Redoutable trojan
Darac
-
jfkpresident Messages postés 13877 Statut Contributeur sécurité -
jfkpresident Messages postés 13877 Statut Contributeur sécurité -
Bonjour,
Je pense que mon ordinateur est touché par un redoutable trojan.
J'ai installé:
- spybot avec les résultats suivants:
Mircrosoft.WindowsSecurityCenter.TaskManager (4)
Microsoft.Windows.AppFirewallBypass (30)
Microsoft.Windows.Explorer (4)
Microsoft.WindowsSecurityCenter.RegistryTools (4)
Microsoft.WindowsSecurityCenter.TaskManager (1)
PWS.LDPinchIE (3)
Virtumonde (13)
Win32.Tiny.abk (5)
Spy bot parvient a détruire tous ces intrus sauf Virtumonde et PWS.LDPinchIE.
- ad-aware: j'arrive a le lancer mais au début de l'analyse un écran bleu apparait indiquant une erreur windows que je n'ai meme pas le temps de lire, l'ordinateur s'éteignant.
- bit defender: trouve de nombreux intrus mais est seulement capable de les déplacer.
J'ai donc télécharger Hijackthis avec les résultats suivants:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:39:12, on 1.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\savedump.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
E:\WINDOWS\Explorer.exe
E:\WINDOWS\system32\drivers\spools.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files\Winamp\winampa.exe
E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
E:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
E:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
E:\Program Files\Labtec\WebCam10\WebCam10.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\DOCUME~1\DARKOI~1\LOCALS~1\Temp\winlogan.exe
E:\WINDOWS\mmall.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\WINDOWS\mmall.exe
E:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
E:\Documents and Settings\Darko i\Local Settings\Application Data\cftmon.exe
E:\Documents and Settings\Darko i\Local Settings\Application Data\cftmon.exe
E:\Documents and Settings\Darko i\Local Settings\Application Data\cftmon.exe
E:\WINDOWS\system32\agrsmsvc.exe
E:\WINDOWS\system32\bgsvcgen.exe
E:\WINDOWS\System32\CcEvtSvc.exe
E:\Documents and Settings\Darko i\Local Settings\Application Data\cftmon.exe
E:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
E:\Program Files\CyberLink\Shared Files\RichVideo.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
E:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
E:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\Softwin\BitDefender10\vsserv.exe
E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
E:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
E:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
E:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
E:\DOCUME~1\DARKOI~1\LOCALS~1\Temp\lsass.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\mmoc2.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\WINDOWS\mmhr3.exe
E:\WINDOWS\mmmega.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://net.hr/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REGystem.ini: Shell=Explorer.exe E:\WINDOWS\shell.exe
F3 - REGin.ini: run=E:\WINDOWS\mmall.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E} - (no file)
O2 - BHO: (no name) - {6F87F145-DC2D-4766-AF03-3A3B96FFAD98} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O2 - BHO: WindowsUpdate Class - {B3B010A1-A877-4CD7-BAB5-9EE8F9965E20} - E:\DOCUME~1\DARKOI~1\LOCALS~1\Temp\ieobj.dll
O2 - BHO: E:\WINDOWS\system32\Jfs9jg.dll - {B5AC49A2-94F2-42BD-F434-2604812C897D} - E:\WINDOWS\system32\Jfs9jg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "E:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ATICCC] "E:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] E:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [BSplayer_WhenUSave_Installer] E:\Program Files\BSplayer_WhenUSave_Installer\BSplayer_WhenUS ave_Installer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "E:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "E:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [jkdfj94kgdftdf] E:\DOCUME~1\DARKOI~1\LOCALS~1\Temp\winlogan.exe
O4 - HKLM\..\Run: [autoload] E:\Documents and Settings\Darko i\Local Settings\Application Data\cftmon.exe
O4 - HKLM\..\Run: [ntuser] E:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [advap32] "E:\DOCUME~1\DARKOI~1\LOCALS~1\Temp\loader.exe " /r
O4 - HKLM\..\Run: [AVSystemCare] E:\Program Files\AVSystemCare\pgs.exe
O4 - HKLM\..\Run: [ugac] "E:\PROGRA~1\COMMON~1\AVSYST~1\ugac.exe" -start
