Trojan 32 je ne sais plus quoi faire
atallice
-
g!rly Messages postés 18462 Statut Contributeur -
g!rly Messages postés 18462 Statut Contributeur -
Bonjour,
Je suis infectée par un trojan 32 enfin un truc dans le genre.
J'ai essayé pas mal de solutions mais rien a faire.
De plus je ne suis vraiment pas douée pour l'informatique donc voila je vous explique.
Comme pas mal de personne j'ai chopé ce truc win trojan 32 mais je n'arrive pas du tout a l'enlever. C'est super embetant car outre le fait que mon pc soit lent et tout et tout je ne voudrais pas voir mon pc infiltré par je ne sais pas quoi.
Donc merci de votre aide si vous voulez bien me filer un coup de main.
J'ai un ordi Compaq avec vista edition familiale premium.
Voici le resultat du scan hijakis ou je sais plus comment ca s'appel.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:03, on 21/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Safe mode
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: e404mgr Class - {8BD4438C-2511-4B93-AD34-2BDCD0FF78D2} - C:\Program Files\Helper\1203089664.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll (file missing)
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
O4 - HKLM\..\Run: [UADCFR_3833461972] "C:\Program Files\AdvancedCleaner Free\UADCcw.exe" -c
O4 - HKLM\..\Run: [AbyssmoClient] C:\Program Files\Common Files\AdvancedCleaner\abhlp.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Users\atallice\Documents\Setup\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_SCC72.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [itbmqcblci] c:\users\atallice\appdata\local\itbmqcblci.exe itbmqcblci
O4 - HKCU\..\Run: [dmhpl.tmp] C:\Windows\system32\dmhpl.tmp
O4 - HKCU\..\Run: [dmphy.tmp] C:\Windows\system32\dmphy.tmp
O4 - HKCU\..\Run: [AbyssmoClient] C:\Program Files\Common Files\AdvancedCleaner\abhlp.exe
O4 - HKCU\..\Run: [dmsni.tmp] C:\Windows\system32\dmsni.tmp
O4 - HKCU\..\Run: [dmjan.tmp] C:\Windows\system32\dmjan.tmp
O4 - HKCU\..\Run: [dmxrw.tmp] C:\Windows\system32\dmxrw.tmp
O4 - HKCU\..\Run: [dmubu.tmp] C:\Windows\system32\dmubu.tmp
O4 - HKCU\..\Run: [dmvgc.tmp] C:\Windows\system32\dmvgc.tmp
O4 - HKCU\..\Run: [dmzax.tmp] C:\Windows\system32\dmzax.tmp
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{68DF39A9-0EBE-4681-BB8B-7704AF7B7C8A}: NameServer = 85.255.116.166,85.255.112.90
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.166 85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.166 85.255.112.90
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Users\atallice\Documents\Setup\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
Je suis infectée par un trojan 32 enfin un truc dans le genre.
J'ai essayé pas mal de solutions mais rien a faire.
De plus je ne suis vraiment pas douée pour l'informatique donc voila je vous explique.
Comme pas mal de personne j'ai chopé ce truc win trojan 32 mais je n'arrive pas du tout a l'enlever. C'est super embetant car outre le fait que mon pc soit lent et tout et tout je ne voudrais pas voir mon pc infiltré par je ne sais pas quoi.
Donc merci de votre aide si vous voulez bien me filer un coup de main.
J'ai un ordi Compaq avec vista edition familiale premium.
Voici le resultat du scan hijakis ou je sais plus comment ca s'appel.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:03, on 21/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Safe mode
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: e404mgr Class - {8BD4438C-2511-4B93-AD34-2BDCD0FF78D2} - C:\Program Files\Helper\1203089664.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll (file missing)
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
O4 - HKLM\..\Run: [UADCFR_3833461972] "C:\Program Files\AdvancedCleaner Free\UADCcw.exe" -c
O4 - HKLM\..\Run: [AbyssmoClient] C:\Program Files\Common Files\AdvancedCleaner\abhlp.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Users\atallice\Documents\Setup\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_SCC72.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [itbmqcblci] c:\users\atallice\appdata\local\itbmqcblci.exe itbmqcblci
O4 - HKCU\..\Run: [dmhpl.tmp] C:\Windows\system32\dmhpl.tmp
O4 - HKCU\..\Run: [dmphy.tmp] C:\Windows\system32\dmphy.tmp
O4 - HKCU\..\Run: [AbyssmoClient] C:\Program Files\Common Files\AdvancedCleaner\abhlp.exe
O4 - HKCU\..\Run: [dmsni.tmp] C:\Windows\system32\dmsni.tmp
O4 - HKCU\..\Run: [dmjan.tmp] C:\Windows\system32\dmjan.tmp
O4 - HKCU\..\Run: [dmxrw.tmp] C:\Windows\system32\dmxrw.tmp
O4 - HKCU\..\Run: [dmubu.tmp] C:\Windows\system32\dmubu.tmp
O4 - HKCU\..\Run: [dmvgc.tmp] C:\Windows\system32\dmvgc.tmp
O4 - HKCU\..\Run: [dmzax.tmp] C:\Windows\system32\dmzax.tmp
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{68DF39A9-0EBE-4681-BB8B-7704AF7B7C8A}: NameServer = 85.255.116.166,85.255.112.90
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.166 85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.166 85.255.112.90
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Users\atallice\Documents\Setup\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
A voir également:
- Trojan 32 je ne sais plus quoi faire
- 32 bits - Guide
- Power iso 32 bit - Télécharger - Gravure
- Télécharger windows 7 32 bits usb - Télécharger - Systèmes d'exploitation
- Clé de produit windows 7 professionnel 32 bits gratuit - Guide
- Format factory 32 bit - Télécharger - Conversion & Codecs
34 réponses
Bonjours & Bienvenue sur CCM
essaie ceci :
télécharges smitfraudfix :
En image :
http://siri.urz.free.fr/Fix/SmitfraudFix.php
tu doubles cliques sur smitfraudfix.cmd et tu choisi l option 1
cela vas générer un rapport.
