Fichier indestructible
Résolu
Blacky57
Messages postés
135
Statut
Membre
-
ep44 Messages postés 7432 Statut Contributeur -
ep44 Messages postés 7432 Statut Contributeur -
Bonjour,
Suite a quelque probleme sur mon ordinatuer j'aifait une reche Hijackthis et j'ai supprimé se qui n'avai pas raison d'etre. Mais le probleme c'est que je n'arrive pas a supprimé se fichier:
O2 - BHO: (no name) - {11241072-58BB-40CE-9171-0B2BDFB22E97} - C:\WINDOWS\system32\tuvusqp.dll
J'ai essayé de la supprimer avec killbox mais sa ne marche pas, en mode sans echec mais sa ne marche toujours pas. Comment faire pour la supprimé?
Merci
Suite a quelque probleme sur mon ordinatuer j'aifait une reche Hijackthis et j'ai supprimé se qui n'avai pas raison d'etre. Mais le probleme c'est que je n'arrive pas a supprimé se fichier:
O2 - BHO: (no name) - {11241072-58BB-40CE-9171-0B2BDFB22E97} - C:\WINDOWS\system32\tuvusqp.dll
J'ai essayé de la supprimer avec killbox mais sa ne marche pas, en mode sans echec mais sa ne marche toujours pas. Comment faire pour la supprimé?
Merci
A voir également:
- Fichier indestructible
- Fichier bin - Guide
- Fichier epub - Guide
- Fichier rar - Guide
- Comment réduire la taille d'un fichier - Guide
- Fichier .dat - Guide
8 réponses
Bonjour
poste un rapport hijack et
Télécharge Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur combofix,
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
@+
poste un rapport hijack et
Télécharge Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur combofix,
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
@+
Avec l logiciel CClean ca nemarche as et voici le rappor Combofix qui ma éait donné:
"Herrmann" - 2008-03-22 11:42:22 - ComboFix 07-07-10.1 - Service Pack 2
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Documents and Settings\Herrmann\ravmonlog
C:\WINDOWS\system32\11156910.dll
C:\WINDOWS\system32\21394968.dll
C:\WINDOWS\system32\2314740.dll
C:\WINDOWS\system32\2750958.dll
C:\WINDOWS\system32\5386986.dll
C:\windows\xpupdate.exe
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_FOPF
((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 )))))))))))))))))))))))))))))))
2008-03-22 10:27 <REP> d-------- C:\Program Files\Iconoid
2008-03-22 07:46 251,416 --a------ C:\DOCUME~1\Herrmann\APPLIC~1\install_fr[2].exe
2008-03-21 13:55 91,712 --a------ C:\WINDOWS\system32\gujdicxs.dll
2008-03-21 13:53 90,176 --a------ C:\WINDOWS\system32\oumjdxkb.dll
2008-03-21 13:53 86,592 --a------ C:\WINDOWS\system32\fnliqjvk.dll
2008-03-21 13:52 305,152 --a------ C:\WINDOWS\system32\ssqro.dll
2008-03-21 13:52 196,672 --ahs---- C:\WINDOWS\system32\orqss.ini2
2008-03-21 13:47 37,888 --a------ C:\WINDOWS\system32\tuvusqp.dll
2008-03-09 16:52 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\RInfo
2008-03-09 16:14 <REP> d-------- C:\Program Files\EaseDic
2008-03-09 16:14 <REP> d-------- C:\DOCUME~1\Herrmann\APPLIC~1\EaseDic
2008-03-09 16:14 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\EaseDic
2008-03-09 16:13 <REP> d-------- C:\DOCUME~1\Herrmann\APPLIC~1\StarDict
2008-03-09 16:12 <REP> d-------- C:\Program Files\StarDict
2008-03-09 16:02 <REP> d-------- C:\Program Files\Foreignword
2008-03-01 11:06 <REP> d-------- C:\DOCUME~1\Herrmann\APPLIC~1\Panasonic
2008-03-01 11:02 <REP> d-------- C:\Program Files\Apple Software Update
2008-03-01 11:01 <REP> d-------- C:\Program Files\ISL
2008-03-01 10:57 77,824 --a------ C:\WINDOWS\system32\PICEntry.dll
2008-03-01 10:57 73,728 --a------ C:\WINDOWS\system32\PICSDK.dll
2008-03-01 10:57 65,536 --a------ C:\WINDOWS\system32\EPPicMgr.dll
2008-03-01 10:57 495,616 --a------ C:\WINDOWS\system32\PICSDK2.dll
2008-03-01 10:57 4,943 --a------ C:\WINDOWS\system32\EPPICPattern6.dat
2008-03-01 10:57 31,053 --a------ C:\WINDOWS\system32\EPPICPattern131.dat
2008-03-01 10:57 27,417 --a------ C:\WINDOWS\system32\EPPICPattern121.dat