O4 - HKLM\..\Run: [bm] "E:\Program Files\Common Files\AVSystemCare\bm.exe" dm=https://avsystemcare.com/ ad=https://avsystemcare.com/ sd=http://ykeeper.avsystemcare.com
O4 - HKLM\..\Run: [Microsoft all] E:\WINDOWS\mmall.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingC5830] cmd /c del "E:\WINDOWS\system32\printer.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [OM_Monitor] E:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ISUSPM] "E:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [jkdfj94kgdftdf] E:\DOCUME~1\DARKOI~1\LOCALS~1\Temp\winlogan.exe
O4 - HKCU\..\Run: [Gsfjefefue9fidjfod] E:\DOCUME~1\DARKOI~1\LOCALS~1\Temp\lsass.exe
O4 - HKCU\..\Run: [ntuser] E:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spoolsv] E:\WINDOWS\system32\spoolvs.exe
O4 - HKCU\..\Run: [autoload] E:\Documents and Settings\Darko i\Local Settings\Application Data\cftmon.exe
O4 - HKCU\..\Run: [Microsoft all] E:\WINDOWS\mmall.exe
O4 - HKCU\..\Run: [PC Suite Tray] "E:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\RunOnce: [SpybotDeletingB8914] command /c del "E:\WINDOWS\system32\spoolvs.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1342] cmd /c del "E:\WINDOWS\system32\spoolvs.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2162] cmd /c del "E:\WINDOWS\system32\printer.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5278] command /c del "E:\DOCUME~1\DARKOI~1\LOCALS~1\Temp\winlogon.e xe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2] cmd /c del "E:\DOCUME~1\DARKOI~1\LOCALS~1\Temp\winlogon.e xe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Gsfjefefue9fidjfod] E:\WINDOWS\TEMP\lsass.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autoload] E:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: WLCtrl32 - E:\WINDOWS\SYSTEM32\WLCtrl32.dll
O21 - SSODL: ChkAvp - {e9495a0e-ed72-4de8-a2d8-d16f4d6dca28} - E:\WINDOWS\Installer\{e9495a0e-ed72-4de8-a2d8-d16f4d6dca28}\ChkAvp.dll
O21 - SSODL: WGwyeQ - {43BF93F7-E915-395D-3409-4E9E6B75CCCD} - (no file)
O21 - SSODL: UnknownKernel - {6c5f01bf-effd-4b02-9ca8-0f93d664f03a} - E:\WINDOWS\Installer\{6c5f01bf-effd-4b02-9ca8-0f93d664f03a}\UnknownKernel.dll
O21 - SSODL: zip - {a0b27379-54b5-4655-ab6c-270621550f28} - E:\WINDOWS\Installer\{a0b27379-54b5-4655-ab6c-270621550f28}\zip.dll
O21 - SSODL: CDKernel - {6ba6007e-2209-4d3a-9812-c946df74e79e} - E:\WINDOWS\Installer\{6ba6007e-2209-4d3a-9812-c946df74e79e}\CDKernel.dll
O22 - SharedTaskScheduler: sklfc94krteetj - {B5AC49A2-94F2-42BD-F434-2604812C897D} - E:\WINDOWS\system32\Jfs9jg.dll
O22 - SharedTaskScheduler: JKhfj3ofgfgdtj - {B5AF0562-94F3-42BD-F434-2604812C797D} - (no file)
O22 - SharedTaskScheduler: Windows Installer Class - {24E31EA9-FCE2-404F-BD80-20543565D946} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - E:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - E:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - E:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: CcEvtSvc - Unknown owner - E:\WINDOWS\System32\CcEvtSvc.exe
O23 - Service: FCI - Unknown owner - E:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: Google Online Search Service - Unknown owner - E:\WINDOWS\system32\winlagan.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - E:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - E:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - E:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - E:\WINDOWS\system32\drivers\spools.exe
O23 - Service: ServiceLayer - Nokia. - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - E:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - E:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
Je pense que mon ordinateur est touché par un redoutable trojan.
J'ai installé:
- spybot avec les résultats suivants:
Mircrosoft.WindowsSecurityCenter.TaskManager (4)
Microsoft.Windows.AppFirewallBypass (30)
Microsoft.Windows.Explorer (4)
Microsoft.WindowsSecurityCenter.RegistryTools (4)
Microsoft.WindowsSecurityCenter.TaskManager (1)
PWS.LDPinchIE (3)
Virtumonde (13)
Win32.Tiny.abk (5)
Spy bot parvient a détruire tous ces intrus sauf Virtumonde et PWS.LDPinchIE.
- ad-aware: j'arrive a le lancer mais au début de l'analyse un écran bleu apparait indiquant une erreur windows que je n'ai meme pas le temps de lire, l'ordinateur s'éteignant.
- bit defender: trouve de nombreux intrus mais est seulement capable de les déplacer.