Copie/colle le rapport sur le forum stp.
••RiverToo••
essaie ceci :
télécharges smitfraudfix :
En image :
http://siri.urz.free.fr/Fix/SmitfraudFix.php
tu doubles cliques sur smitfraudfix.cmd et tu choisi l option 1
cela vas générer un rapport.
Copie/colle le rapport sur le forum stp.
••RiverToo••
Je comprend pas pourquoi tu dit pour suivre g!rly ^^
T'essaye de t'incrusté dans ma désinfection lol
••RiverToo••
T'essaye de t'incrusté dans ma désinfection lol
••RiverToo••
Salut ••RiverToo••
Oui c´est un peu pres ca; lol
Notre ami est tres infecté, et vu qu´il n´y a pas beaucoups d´outils compatible sous vista, je me demandais juste comment tu allais faire?!?
@+
Oui c´est un peu pres ca; lol
Notre ami est tres infecté, et vu qu´il n´y a pas beaucoups d´outils compatible sous vista, je me demandais juste comment tu allais faire?!?
@+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Merci alors voila le rapport de smitfraudix.
SmitFraudFix v2.292
Scan done at 12:04:00,60, 21/02/2008
Run from C:\Users\atallice\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Users\atallice\Documents\Setup\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
C:\Program Files\AdvancedCleaner Free\UADCcw.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Users\atallice\Documents\Setup\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIBVE.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\atallice\AppData\Local\itbmqcblci.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32
C:\Windows\system32\systems.txt FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\atallice
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\atallice\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\atallice\FAVORI~1
C:\Users\atallice\FAVORI~1\Online Security Test.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\NetProject\ FOUND !
C:\Program Files\Sotfone\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\KASPER~1\\KASPER~1.0\\r3hook.dll"
"LoadAppInit_DLLs"=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Your computer may be victim of a DNS Hijack: 85.255.x.x detected !
Description: Contrôleur de réseau NVIDIA nForce
DNS Server Search Order: 85.255.116.166
DNS Server Search Order: 85.255.112.90
HKLM\SYSTEM\CCS\Services\Tcpip\..\{68DF39A9-0EBE-4681-BB8B-7704AF7B7C8A}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\..\{68DF39A9-0EBE-4681-BB8B-7704AF7B7C8A}: NameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CS1\Services\Tcpip\..\{68DF39A9-0EBE-4681-BB8B-7704AF7B7C8A}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{68DF39A9-0EBE-4681-BB8B-7704AF7B7C8A}: NameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CS3\Services\Tcpip\..\{68DF39A9-0EBE-4681-BB8B-7704AF7B7C8A}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{68DF39A9-0EBE-4681-BB8B-7704AF7B7C8A}: NameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.116.166 85.255.112.90
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.116.166 85.255.112.90
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.116.166 85.255.112.90
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
J'espere que c bien ca qu'il fallait mettre??
SmitFraudFix v2.292
Scan done at 12:04:00,60, 21/02/2008
Run from C:\Users\atallice\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Users\atallice\Documents\Setup\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
C:\Program Files\AdvancedCleaner Free\UADCcw.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Users\atallice\Documents\Setup\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIBVE.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\atallice\AppData\Local\itbmqcblci.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32
C:\Windows\system32\systems.txt FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\atallice
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\atallice\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\atallice\FAVORI~1
C:\Users\atallice\FAVORI~1\Online Security Test.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\NetProject\ FOUND !
C:\Program Files\Sotfone\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\KASPER~1\\KASPER~1.0\\r3hook.dll"
"LoadAppInit_DLLs"=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Your computer may be victim of a DNS Hijack: 85.255.x.x detected !
Description: Contrôleur de réseau NVIDIA nForce
DNS Server Search Order: 85.255.116.166
DNS Server Search Order: 85.255.112.90
HKLM\SYSTEM\CCS\Services\Tcpip\..\{68DF39A9-0EBE-4681-BB8B-7704AF7B7C8A}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\..\{68DF39A9-0EBE-4681-BB8B-7704AF7B7C8A}: NameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CS1\Services\Tcpip\..\{68DF39A9-0EBE-4681-BB8B-7704AF7B7C8A}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{68DF39A9-0EBE-4681-BB8B-7704AF7B7C8A}: NameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CS3\Services\Tcpip\..\{68DF39A9-0EBE-4681-BB8B-7704AF7B7C8A}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{68DF39A9-0EBE-4681-BB8B-7704AF7B7C8A}: NameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.116.166 85.255.112.90
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.116.166 85.255.112.90
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.116.166 85.255.112.90
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
J'espere que c bien ca qu'il fallait mettre??
