\stsru.ini
C:\WINDOWS\system32\stsru.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\stsru.ini2
C:\WINDOWS\system32\stsru.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ursts.dll
C:\WINDOWS\system32\ursts.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ursts.exe
C:\WINDOWS\system32\ursts.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\winafd32.dll
C:\WINDOWS\system32\winafd32.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wupeng.exe
C:\WINDOWS\system32\wupeng.exe Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.7.7
Checking Java version...
Scan started at 12:47:08 2008-01-17
Listing files found while scanning....
C:\WINDOWS\system32\stsru.ini
C:\WINDOWS\system32\stsru.ini2
C:\WINDOWS\system32\ursts.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\stsru.ini
C:\WINDOWS\system32\stsru.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\stsru.ini2
C:\WINDOWS\system32\stsru.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ursts.dll
C:\WINDOWS\system32\ursts.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.7.7
Checking Java version...
Scan started at 22:49:19 2008-01-17
Listing files found while scanning....
C:\WINDOWS\system32\stsru.ini
C:\WINDOWS\system32\stsru.ini2
C:\WINDOWS\system32\ursts.dll
C:\WINDOWS\system32\ursts.exe
Beginning removal...
Attempting to delete C:\WINDOWS\system32\stsru.ini
C:\WINDOWS\system32\stsru.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\stsru.ini2
C:\WINDOWS\system32\stsru.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ursts.dll
C:\WINDOWS\system32\ursts.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\ursts.exe
C:\WINDOWS\system32\ursts.exe Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\stsru.ini
C:\WINDOWS\system32\stsru.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\stsru.ini2
C:\WINDOWS\system32\stsru.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ursts.dll
C:\WINDOWS\system32\ursts.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ursts.exe
C:\WINDOWS\system32\ursts.exe Has been deleted!
Performing Repairs to the registry.
Done!
A voir également:
- Hijackthis: analyser svp
- Hijackthis - Télécharger - Antivirus & Antimalwares
- Entraide Hijackthis ✓ - Forum Virus
- Analyse HiJackThis - Forum Virus
- Raport hijackthis - Forum Virus
- Analyse rapport Hijackthis - Forum Virus
5 réponses
Bonjour,
tu titre "HiJackThis" et tu nous poste un rapport ComboFix, pis un VundoFix.
Poste donc un rapport HiJackThis stp...
Et détaille tes problèmes actuels ;o)
tu titre "HiJackThis" et tu nous poste un rapport ComboFix, pis un VundoFix.
Poste donc un rapport HiJackThis stp...
Et détaille tes problèmes actuels ;o)
oups je voullais juste savoir quesqu'il n'allai pas avec mon ordi,j'ai des messages comme:w32/virut.7116,w32/virtumonde.oq,systeme32/urst.exe n'est pas ... et bien d'autre fichier dll...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:14:28, on 2008-01-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bell\Gestionnaire de securite\Fws.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye .exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe
C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye .exe
C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe
C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye .exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\guy\Mes documents\Mes fichiers reçus\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\system32\ursts.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Gestionnaire de sécurité Sympatico] "C:\Program Files\Bell\Gestionnaire de securite\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [ecffa586] rundll32.exe "C:\WINDOWS\system32\rvwfnhkl.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr .exe" /background
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O15 - Trusted Zone: http://www.windowsmarketplace.com
O16 - DPF: TruePass EPF 7,0,100,684 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {23B1D1AE-A29F-4AE2-B76E-CAB6E14811C4} (DHCPConfiguration Class) - http://eserv.sympatico.ca/netassistant/controls/BellCanadaPortalAX.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_02) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - http://by13fd.bay13.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe (file missing)
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Service de mise-à-jour pour le Gestionnaire de sécurité Sympatico (RPSUpdaterR) - Bell Sympatico - C:\Program Files\Bell\Gestionnaire de securite\rpsupdaterR.exe
O23 - Service: Gestionnaire de sécurité Sympatico Coupe-feu (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Gestionnaire de securite\Fws.exe
Scan saved at 01:14:28, on 2008-01-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bell\Gestionnaire de securite\Fws.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye .exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe
C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye .exe
C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe
C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye .exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\guy\Mes documents\Mes fichiers reçus\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\system32\ursts.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Gestionnaire de sécurité Sympatico] "C:\Program Files\Bell\Gestionnaire de securite\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [ecffa586] rundll32.exe "C:\WINDOWS\system32\rvwfnhkl.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr .exe" /background
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O15 - Trusted Zone: http://www.windowsmarketplace.com
O16 - DPF: TruePass EPF 7,0,100,684 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {23B1D1AE-A29F-4AE2-B76E-CAB6E14811C4} (DHCPConfiguration Class) - http://eserv.sympatico.ca/netassistant/controls/BellCanadaPortalAX.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_02) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - http://by13fd.bay13.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe (file missing)
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Service de mise-à-jour pour le Gestionnaire de sécurité Sympatico (RPSUpdaterR) - Bell Sympatico - C:\Program Files\Bell\Gestionnaire de securite\rpsupdaterR.exe
O23 - Service: Gestionnaire de sécurité Sympatico Coupe-feu (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Gestionnaire de securite\Fws.exe
Hello!
1) tu n'as ni antivirus, ni pare-feu actifs !! (c'est très mal!)
=> télécharge et installe: http://www.commentcamarche.net/telecharger/telecharger 151 avast
http://www.commentcamarche.net/telecharger/telecharger 206 kerio
2) Ouvre Hijackthis, choisis "do a scan only"
Coche la case devant les lignes:
1) tu n'as ni antivirus, ni pare-feu actifs !! (c'est très mal!)
=> télécharge et installe: http://www.commentcamarche.net/telecharger/telecharger 151 avast
http://www.commentcamarche.net/telecharger/telecharger 206 kerio
2) Ouvre Hijackthis, choisis "do a scan only"
Coche la case devant les lignes:
F3 - REG:win.ini: load=C:\WINDOWS\system32\ursts.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ecffa586] rundll32.exe "C:\WINDOWS\system32\rvwfnhkl.dll",b
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O16 - DPF: TruePass EPF 7,0,100,684 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_02) -
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - https://secure.gopetslive.com/dev/GoPetsWeb.cab</code>Ferme toutes les autres fenêtres actives et clique sur "Fix checked"
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