J'ai donc télécharger Hijackthis avec les résultats suivants:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:39:12, on 1.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\savedump.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
E:\WINDOWS\Explorer.exe
E:\WINDOWS\system32\drivers\spools.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files\Winamp\winampa.exe
E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
E:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
E:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
E:\Program Files\Labtec\WebCam10\WebCam10.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\DOCUME~1\DARKOI~1\LOCALS~1\Temp\winlogan.exe
E:\WINDOWS\mmall.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\WINDOWS\mmall.exe
E:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
E:\Documents and Settings\Darko i\Local Settings\Application Data\cftmon.exe
E:\Documents and Settings\Darko i\Local Settings\Application Data\cftmon.exe
E:\Documents and Settings\Darko i\Local Settings\Application Data\cftmon.exe
E:\WINDOWS\system32\agrsmsvc.exe
E:\WINDOWS\system32\bgsvcgen.exe
E:\WINDOWS\System32\CcEvtSvc.exe
E:\Documents and Settings\Darko i\Local Settings\Application Data\cftmon.exe
E:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
E:\Program Files\CyberLink\Shared Files\RichVideo.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
E:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
E:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\Softwin\BitDefender10\vsserv.exe
E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
E:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
E:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
E:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
E:\DOCUME~1\DARKOI~1\LOCALS~1\Temp\lsass.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\mmoc2.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\WINDOWS\mmhr3.exe
E:\WINDOWS\mmmega.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://net.hr/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REGystem.ini: Shell=Explorer.exe E:\WINDOWS\shell.exe
F3 - REGin.ini: run=E:\WINDOWS\mmall.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E} - (no file)
O2 - BHO: (no name) - {6F87F145-DC2D-4766-AF03-3A3B96FFAD98} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O2 - BHO: WindowsUpdate Class - {B3B010A1-A877-4CD7-BAB5-9EE8F9965E20} - E:\DOCUME~1\DARKOI~1\LOCALS~1\Temp\ieobj.dll
O2 - BHO: E:\WINDOWS\system32\Jfs9jg.dll - {B5AC49A2-94F2-42BD-F434-2604812C897D} - E:\WINDOWS\system32\Jfs9jg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "E:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ATICCC] "E:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] E:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [BSplayer_WhenUSave_Installer] E:\Program Files\BSplayer_WhenUSave_Installer\BSplayer_WhenUS ave_Installer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "E:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "E:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [jkdfj94kgdftdf] E:\DOCUME~1\DARKOI~1\LOCALS~1\Temp\winlogan.exe
O4 - HKLM\..\Run: [autoload] E:\Documents and Settings\Darko i\Local Settings\Application Data\cftmon.exe
O4 - HKLM\..\Run: [ntuser] E:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [advap32] "E:\DOCUME~1\DARKOI~1\LOCALS~1\Temp\loader.exe " /r
O4 - HKLM\..\Run: [AVSystemCare] E:\Program Files\AVSystemCare\pgs.exe
O4 - HKLM\..\Run: [ugac] "E:\PROGRA~1\COMMON~1\AVSYST~1\ugac.exe" -start
O4 - HKLM\..\Run: [bm] "E:\Program Files\Common Files\AVSystemCare\bm.exe" dm=https://avsystemcare.com/ ad=https://avsystemcare.com/ sd=http://ykeeper.avsystemcare.com
O4 - HKLM\..\Run: [Microsoft all] E:\WINDOWS\mmall.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingC5830] cmd /c del "E:\WINDOWS\system32\printer.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [OM_Monitor] E:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ISUSPM] "E:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [jkdfj94kgdftdf] E:\DOCUME~1\DARKOI~1\LOCALS~1\Temp\winlogan.exe
O4 - HKCU\..\Run: [Gsfjefefue9fidjfod] E:\DOCUME~1\DARKOI~1\LOCALS~1\Temp\lsass.exe
O4 - HKCU\..\Run: [ntuser] E:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spoolsv] E:\WINDOWS\system32\spoolvs.exe
O4 - HKCU\..\Run: [autoload] E:\Documents and Settings\Darko i\Local Settings\Application Data\cftmon.exe
O4 - HKCU\..\Run: [Microsoft all] E:\WINDOWS\mmall.exe
O4 - HKCU\..\Run: [PC Suite Tray] "E:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\RunOnce: [SpybotDeletingB8914] command /c del "E:\WINDOWS\system32\spoolvs.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1342] cmd /c del "E:\WINDOWS\system32\spoolvs.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2162] cmd /c del "E:\WINDOWS\system32\printer.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5278] command /c del "E:\DOCUME~1\DARKOI~1\LOCALS~1\Temp\winlogon.e xe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2] cmd /c del "E:\DOCUME~1\DARKOI~1\LOCALS~1\Temp\winlogon.e xe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Gsfjefefue9fidjfod] E:\WINDOWS\TEMP\lsass.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autoload] E:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: WLCtrl32 - E:\WINDOWS\SYSTEM32\WLCtrl32.dll