Oula vous me foutez la trouille je suis vachement infectée mais c'est pas cool ca.
J'en ai marre des ordi!!!
J'en ai marre des ordi!!!
^^
Ok alors maintenant
* Redémarres le PC en mode sans échec : Au démarrage tu tapotes sur la touche F8 de ton clavier (ou F5 ) et tu choisis le [mode sans échec]
Voir ici si besoin d’aide
windows xp demarrage en mode sans echec
* Ouvre le dossier [SmitfraudFix] et double clic sur Smitfraudfix.cmd, choisit l’option 2 et tu réponds oui à tout.
Copie/colle le rapport sur le forum stp.
ensuite fais les installations et scans cités au <2> .
a+
••RiverToo••
Ok alors maintenant
* Redémarres le PC en mode sans échec : Au démarrage tu tapotes sur la touche F8 de ton clavier (ou F5 ) et tu choisis le [mode sans échec]
Voir ici si besoin d’aide
windows xp demarrage en mode sans echec
* Ouvre le dossier [SmitfraudFix] et double clic sur Smitfraudfix.cmd, choisit l’option 2 et tu réponds oui à tout.
Copie/colle le rapport sur le forum stp.
ensuite fais les installations et scans cités au <2> .
a+
••RiverToo••
Voila le rapport apres demmarage en mode sans echec
SmitFraudFix v2.292
Scan done at 12:20:40,03, 21/02/2008
Run from C:\Users\atallice\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
::1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\Users\atallice\FAVORI~1\Online Security Test.url Deleted
C:\Program Files\NetProject\ Deleted
C:\Program Files\Sotfone\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{68DF39A9-0EBE-4681-BB8B-7704AF7B7C8A}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\..\{68DF39A9-0EBE-4681-BB8B-7704AF7B7C8A}: NameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CS1\Services\Tcpip\..\{68DF39A9-0EBE-4681-BB8B-7704AF7B7C8A}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{68DF39A9-0EBE-4681-BB8B-7704AF7B7C8A}: NameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CS3\Services\Tcpip\..\{68DF39A9-0EBE-4681-BB8B-7704AF7B7C8A}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{68DF39A9-0EBE-4681-BB8B-7704AF7B7C8A}: NameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.116.166 85.255.112.90
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.116.166 85.255.112.90
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.116.166 85.255.112.90
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Reboot
C:\Windows\system32\systems.txt Please, Reboot and Run SmitfraudFix option 2 once again.
»»»»»»»»»»»»»»»»»»»»»»»» End
SmitFraudFix v2.292
Scan done at 12:20:40,03, 21/02/2008
Run from C:\Users\atallice\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
::1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\Users\atallice\FAVORI~1\Online Security Test.url Deleted
C:\Program Files\NetProject\ Deleted
C:\Program Files\Sotfone\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{68DF39A9-0EBE-4681-BB8B-7704AF7B7C8A}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\..\{68DF39A9-0EBE-4681-BB8B-7704AF7B7C8A}: NameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CS1\Services\Tcpip\..\{68DF39A9-0EBE-4681-BB8B-7704AF7B7C8A}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{68DF39A9-0EBE-4681-BB8B-7704AF7B7C8A}: NameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CS3\Services\Tcpip\..\{68DF39A9-0EBE-4681-BB8B-7704AF7B7C8A}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{68DF39A9-0EBE-4681-BB8B-7704AF7B7C8A}: NameServer=85.255.116.166,85.255.112.90
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.116.166 85.255.112.90
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.116.166 85.255.112.90
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.116.166 85.255.112.90
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Reboot
C:\Windows\system32\systems.txt Please, Reboot and Run SmitfraudFix option 2 once again.
»»»»»»»»»»»»»»»»»»»»»»»» End
Si tu penses que tu es encore infecté tu peux télécharger ces 2 utilitaires
ATF CLEANER : http://www.infos-du-net.com/telecharger/ATF-Cleaner,0301-10869.html
( tu l'execute ensuite tu fait select all et empty selected =
et ceci
A squared : https://www.01net.com/telecharger/
Execute le lance la mise à jour !
Ensuite redémarre ton pc et pianote sur F8 (ou F5) pour lancé le mode sans echec une fois lancée lance a squared et fait une analyse details et supprime tout ce qu'il trouve
Tien moi au courant :)
••RiverToo••
ATF CLEANER : http://www.infos-du-net.com/telecharger/ATF-Cleaner,0301-10869.html
( tu l'execute ensuite tu fait select all et empty selected =
et ceci
A squared : https://www.01net.com/telecharger/
Execute le lance la mise à jour !
Ensuite redémarre ton pc et pianote sur F8 (ou F5) pour lancé le mode sans echec une fois lancée lance a squared et fait une analyse details et supprime tout ce qu'il trouve
Tien moi au courant :)
••RiverToo••
Une fois que tu as fait sa tu peux te rendre sur ce site et faire un scan online (ne marche qu'avec IE)
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Fait le scan et post le rapport ici
Merci :)
••RiverToo••
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Fait le scan et post le rapport ici
Merci :)
••RiverToo••
J'ai exactement le meme probleme.
J'ai essaye le "system restore" mais il m'indique qu'aucune modif n'a ete faite sur mon ordi.