O21 - SSODL: ChkAvp - {e9495a0e-ed72-4de8-a2d8-d16f4d6dca28} - E:\WINDOWS\Installer\{e9495a0e-ed72-4de8-a2d8-d16f4d6dca28}\ChkAvp.dll
O21 - SSODL: WGwyeQ - {43BF93F7-E915-395D-3409-4E9E6B75CCCD} - (no file)
O21 - SSODL: UnknownKernel - {6c5f01bf-effd-4b02-9ca8-0f93d664f03a} - E:\WINDOWS\Installer\{6c5f01bf-effd-4b02-9ca8-0f93d664f03a}\UnknownKernel.dll
O21 - SSODL: zip - {a0b27379-54b5-4655-ab6c-270621550f28} - E:\WINDOWS\Installer\{a0b27379-54b5-4655-ab6c-270621550f28}\zip.dll
O21 - SSODL: CDKernel - {6ba6007e-2209-4d3a-9812-c946df74e79e} - E:\WINDOWS\Installer\{6ba6007e-2209-4d3a-9812-c946df74e79e}\CDKernel.dll
O22 - SharedTaskScheduler: sklfc94krteetj - {B5AC49A2-94F2-42BD-F434-2604812C897D} - E:\WINDOWS\system32\Jfs9jg.dll
O22 - SharedTaskScheduler: JKhfj3ofgfgdtj - {B5AF0562-94F3-42BD-F434-2604812C797D} - (no file)
O22 - SharedTaskScheduler: Windows Installer Class - {24E31EA9-FCE2-404F-BD80-20543565D946} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - E:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - E:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - E:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: CcEvtSvc - Unknown owner - E:\WINDOWS\System32\CcEvtSvc.exe
O23 - Service: FCI - Unknown owner - E:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: Google Online Search Service - Unknown owner - E:\WINDOWS\system32\winlagan.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - E:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - E:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - E:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - E:\WINDOWS\system32\drivers\spools.exe
O23 - Service: ServiceLayer - Nokia. - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - E:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - E:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
A voir également:
- Redoutable trojan
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Anti trojan - Télécharger - Antivirus & Antimalwares
- Virus trojan al11 ✓ - Forum Virus
- Csrss.exe trojan fr ✓ - Forum Virus
- Trojan win32 - Forum Virus
7 réponses
Au passage, le message selon lequel Windows ne parvient pas a trouver "windows/shell.exe". s'affiche au démarrage.
salut, ouahhh que d'infections !!
pour commencer:
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le scrïpt.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
met ton explorer a jour:https://support.microsoft.com/en-us/office/internet-explorer-help-23360e49-9cd3-4dda-ba52-705336cc0de2?ui=en-US&rs=en-001&ad=US
pour commencer:
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le scrïpt.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
met ton explorer a jour:https://support.microsoft.com/en-us/office/internet-explorer-help-23360e49-9cd3-4dda-ba52-705336cc0de2?ui=en-US&rs=en-001&ad=US
salut JFK!
Merci pour ton aide. Voici le rapport SDFix, le log Hijackthis suit:
[b]SDFix: Version 1.150 [/b]
Run by Darko i on sub 01.03.2008 at 16:42
Microsoft Windows XP [Version 5.1.2600]
Running From: E:\DOCUME~1\DARKOI~1\Desktop\SDFix
[b]Checking Services [/b]:
Name:
CcEvtSvc
dhlp
FCI
hipsrv
Path:
%SystemRoot%\System32\CcEvtSvc.exe -k netsvcs
System32\Drivers\dhlp.sys
E:\WINDOWS\system32\svchost.exe:ext.exe
\??\E:\WINDOWS\system\hipsrv.mm
CcEvtSvc - Deleted
dhlp - Deleted
FCI - Deleted
hipsrv - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
E:\WINDOWS\Installer\{e9495a0e-ed72-4de8-a2d8-d16f4d6dca28}\ChkAvp.dll - Deleted
E:\WINDOWS\Installer\{6c5f01bf-effd-4b02-9ca8-0f93d664f03a}\UnknownKernel.dll - Deleted
E:\WINDOWS\Installer\{6ba6007e-2209-4d3a-9812-c946df74e79e}\CDKernel.dll - Deleted
E:\WINDOWS\SYSTEM32\TPQGGRAT.TMP - Deleted
E:\DOCUME~1\ALLUSE~1\DOCUME~1\SETTINGS\CONFIG.INI - Deleted
E:\Program Files\tmp36961750.exe - Deleted
E:\Program Files\tmp36966250.exe - Deleted
E:\Program Files\tmp36968953.exe - Deleted
E:\Program Files\tmp36974640.exe - Deleted
E:\Program Files\tmp432328.exe - Deleted
E:\Program Files\tmp432359.exe - Deleted
E:\Program Files\tmp433703.exe - Deleted
E:\Program Files\tmp435109.exe - Deleted
E:\Program Files\tmp437703.exe - Deleted
E:\Program Files\tmp439093.exe - Deleted
E:\Program Files\tmp439937.exe - Deleted
E:\Documents and Settings\Darko i\~tmp1174.exe - Deleted
E:\WINDOWS\mmall.exe - Deleted
E:\WINDOWS\system32\CcEvtSvc.exe - Deleted
E:\WINDOWS\system32\msvcrtd.exe - Deleted
E:\WINDOWS\system\hipsrv.mm - Deleted
Folder E:\WINDOWS\Installer\{e9495a0e-ed72-4de8-a2d8-d16f4d6dca28} - Removed
Folder E:\WINDOWS\Installer\{6c5f01bf-effd-4b02-9ca8-0f93d664f03a} - Removed
Folder E:\WINDOWS\Installer\{6ba6007e-2209-4d3a-9812-c946df74e79e} - Removed
Folder E:\Documents and Settings\All Users\Application Data\SalesMon - Removed
Folder E:\Documents and Settings\All Users\Documents\Settings - Removed
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-01 16:59:54
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:ec,f5,b7,9f,b8,5b,5c,05,66,f3,bc,ea,e2,2f,10,af,ed,58,4c,12,17,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:d4,d9,5e,69,c0,12,d2,eb,49,57,0d,19,6b,38,c1,3e,af,eb,db,1c,28,..