J'ai pourtant Norton 360 qui tourne et aprés scan complet, il ne detecte rien.
Plusieurs messages d'alertes s'affiche sur la barre principale gauche me notifiant d'alertes sécuritaires.
Si on clique dessus, il nous propose de télécharger un antivirus!
J'ai été jeter un coup d'oeil dans le panneau de configuration, désinstaller programmes:
En effet je vois apparaitre un prog nommé Web Application, lorsque je click pour désinstaller il me dit qu'il vaut mieux rebooter avant de désinstaller. Au Reboot--> rebelotte
Un autre prog l'accompagne --> Secure Browsing (meme chose que pour Web Application)
J'ai l'impression que le virus a été malicieusement installé par ces sites proposants des antivirus!
Bon je vais essayer de faire plus de recherches et localiser la faille.....
Et dire que j'ai desinstallé Vista, il y a 1 mois pour revenir sur XP. Vraiment pas envie de tout refaire.....sniff, sniff
Merci pour votre aide à ce sujet!
ViirusHater.
J'ai essaye le "system restore" mais il m'indique qu'aucune modif n'a ete faite sur mon ordi.
J'ai pourtant Norton 360 qui tourne et aprés scan complet, il ne detecte rien.
Plusieurs messages d'alertes s'affiche sur la barre principale gauche me notifiant d'alertes sécuritaires.
Si on clique dessus, il nous propose de télécharger un antivirus!
J'ai été jeter un coup d'oeil dans le panneau de configuration, désinstaller programmes:
En effet je vois apparaitre un prog nommé Web Application, lorsque je click pour désinstaller il me dit qu'il vaut mieux rebooter avant de désinstaller. Au Reboot--> rebelotte
Un autre prog l'accompagne --> Secure Browsing (meme chose que pour Web Application)
J'ai l'impression que le virus a été malicieusement installé par ces sites proposants des antivirus!
Bon je vais essayer de faire plus de recherches et localiser la faille.....
Et dire que j'ai desinstallé Vista, il y a 1 mois pour revenir sur XP. Vraiment pas envie de tout refaire.....sniff, sniff
Merci pour votre aide à ce sujet!
ViirusHater.
Bonjour VirusHater,
C´est le topik d´Atallice, alors pour pas tout melanger il serait préférable que tu crée ton propre message sur le forum :
Procèdes comme ceci :
http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm
A bientôt ''
C´est le topik d´Atallice, alors pour pas tout melanger il serait préférable que tu crée ton propre message sur le forum :
Procèdes comme ceci :
http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm
A bientôt ''
Ok desolée j'ai pas pu revenir avant ce matin donc j'ai fais tout ce que vous m'aviez demandé sauf le scan online car ca marche pas je ne c pas pourquoi.
Voila le nouveau rappot hijack...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:03, on 21/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Safe mode
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: e404mgr Class - {8BD4438C-2511-4B93-AD34-2BDCD0FF78D2} - C:\Program Files\Helper\1203089664.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll (file missing)
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
O4 - HKLM\..\Run: [UADCFR_3833461972] "C:\Program Files\AdvancedCleaner Free\UADCcw.exe" -c
O4 - HKLM\..\Run: [AbyssmoClient] C:\Program Files\Common Files\AdvancedCleaner\abhlp.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Users\atallice\Documents\Setup\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_SCC72.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [itbmqcblci] c:\users\atallice\appdata\local\itbmqcblci.exe itbmqcblci
O4 - HKCU\..\Run: [dmhpl.tmp] C:\Windows\system32\dmhpl.tmp
O4 - HKCU\..\Run: [dmphy.tmp] C:\Windows\system32\dmphy.tmp
O4 - HKCU\..\Run: [AbyssmoClient] C:\Program Files\Common Files\AdvancedCleaner\abhlp.exe
O4 - HKCU\..\Run: [dmsni.tmp] C:\Windows\system32\dmsni.tmp
O4 - HKCU\..\Run: [dmjan.tmp] C:\Windows\system32\dmjan.tmp
O4 - HKCU\..\Run: [dmxrw.tmp] C:\Windows\system32\dmxrw.tmp
O4 - HKCU\..\Run: [dmubu.tmp] C:\Windows\system32\dmubu.tmp
O4 - HKCU\..\Run: [dmvgc.tmp] C:\Windows\system32\dmvgc.tmp
O4 - HKCU\..\Run: [dmzax.tmp] C:\Windows\system32\dmzax.tmp
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{68DF39A9-0EBE-4681-BB8B-7704AF7B7C8A}: NameServer = 85.255.116.166,85.255.112.90
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.166 85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.166 85.255.112.90
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Users\atallice\Documents\Setup\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
Voila le nouveau rappot hijack...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:03, on 21/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Safe mode
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: e404mgr Class - {8BD4438C-2511-4B93-AD34-2BDCD0FF78D2} - C:\Program Files\Helper\1203089664.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll (file missing)
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
O4 - HKLM\..\Run: [UADCFR_3833461972] "C:\Program Files\AdvancedCleaner Free\UADCcw.exe" -c
O4 - HKLM\..\Run: [AbyssmoClient] C:\Program Files\Common Files\AdvancedCleaner\abhlp.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Users\atallice\Documents\Setup\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_SCC72.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [itbmqcblci] c:\users\atallice\appdata\local\itbmqcblci.exe itbmqcblci
O4 - HKCU\..\Run: [dmhpl.tmp] C:\Windows\system32\dmhpl.tmp
O4 - HKCU\..\Run: [dmphy.tmp] C:\Windows\system32\dmphy.tmp
O4 - HKCU\..\Run: [AbyssmoClient] C:\Program Files\Common Files\AdvancedCleaner\abhlp.exe
O4 - HKCU\..\Run: [dmsni.tmp] C:\Windows\system32\dmsni.tmp
O4 - HKCU\..\Run: [dmjan.tmp] C:\Windows\system32\dmjan.tmp
O4 - HKCU\..\Run: [dmxrw.tmp] C:\Windows\system32\dmxrw.tmp
O4 - HKCU\..\Run: [dmubu.tmp] C:\Windows\system32\dmubu.tmp
O4 - HKCU\..\Run: [dmvgc.tmp] C:\Windows\system32\dmvgc.tmp
O4 - HKCU\..\Run: [dmzax.tmp] C:\Windows\system32\dmzax.tmp
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{68DF39A9-0EBE-4681-BB8B-7704AF7B7C8A}: NameServer = 85.255.116.166,85.255.112.90
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.166 85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.166 85.255.112.90
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Users\atallice\Documents\Setup\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
Bonjour g!rly,
heureusement que tu es intervenue;
Ceci dit, c'est le premier cas de wareout que je vois sous Vista.
heureusement que tu es intervenue;
Ceci dit, c'est le premier cas de wareout que je vois sous Vista.
Bonsoir atallice, Lyonnais92,
Oui moi aussi c´est le premier wareout que je voie sous vista ?!
atallice,
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message ainsi qu´un nouveau hijack this.
-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
@+
Oui moi aussi c´est le premier wareout que je voie sous vista ?!
atallice,
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message ainsi qu´un nouveau hijack this.
-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
@+
Voila le rapport par contre j ai des soucis maintenant niveau securité donc si quelqu'un connais un moyen de protegé mon ordi correctement vous etes le bien venue
ComboFix 08-02-25.3 - atallice 2008-02-25 18:28:03.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2314 [GMT 1:00]
Endroit: C:\Users\atallice\Documents\Setup\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-25 to 2008-02-25 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-25 17:11 --------- d-----w C:\Program Files\a-squared Free
2008-02-23 09:37 --------- d-----w C:\PROGRA~2\Kaspersky Lab
2008-02-21 11:21 247,852 ----a-w C:\Pass2.cmd
2008-02-21 11:20 4,404 ----a-w C:\Windows\System32\tmp.reg
2008-02-21 10:14 --------- d-----w C:\PROGRA~2\Grisoft
2008-02-21 10:11 --------- d-----w C:\Program Files\Yahoo!
2008-02-18 11:50 --------- d-----w C:\Program Files\Kaspersky Lab
2008-02-18 11:16 --------- d-----w C:\Program Files\Trend Micro
2008-02-18 05:48 --------- d-----w C:\PROGRA~2\Lavasoft
2008-02-18 05:27 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-18 05:27 --------- d-----w C:\PROGRA~2\Symantec
2008-02-17 16:46 --------- d-----w C:\Program Files\Alwil Software
2008-02-17 10:49 --------- d---a-w C:\PROGRA~2\TEMP
2008-02-17 10:44 --------- d-----w C:\Program Files\Common Files\AdvancedCleaner
2008-02-16 18:46 85,504 ----a-w C:\Windows\System32\VACFix.exe
2008-02-15 16:47 --------- d-----w C:\Users\atallice\AppData\Roaming\BitTorrent
2008-02-13 02:08 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-13 02:08 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-13 02:04 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 02:04 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-13 02:04 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-13 02:04 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-13 02:04 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 02:04 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 02:04 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-13 02:04 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-13 02:04 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-13 02:04 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-13 02:04 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-13 02:04 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-13 02:03 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 02:03 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 02:03 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 02:03 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 02:03 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 02:03 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-13 02:01 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 02:01 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 02:01 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 02:01 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-10 14:19 --------- d-----w C:\Program Files\MSN Games
2008-02-08 09:37 82,432 ----a-w C:\Windows\System32\IEDFix.exe
2008-02-02 11:51 394 ----a-w C:\Users\atallice\AppData\Roaming\wklnhst.dat
2008-02-01 20:18 --------- d-----w C:\Users\atallice\AppData\Roaming\Template
2008-02-01 20:15 --------- d-----w C:\PROGRA~2\EPSON
2008-02-01 20:12 --------- d-----w C:\Program Files\epson
2008-02-01 19:45 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-31 22:56 --------- d-----w C:\Users\atallice\AppData\Roaming\Valusoft
2008-01-31 22:56 --------- d-----w C:\Program Files\Hot Dish
2008-01-31 22:56 --------- d-----w C:\PROGRA~2\Valusoft
2008-01-25 22:40 --------- d-----w C:\Program Files\EA GAMES
2008-01-25 22:10 --------- d--h--r C:\Users\atallice\AppData\Roaming\SecuROM
2008-01-24 19:17 --------- d-----w C:\Program Files\Ludiclub
2008-01-22 21:52 --------- d-----w C:\Users\atallice\AppData\Roaming\Zylom
2008-01-22 21:52 --------- d-----w C:\PROGRA~2\Aliasworlds
2008-01-21 08:23 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-01-20 17:00 --------- d-----w C:\PROGRA~2\HipSoft
2008-01-20 16:23 --------- d-----w C:\Program Files\The Witcher
2008-01-20 16:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-20 14:35 278,984 ----a-w C:\Windows\system32\drivers\atksgt.sys
2008-01-13 16:53 25,416 ----a-w C:\Windows\system32\drivers\lirsgt.sys
2008-01-13 16:27 --------- d-----w C:\Program Files\eMule
2008-01-13 12:26 --------- d-----w C:\PROGRA~2\Nero
2008-01-13 12:20 --------- d-----w C:\Users\atallice\AppData\Roaming\InstallShield
2008-01-13 12:19 --------- d-----w C:\PROGRA~2\GamesBar