"d0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:62,9b,99,af,58,04,d9,ff,03,63,9d,08,4d,02,70,9c,ab,69,8a,a4,a2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Vdg20]
"Type"=dword:00000001
"Tag"=dword:00000001
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0SmartCardGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS Transactions\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:ec,f5,b7,9f,b8,5b,5c,05,66,f3,bc,ea,e2,2f,10,af,ed,58,4c,12,17,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:d4,d9,5e,69,c0,12,d2,eb,49,57,0d,19,6b,38,c1,3e,af,eb,db,1c,28,..
"d0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:62,9b,99,af,58,04,d9,ff,03,63,9d,08,4d,02,70,9c,ab,69,8a,a4,a2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Vdg20]
"Type"=dword:00000001
"Tag"=dword:00000001
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0SmartCardGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS Transactions\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:ec,f5,b7,9f,b8,5b,5c,05,66,f3,bc,ea,e2,2f,10,af,ed,58,4c,12,17,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:d4,d9,5e,69,c0,12,d2,eb,49,57,0d,19,6b,38,c1,3e,af,eb,db,1c,28,..
"d0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:62,9b,99,af,58,04,d9,ff,03,63,9d,08,4d,02,70,9c,ab,69,8a,a4,a2,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vdg20]
"Type"=dword:00000001
"Tag"=dword:00000001
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0SmartCardGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS Transactions\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:ec,f5,b7,9f,b8,5b,5c,05,66,f3,bc,ea,e2,2f,10,af,ed,58,4c,12,17,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:d4,d9,5e,69,c0,12,d2,eb,49,57,0d,19,6b,38,c1,3e,af,eb,db,1c,28,..
"d0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:62,9b,99,af,58,04,d9,ff,03,63,9d,08,4d,02,70,9c,ab,69,8a,a4,a2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Vdg20]
"Type"=dword:00000001
"Tag"=dword:00000001
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0SmartCardGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS Transactions\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\D\n\21]
"DisplayName"="\xb973\x7792"
"DeviceDesc"="\xb973\x7792"
"ProviderName"="\x27fc\21\xee18\x7c90\x286c\21\b"
"MFG"="\xc1bf\b\xe12b\x1803\x4d8"
"ReinstallString"=".10.1000.7"
"DeviceInstanceIds"=str(7):"e:\docume~1\darkoi~1\locals~1\temp\rar$ex00.265\sbdrv\smbus\smbusati.inf"
scanning hidden files ...
E:\WINDOWS\system32\drivers\Vdg20.sys 143872 bytes executable
scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 149
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[b]Remaining Files [/b]:
File Backups: - E:\DOCUME~1\DARKOI~1\Desktop\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Thu 7 Feb 2008 24 ..SH. --- "E:\WINDOWS\S6A1793E1.tmp"
Sat 1 Mar 2008 23,146 ..SHR --- "E:\WINDOWS\Installer\{1ad4721e-1459-45e5-a734-33b1e9675ce1}\zip.dll"
Sat 1 Mar 2008 23,198 ..SHR --- "E:\WINDOWS\Installer\{21b389d2-7f68-4bba-878a-d7e123973e93}\zip.dll"
Sat 1 Mar 2008 23,122 ..SHR --- "E:\WINDOWS\Installer\{7aae8ce9-cb6f-4263-ae83-5f1c2837fcb1}\zip.dll"
Sat 1 Mar 2008 23,138 ..SHR --- "E:\WINDOWS\Installer\{a0b27379-54b5-4655-ab6c-270621550f28}\zip.dll"
Fri 29 Feb 2008 23,246 ..SHR --- "E:\WINDOWS\Installer\{d804138a-41ac-4eb7-84a7-dda38710e0f8}\zip.dll"
Fri 29 Feb 2008 23,298 ..SHR --- "E:\WINDOWS\Installer\{e4d81f37-0228-46e3-8c58-149b40ea30fa}\zip.dll"
Wed 27 Jun 2007 493,056 ...H. --- "E:\Documents and Settings\Darko i\Application Data\Microsoft\Word\~WRL0003.tmp"
Sat 9 Jun 2007 4,710,912 ...H. --- "E:\Documents and Settings\Darko i\Application Data\Microsoft\Word\~WRL0004.tmp"
Sat 9 Jun 2007 4,710,400 ...H. --- "E:\Documents and Settings\Darko i\Application Data\Microsoft\Word\~WRL0253.tmp"
Thu 30 Aug 2007 301,568 ...H. --- "E:\Documents and Settings\Darko i\Application Data\Microsoft\Word\~WRL0667.tmp"
Sat 9 Jun 2007 4,710,400 ...H. --- "E:\Documents and Settings\Darko i\Application Data\Microsoft\Word\~WRL1094.tmp"