2008-01-13 12:18 --------- d-----w C:\Program Files\Dealio
2008-01-09 18:33 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-09 18:33 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 18:27 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-09 18:27 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-09 18:27 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-03 18:36 --------- d-----w C:\Program Files\metagenia
2007-12-25 20:19 --------- d-----w C:\Users\atallice\AppData\Roaming\Apple Computer
2007-12-25 20:19 --------- d-----w C:\Program Files\iTunes
2007-12-25 20:18 --------- d-----w C:\Program Files\QuickTime
2007-12-25 20:18 --------- d-----w C:\Program Files\iPod
2007-12-25 20:18 --------- d-----w C:\PROGRA~2\Apple Computer
2007-12-25 20:17 --------- d-----w C:\Program Files\Apple Software Update
2007-12-25 20:15 --------- d-----w C:\Program Files\Common Files\Apple
2007-12-25 20:15 --------- d-----w C:\PROGRA~2\Apple
2007-12-14 02:05 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-14 02:05 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-14 02:05 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-11-14 09:15 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
2007-11-22 21:35 1195360 --a------ C:\Program Files\Search Settings\kb125\SearchSettings.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 19:27 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 00:01 43008]
"EPSON Stylus DX5000 Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.exe" [2006-09-22 04:01 139264]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
"dmhpl.tmp"="C:\Windows\system32\dmhpl.tmp" [ ]
"dmphy.tmp"="C:\Windows\system32\dmphy.tmp" [ ]
"AbyssmoClient"="C:\Program Files\Common Files\AdvancedCleaner\abhlp.exe" [2007-09-27 10:57 270336]
"dmsni.tmp"="C:\Windows\system32\dmsni.tmp" [ ]
"dmjan.tmp"="C:\Windows\system32\dmjan.tmp" [ ]
"dmxrw.tmp"="C:\Windows\system32\dmxrw.tmp" [ ]
"dmubu.tmp"="C:\Windows\system32\dmubu.tmp" [ ]
"dmvgc.tmp"="C:\Windows\system32\dmvgc.tmp" [ ]
"dmzax.tmp"="C:\Windows\system32\dmzax.tmp" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-06-01 23:26 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 14:42 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 11:59 118784]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-15 05:03 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-15 05:03 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-15 05:03 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 16:38 4390912 C:\Windows\RtHDVCpl.exe]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [2007-11-26 12:48 1066336]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"UADCFR_3833461972"="C:\Program Files\AdvancedCleaner Free\UADCcw.exe" [ ]
"AbyssmoClient"="C:\Program Files\Common Files\AdvancedCleaner\abhlp.exe" [2007-09-27 10:57 270336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B00F09F8-9548-4CB9-9741-6BDA41569CA3}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F660E210-DC34-46C8-9AE2-6AC2183A79B9}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E7F6E9CB-20D2-4EED-8955-2D964256B2DE}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{56686027-0004-4165-A703-778731A741AC}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{2ABE54B9-C334-410A-9CE2-E5DAE92382AF}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{3FAAC17F-19FD-4E7A-A1BC-269DB5288ACA}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{2AA4CCBA-8BF5-4D04-930A-A7BF86BD3BE4}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{BA47AA26-F6FB-4517-A078-587D348CDD8F}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{787E8876-8118-48AF-A5D5-FD509D5FC088}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{6077FC54-31FA-4E1D-8F94-2078D6E37BD0}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{82C33149-F716-44CB-B66B-4D25C4D864FA}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{F8315325-C615-4F56-AD7F-2D725FBC1381}C:\program files\bittorrent\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent|Desc=bittorrent
"UDP Query User{9865EF14-523B-4D36-9E42-A958AC9C2C8F}C:\program files\bittorrent\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent|Desc=bittorrent
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-25 18:29:16
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-02-25 18:29:46
ComboFix-quarantined-files.txt 2008-02-25 17:29:43
.
2008-02-15 09:00:01 --- E O F ---
Voila j'attend de vos nouvelles et encore merci
ComboFix 08-02-25.3 - atallice 2008-02-25 18:28:03.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2314 [GMT 1:00]
Endroit: C:\Users\atallice\Documents\Setup\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-25 to 2008-02-25 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-25 17:11 --------- d-----w C:\Program Files\a-squared Free
2008-02-23 09:37 --------- d-----w C:\PROGRA~2\Kaspersky Lab
2008-02-21 11:21 247,852 ----a-w C:\Pass2.cmd
2008-02-21 11:20 4,404 ----a-w C:\Windows\System32\tmp.reg
2008-02-21 10:14 --------- d-----w C:\PROGRA~2\Grisoft
2008-02-21 10:11 --------- d-----w C:\Program Files\Yahoo!