Thu 30 Aug 2007 276,992 ...H. --- "E:\Documents and Settings\Darko i\Application Data\Microsoft\Word\~WRL1560.tmp"
Fri 8 Jun 2007 4,732,928 ...H. --- "E:\Documents and Settings\Darko i\Application Data\Microsoft\Word\~WRL2393.tmp"
Sat 9 Jun 2007 4,710,912 ...H. --- "E:\Documents and Settings\Darko i\Application Data\Microsoft\Word\~WRL3547.tmp"
Fri 29 Feb 2008 10,000 ...H. --- "E:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\Jfs9jg.dll"
Fri 29 Feb 2008 14,336 ...H. --- "E:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\svchost.exe"
[b]Finished![/b]
Merci pour ton aide. Voici le rapport SDFix, le log Hijackthis suit:
[b]SDFix: Version 1.150 [/b]
Run by Darko i on sub 01.03.2008 at 16:42
Microsoft Windows XP [Version 5.1.2600]
Running From: E:\DOCUME~1\DARKOI~1\Desktop\SDFix
[b]Checking Services [/b]:
Name:
CcEvtSvc
dhlp
FCI
hipsrv
Path:
%SystemRoot%\System32\CcEvtSvc.exe -k netsvcs
System32\Drivers\dhlp.sys
E:\WINDOWS\system32\svchost.exe:ext.exe
\??\E:\WINDOWS\system\hipsrv.mm
CcEvtSvc - Deleted
dhlp - Deleted
FCI - Deleted
hipsrv - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
E:\WINDOWS\Installer\{e9495a0e-ed72-4de8-a2d8-d16f4d6dca28}\ChkAvp.dll - Deleted
E:\WINDOWS\Installer\{6c5f01bf-effd-4b02-9ca8-0f93d664f03a}\UnknownKernel.dll - Deleted
E:\WINDOWS\Installer\{6ba6007e-2209-4d3a-9812-c946df74e79e}\CDKernel.dll - Deleted
E:\WINDOWS\SYSTEM32\TPQGGRAT.TMP - Deleted
E:\DOCUME~1\ALLUSE~1\DOCUME~1\SETTINGS\CONFIG.INI - Deleted
E:\Program Files\tmp36961750.exe - Deleted
E:\Program Files\tmp36966250.exe - Deleted
E:\Program Files\tmp36968953.exe - Deleted
E:\Program Files\tmp36974640.exe - Deleted
E:\Program Files\tmp432328.exe - Deleted
E:\Program Files\tmp432359.exe - Deleted
E:\Program Files\tmp433703.exe - Deleted
E:\Program Files\tmp435109.exe - Deleted
E:\Program Files\tmp437703.exe - Deleted
E:\Program Files\tmp439093.exe - Deleted
E:\Program Files\tmp439937.exe - Deleted
E:\Documents and Settings\Darko i\~tmp1174.exe - Deleted
E:\WINDOWS\mmall.exe - Deleted
E:\WINDOWS\system32\CcEvtSvc.exe - Deleted
E:\WINDOWS\system32\msvcrtd.exe - Deleted
E:\WINDOWS\system\hipsrv.mm - Deleted
Folder E:\WINDOWS\Installer\{e9495a0e-ed72-4de8-a2d8-d16f4d6dca28} - Removed
Folder E:\WINDOWS\Installer\{6c5f01bf-effd-4b02-9ca8-0f93d664f03a} - Removed
Folder E:\WINDOWS\Installer\{6ba6007e-2209-4d3a-9812-c946df74e79e} - Removed
Folder E:\Documents and Settings\All Users\Application Data\SalesMon - Removed
Folder E:\Documents and Settings\All Users\Documents\Settings - Removed
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-01 16:59:54
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:ec,f5,b7,9f,b8,5b,5c,05,66,f3,bc,ea,e2,2f,10,af,ed,58,4c,12,17,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:d4,d9,5e,69,c0,12,d2,eb,49,57,0d,19,6b,38,c1,3e,af,eb,db,1c,28,..
"d0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:62,9b,99,af,58,04,d9,ff,03,63,9d,08,4d,02,70,9c,ab,69,8a,a4,a2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Vdg20]
"Type"=dword:00000001
"Tag"=dword:00000001
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0SmartCardGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS Transactions\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:ec,f5,b7,9f,b8,5b,5c,05,66,f3,bc,ea,e2,2f,10,af,ed,58,4c,12,17,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:d4,d9,5e,69,c0,12,d2,eb,49,57,0d,19,6b,38,c1,3e,af,eb,db,1c,28,..
"d0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:62,9b,99,af,58,04,d9,ff,03,63,9d,08,4d,02,70,9c,ab,69,8a,a4,a2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Vdg20]
"Type"=dword:00000001
"Tag"=dword:00000001
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0SmartCardGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS Transactions\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:ec,f5,b7,9f,b8,5b,5c,05,66,f3,bc,ea,e2,2f,10,af,ed,58,4c,12,17,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:d4,d9,5e,69,c0,12,d2,eb,49,57,0d,19,6b,38,c1,3e,af,eb,db,1c,28,..
"d0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:62,9b,99,af,58,04,d9,ff,03,63,9d,08,4d,02,70,9c,ab,69,8a,a4,a2,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vdg20]
"Type"=dword:00000001
"Tag"=dword:00000001
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0SmartCardGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS Transactions\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:ec,f5,b7,9f,b8,5b,5c,05,66,f3,bc,ea,e2,2f,10,af,ed,58,4c,12,17,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:d4,d9,5e,69,c0,12,d2,eb,49,57,0d,19,6b,38,c1,3e,af,eb,db,1c,28,..
"d0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:62,9b,99,af,58,04,d9,ff,03,63,9d,08,4d,02,70,9c,ab,69,8a,a4,a2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Vdg20]
"Type"=dword:00000001
"Tag"=dword:00000001
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0SmartCardGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0MS Transactions\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\D\n\21]
"DisplayName"="\xb973\x7792"
"DeviceDesc"="\xb973\x7792"
"ProviderName"="\x27fc\21\xee18\x7c90\x286c\21\b"
"MFG"="\xc1bf\b\xe12b\x1803\x4d8"
"ReinstallString"=".10.1000.7"
"DeviceInstanceIds"=str(7):"e:\docume~1\darkoi~1\locals~1\temp\rar$ex00.265\sbdrv\smbus\smbusati.inf"
scanning hidden files ...
E:\WINDOWS\system32\drivers\Vdg20.sys 143872 bytes executable
scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 149
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[b]Remaining Files [/b]:
File Backups: - E:\DOCUME~1\DARKOI~1\Desktop\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Thu 7 Feb 2008 24 ..SH. --- "E:\WINDOWS\S6A1793E1.tmp"
Sat 1 Mar 2008 23,146 ..SHR --- "E:\WINDOWS\Installer\{1ad4721e-1459-45e5-a734-33b1e9675ce1}\zip.dll"
Sat 1 Mar 2008 23,198 ..SHR --- "E:\WINDOWS\Installer\{21b389d2-7f68-4bba-878a-d7e123973e93}\zip.dll"
Sat 1 Mar 2008 23,122 ..SHR --- "E:\WINDOWS\Installer\{7aae8ce9-cb6f-4263-ae83-5f1c2837fcb1}\zip.dll"
Sat 1 Mar 2008 23,138 ..SHR --- "E:\WINDOWS\Installer\{a0b27379-54b5-4655-ab6c-270621550f28}\zip.dll"
Fri 29 Feb 2008 23,246 ..SHR --- "E:\WINDOWS\Installer\{d804138a-41ac-4eb7-84a7-dda38710e0f8}\zip.dll"
Fri 29 Feb 2008 23,298 ..SHR --- "E:\WINDOWS\Installer\{e4d81f37-0228-46e3-8c58-149b40ea30fa}\zip.dll"
Wed 27 Jun 2007 493,056 ...H. --- "E:\Documents and Settings\Darko i\Application Data\Microsoft\Word\~WRL0003.tmp"
Sat 9 Jun 2007 4,710,912 ...H. --- "E:\Documents and Settings\Darko i\Application Data\Microsoft\Word\~WRL0004.tmp"
Sat 9 Jun 2007 4,710,400 ...H. --- "E:\Documents and Settings\Darko i\Application Data\Microsoft\Word\~WRL0253.tmp"
Thu 30 Aug 2007 301,568 ...H. --- "E:\Documents and Settings\Darko i\Application Data\Microsoft\Word\~WRL0667.tmp"
Sat 9 Jun 2007 4,710,400 ...H. --- "E:\Documents and Settings\Darko i\Application Data\Microsoft\Word\~WRL1094.tmp"
Thu 30 Aug 2007 276,992 ...H. --- "E:\Documents and Settings\Darko i\Application Data\Microsoft\Word\~WRL1560.tmp"
Fri 8 Jun 2007 4,732,928 ...H. --- "E:\Documents and Settings\Darko i\Application Data\Microsoft\Word\~WRL2393.tmp"
Sat 9 Jun 2007 4,710,912 ...H. --- "E:\Documents and Settings\Darko i\Application Data\Microsoft\Word\~WRL3547.tmp"
Fri 29 Feb 2008 10,000 ...H. --- "E:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\Jfs9jg.dll"
Fri 29 Feb 2008 14,336 ...H. --- "E:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\svchost.exe"
[b]Finished![/b]
voici le log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:07:16, on 1.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\agrsmsvc.exe
E:\WINDOWS\system32\bgsvcgen.exe
E:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
E:\Program Files\CyberLink\Shared Files\RichVideo.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
E:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
E:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
E:\Program Files\Softwin\BitDefender10\vsserv.exe
E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files\Winamp\winampa.exe
E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
E:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
E:\Program Files\Labtec\WebCam10\WebCam10.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\Softwin\BitDefender10\bdmcon.exe
E:\Program Files\Softwin\BitDefender10\bdagent.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
E:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
E:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
E:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
E:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://net.hr/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E} - (no file)
O2 - BHO: (no name) - {6F87F145-DC2D-4766-AF03-3A3B96FFAD98} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "E:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ATICCC] "E:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] E:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [BSplayer_WhenUSave_Installer] E:\Program Files\BSplayer_WhenUSave_Installer\BSplayer_WhenUSave_Installer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "E:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "E:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [advap32] "E:\DOCUME~1\DARKOI~1\LOCALS~1\Temp\loader.exe" /r/r
O4 - HKLM\..\Run: [ugac] "E:\PROGRA~1\COMMON~1\AVSYST~1\ugac.exe" -start
O4 - HKLM\..\Run: [bm] "E:\Program Files\Common Files\AVSystemCare\bm.exe" dm=https://avsystemcare.com/ ad=https://avsystemcare.com/ sd=http://ykeeper.avsystemcare.com