2008-02-18 11:50 --------- d-----w C:\Program Files\Kaspersky Lab
2008-02-18 11:16 --------- d-----w C:\Program Files\Trend Micro
2008-02-18 05:48 --------- d-----w C:\PROGRA~2\Lavasoft
2008-02-18 05:27 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-18 05:27 --------- d-----w C:\PROGRA~2\Symantec
2008-02-17 16:46 --------- d-----w C:\Program Files\Alwil Software
2008-02-17 10:49 --------- d---a-w C:\PROGRA~2\TEMP
2008-02-17 10:44 --------- d-----w C:\Program Files\Common Files\AdvancedCleaner
2008-02-16 18:46 85,504 ----a-w C:\Windows\System32\VACFix.exe
2008-02-15 16:47 --------- d-----w C:\Users\atallice\AppData\Roaming\BitTorrent
2008-02-13 02:08 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-13 02:08 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-13 02:04 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 02:04 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-13 02:04 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-13 02:04 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-13 02:04 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 02:04 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 02:04 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-13 02:04 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-13 02:04 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-13 02:04 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-13 02:04 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-13 02:04 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-13 02:03 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 02:03 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 02:03 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 02:03 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 02:03 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 02:03 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-13 02:01 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 02:01 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 02:01 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 02:01 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-10 14:19 --------- d-----w C:\Program Files\MSN Games
2008-02-08 09:37 82,432 ----a-w C:\Windows\System32\IEDFix.exe
2008-02-02 11:51 394 ----a-w C:\Users\atallice\AppData\Roaming\wklnhst.dat
2008-02-01 20:18 --------- d-----w C:\Users\atallice\AppData\Roaming\Template
2008-02-01 20:15 --------- d-----w C:\PROGRA~2\EPSON
2008-02-01 20:12 --------- d-----w C:\Program Files\epson
2008-02-01 19:45 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-31 22:56 --------- d-----w C:\Users\atallice\AppData\Roaming\Valusoft
2008-01-31 22:56 --------- d-----w C:\Program Files\Hot Dish
2008-01-31 22:56 --------- d-----w C:\PROGRA~2\Valusoft
2008-01-25 22:40 --------- d-----w C:\Program Files\EA GAMES
2008-01-25 22:10 --------- d--h--r C:\Users\atallice\AppData\Roaming\SecuROM
2008-01-24 19:17 --------- d-----w C:\Program Files\Ludiclub
2008-01-22 21:52 --------- d-----w C:\Users\atallice\AppData\Roaming\Zylom
2008-01-22 21:52 --------- d-----w C:\PROGRA~2\Aliasworlds
2008-01-21 08:23 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-01-20 17:00 --------- d-----w C:\PROGRA~2\HipSoft
2008-01-20 16:23 --------- d-----w C:\Program Files\The Witcher
2008-01-20 16:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-20 14:35 278,984 ----a-w C:\Windows\system32\drivers\atksgt.sys
2008-01-13 16:53 25,416 ----a-w C:\Windows\system32\drivers\lirsgt.sys
2008-01-13 16:27 --------- d-----w C:\Program Files\eMule
2008-01-13 12:26 --------- d-----w C:\PROGRA~2\Nero
2008-01-13 12:20 --------- d-----w C:\Users\atallice\AppData\Roaming\InstallShield
2008-01-13 12:19 --------- d-----w C:\PROGRA~2\GamesBar
2008-01-13 12:18 --------- d-----w C:\Program Files\Dealio
2008-01-09 18:33 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-09 18:33 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 18:27 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-09 18:27 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-09 18:27 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-03 18:36 --------- d-----w C:\Program Files\metagenia
2007-12-25 20:19 --------- d-----w C:\Users\atallice\AppData\Roaming\Apple Computer
2007-12-25 20:19 --------- d-----w C:\Program Files\iTunes
2007-12-25 20:18 --------- d-----w C:\Program Files\QuickTime
2007-12-25 20:18 --------- d-----w C:\Program Files\iPod
2007-12-25 20:18 --------- d-----w C:\PROGRA~2\Apple Computer
2007-12-25 20:17 --------- d-----w C:\Program Files\Apple Software Update
2007-12-25 20:15 --------- d-----w C:\Program Files\Common Files\Apple
2007-12-25 20:15 --------- d-----w C:\PROGRA~2\Apple
2007-12-14 02:05 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-14 02:05 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-14 02:05 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-11-14 09:15 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
2007-11-22 21:35 1195360 --a------ C:\Program Files\Search Settings\kb125\SearchSettings.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 19:27 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 00:01 43008]
"EPSON Stylus DX5000 Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.exe" [2006-09-22 04:01 139264]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
"dmhpl.tmp"="C:\Windows\system32\dmhpl.tmp" [ ]
"dmphy.tmp"="C:\Windows\system32\dmphy.tmp" [ ]