O4 - HKLM\..\Run: [BDMCon] "E:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "E:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5830] cmd /c del "E:\WINDOWS\system32\printer.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [OM_Monitor] E:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ISUSPM] "E:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [PC Suite Tray] "E:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\RunOnce: [SpybotDeletingB8914] command /c del "E:\WINDOWS\system32\spoolvs.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1342] cmd /c del "E:\WINDOWS\system32\spoolvs.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2162] cmd /c del "E:\WINDOWS\system32\printer.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5278] command /c del "E:\DOCUME~1\DARKOI~1\LOCALS~1\Temp\winlogon.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2] cmd /c del "E:\DOCUME~1\DARKOI~1\LOCALS~1\Temp\winlogon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: WGwyeQ - {43BF93F7-E915-395D-3409-4E9E6B75CCCD} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - E:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - E:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - E:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - E:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - E:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - E:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - E:\WINDOWS\system32\drivers\spools.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - E:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - E:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:07:16, on 1.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\agrsmsvc.exe
E:\WINDOWS\system32\bgsvcgen.exe
E:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
E:\Program Files\CyberLink\Shared Files\RichVideo.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
E:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
E:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
E:\Program Files\Softwin\BitDefender10\vsserv.exe
E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files\Winamp\winampa.exe
E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
E:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
E:\Program Files\Labtec\WebCam10\WebCam10.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\Softwin\BitDefender10\bdmcon.exe
E:\Program Files\Softwin\BitDefender10\bdagent.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
E:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
E:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
E:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
E:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://net.hr/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E} - (no file)
O2 - BHO: (no name) - {6F87F145-DC2D-4766-AF03-3A3B96FFAD98} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "E:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ATICCC] "E:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] E:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [BSplayer_WhenUSave_Installer] E:\Program Files\BSplayer_WhenUSave_Installer\BSplayer_WhenUSave_Installer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "E:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "E:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [advap32] "E:\DOCUME~1\DARKOI~1\LOCALS~1\Temp\loader.exe" /r/r
O4 - HKLM\..\Run: [ugac] "E:\PROGRA~1\COMMON~1\AVSYST~1\ugac.exe" -start
O4 - HKLM\..\Run: [bm] "E:\Program Files\Common Files\AVSystemCare\bm.exe" dm=https://avsystemcare.com/ ad=https://avsystemcare.com/ sd=http://ykeeper.avsystemcare.com
O4 - HKLM\..\Run: [BDMCon] "E:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "E:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5830] cmd /c del "E:\WINDOWS\system32\printer.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [OM_Monitor] E:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ISUSPM] "E:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [PC Suite Tray] "E:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\RunOnce: [SpybotDeletingB8914] command /c del "E:\WINDOWS\system32\spoolvs.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1342] cmd /c del "E:\WINDOWS\system32\spoolvs.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2162] cmd /c del "E:\WINDOWS\system32\printer.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5278] command /c del "E:\DOCUME~1\DARKOI~1\LOCALS~1\Temp\winlogon.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2] cmd /c del "E:\DOCUME~1\DARKOI~1\LOCALS~1\Temp\winlogon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: WGwyeQ - {43BF93F7-E915-395D-3409-4E9E6B75CCCD} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - E:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - E:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - E:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - E:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - E:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - E:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - E:\WINDOWS\system32\drivers\spools.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - E:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - E:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Il vient de nouveau de me replanter: écran bleu d'erreur windows (que je n'ai pas le temps de lire) puis il s'eteint avec une sorte de clic!
Impossible de l'allumer desormais! Apres l'ecran Windows XP, l'écran bleue s'affiche systematique puis l'ordinateur s'éteint!
Le code suivant s'affiche a l'écran bleu: technical information 0x000000007F
Le code suivant s'affiche a l'écran bleu: technical information 0x000000007F
as tu essayer en mode sans echecs:
Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter.
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter.
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