"AbyssmoClient"="C:\Program Files\Common Files\AdvancedCleaner\abhlp.exe" [2007-09-27 10:57 270336]
"dmsni.tmp"="C:\Windows\system32\dmsni.tmp" [ ]
"dmjan.tmp"="C:\Windows\system32\dmjan.tmp" [ ]
"dmxrw.tmp"="C:\Windows\system32\dmxrw.tmp" [ ]
"dmubu.tmp"="C:\Windows\system32\dmubu.tmp" [ ]
"dmvgc.tmp"="C:\Windows\system32\dmvgc.tmp" [ ]
"dmzax.tmp"="C:\Windows\system32\dmzax.tmp" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-06-01 23:26 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 14:42 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 11:59 118784]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-15 05:03 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-15 05:03 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-15 05:03 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 16:38 4390912 C:\Windows\RtHDVCpl.exe]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [2007-11-26 12:48 1066336]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"UADCFR_3833461972"="C:\Program Files\AdvancedCleaner Free\UADCcw.exe" [ ]
"AbyssmoClient"="C:\Program Files\Common Files\AdvancedCleaner\abhlp.exe" [2007-09-27 10:57 270336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B00F09F8-9548-4CB9-9741-6BDA41569CA3}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F660E210-DC34-46C8-9AE2-6AC2183A79B9}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E7F6E9CB-20D2-4EED-8955-2D964256B2DE}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{56686027-0004-4165-A703-778731A741AC}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{2ABE54B9-C334-410A-9CE2-E5DAE92382AF}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{3FAAC17F-19FD-4E7A-A1BC-269DB5288ACA}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{2AA4CCBA-8BF5-4D04-930A-A7BF86BD3BE4}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{BA47AA26-F6FB-4517-A078-587D348CDD8F}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{787E8876-8118-48AF-A5D5-FD509D5FC088}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{6077FC54-31FA-4E1D-8F94-2078D6E37BD0}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{82C33149-F716-44CB-B66B-4D25C4D864FA}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{F8315325-C615-4F56-AD7F-2D725FBC1381}C:\program files\bittorrent\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent|Desc=bittorrent
"UDP Query User{9865EF14-523B-4D36-9E42-A958AC9C2C8F}C:\program files\bittorrent\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent|Desc=bittorrent
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-25 18:29:16
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-02-25 18:29:46
ComboFix-quarantined-files.txt 2008-02-25 17:29:43
.
2008-02-15 09:00:01 --- E O F ---
Voila j'attend de vos nouvelles et encore merci
Et voila le nouveau rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:46:02, on 25/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Safe mode
Running processes:
C:\Windows\system32\userinit.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UADCFR_3833461972] "C:\Program Files\AdvancedCleaner Free\UADCcw.exe" -c
O4 - HKLM\..\Run: [AbyssmoClient] C:\Program Files\Common Files\AdvancedCleaner\abhlp.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_SCC72.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [dmhpl.tmp] C:\Windows\system32\dmhpl.tmp
O4 - HKCU\..\Run: [dmphy.tmp] C:\Windows\system32\dmphy.tmp
O4 - HKCU\..\Run: [AbyssmoClient] C:\Program Files\Common Files\AdvancedCleaner\abhlp.exe
O4 - HKCU\..\Run: [dmsni.tmp] C:\Windows\system32\dmsni.tmp
O4 - HKCU\..\Run: [dmjan.tmp] C:\Windows\system32\dmjan.tmp
O4 - HKCU\..\Run: [dmxrw.tmp] C:\Windows\system32\dmxrw.tmp
O4 - HKCU\..\Run: [dmubu.tmp] C:\Windows\system32\dmubu.tmp
O4 - HKCU\..\Run: [dmvgc.tmp] C:\Windows\system32\dmvgc.tmp
O4 - HKCU\..\Run: [dmzax.tmp] C:\Windows\system32\dmzax.tmp
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{68DF39A9-0EBE-4681-BB8B-7704AF7B7C8A}: NameServer = 85.255.116.166,85.255.112.90
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.166 85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.166 85.255.112.90
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:46:02, on 25/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Safe mode
Running processes:
C:\Windows\system32\userinit.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UADCFR_3833461972] "C:\Program Files\AdvancedCleaner Free\UADCcw.exe" -c
O4 - HKLM\..\Run: [AbyssmoClient] C:\Program Files\Common Files\AdvancedCleaner\abhlp.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_SCC72.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [dmhpl.tmp] C:\Windows\system32\dmhpl.tmp
O4 - HKCU\..\Run: [dmphy.tmp] C:\Windows\system32\dmphy.tmp
O4 - HKCU\..\Run: [AbyssmoClient] C:\Program Files\Common Files\AdvancedCleaner\abhlp.exe
O4 - HKCU\..\Run: [dmsni.tmp] C:\Windows\system32\dmsni.tmp
O4 - HKCU\..\Run: [dmjan.tmp] C:\Windows\system32\dmjan.tmp
O4 - HKCU\..\Run: [dmxrw.tmp] C:\Windows\system32\dmxrw.tmp
O4 - HKCU\..\Run: [dmubu.tmp] C:\Windows\system32\dmubu.tmp
O4 - HKCU\..\Run: [dmvgc.tmp] C:\Windows\system32\dmvgc.tmp
O4 - HKCU\..\Run: [dmzax.tmp] C:\Windows\system32\dmzax.tmp
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{68DF39A9-0EBE-4681-BB8B-7704AF7B7C8A}: NameServer = 85.255.116.166,85.255.112.90
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.166 85.255.112.90
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.166 85.255.112.90
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