2008-03-01 10:57 26,154 --a------ C:\WINDOWS\system32\EPPICPattern1.dat
2008-03-01 10:57 24,903 --a------ C:\WINDOWS\system32\EPPICPattern3.dat
2008-03-01 10:57 21,390 --a------ C:\WINDOWS\system32\EPPICPattern5.dat
2008-03-01 10:57 20,148 --a------ C:\WINDOWS\system32\EPPICPattern2.dat
2008-03-01 10:57 114,688 --a------ C:\WINDOWS\system32\EpPicPrt.dll
2008-03-01 10:57 111,932 --a------ C:\WINDOWS\system32\EPPICPrinterDB.dat
2008-03-01 10:57 11,811 --a------ C:\WINDOWS\system32\EPPICPattern4.dat
2008-03-01 10:57 1,146 --a------ C:\WINDOWS\system32\EPPICPresetData_DU.dat
2008-03-01 10:57 1,139 --a------ C:\WINDOWS\system32\EPPICPresetData_PT.dat
2008-03-01 10:57 1,139 --a------ C:\WINDOWS\system32\EPPICPresetData_BP.dat
2008-03-01 10:57 1,136 --a------ C:\WINDOWS\system32\EPPICPresetData_ES.dat
2008-03-01 10:57 1,129 --a------ C:\WINDOWS\system32\EPPICPresetData_FR.dat
2008-03-01 10:57 1,129 --a------ C:\WINDOWS\system32\EPPICPresetData_CF.dat
2008-03-01 10:57 1,120 --a------ C:\WINDOWS\system32\EPPICPresetData_IT.dat
2008-03-01 10:57 1,107 --a------ C:\WINDOWS\system32\EPPICPresetData_GE.dat
2008-03-01 10:57 1,104 --a------ C:\WINDOWS\system32\EPPICPresetData_EN.dat
2008-03-01 10:56 45,056 --a------ C:\WINDOWS\system32\PhDi2.sys
2008-03-01 10:56 <REP> d-------- C:\Program Files\Panasonic
2008-03-01 10:55 <REP> d-------- C:\DOCUME~1\Herrmann\APPLIC~1\InstallShield
2008-02-28 11:45 <REP> d-------- C:\Program Files\Swat 4 ATC v2.0
2008-02-27 11:30 1,689,088 --a------ C:\WINDOWS\system32\faa8908.dll
2008-02-26 09:01 82,944 --a------ C:\WINDOWS\system32\356644f8.dll
2008-02-25 16:37 82,944 --a------ C:\WINDOWS\system32\2b99a04.dll
2008-02-25 16:37 82,944 --a------ C:\WINDOWS\system32\166a88f4.dll
2008-02-25 16:37 1,689,088 --a------ C:\WINDOWS\system32\6064c04.dll
2008-02-25 16:37 1,689,088 --a------ C:\WINDOWS\system32\263825c0.dll
2008-02-25 12:02 <REP> d-------- C:\Program Files\Replay Converter
2008-02-25 11:53 <REP> d-------- C:\DOCUME~1\Herrmann\APPLIC~1\GetRightToGo
2008-02-25 11:41 60,416 --a------ C:\WINDOWS\system32\dsetup.dll
2008-02-25 00:37 <REP> d-------- C:\Program Files\7-Zip
2008-02-23 10:29 82,944 --a------ C:\WINDOWS\system32\30a2d3fc.dll
2008-02-23 09:26 82,944 --a------ C:\WINDOWS\system32\197fea2.dll
2008-02-23 09:26 1,689,088 --a------ C:\WINDOWS\system32\1419a886.dll
2008-02-22 12:58 <REP> d-------- C:\Program Files\AutoMz
2008-02-22 12:57 <REP> d-------- C:\Program Files\MzVistaForce
2008-02-22 12:56 <REP> d-------- C:\Program Files\Mz_CpuAcc
2008-02-22 12:55 <REP> d-------- C:\Program Files\MzRam
2008-02-22 12:54 <REP> d-------- C:\Program Files\MZ U.T
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2008-03-22 10:35:55 510,736 ----a-w C:\WINDOWS\system32\perfh00C.dat
2008-03-22 10:35:54 84,818 ----a-w C:\WINDOWS\system32\perfc00C.dat
2008-03-22 09:55:42 -------- d-----w C:\Program Files\FlashGet
2008-03-22 09:35:16 -------- d-----w C:\Program Files\Wanadoo
2008-03-14 17:30:36 96,624 ----a-w C:\DOCUME~1\Herrmann\APPLIC~1\GDIPFONTCACHEV1.DAT
2008-03-01 13:11:32 96,624 ----a-w C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-03-01 10:05:16 -------- d-----w C:\Program Files\QuickTime
2008-03-01 10:01:26 -------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-01 09:18:10 -------- d-----w C:\Program Files\LastChaosUSA
2008-02-29 09:57:29 -------- d-----w C:\DOCUME~1\Herrmann\APPLIC~1\Skype
2008-02-29 08:53:05 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-02-28 09:33:43 -------- d-----w C:\Program Files\Sierra
2008-02-26 22:56:16 -------- d-----w C:\Program Files\mIRC
2008-02-25 11:47:55 -------- d-----w C:\Program Files\GeoVid
2008-02-25 10:41:30 -------- d-----w C:\Program Files\Fichiers communs\GeoVid
2008-02-22 12:20:25 -------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-21 17:04:37 -------- d-----w C:\Program Files\Gpotato.eu
2008-02-18 16:50:56 -------- d-----w C:\Program Files\AxBx
2008-02-18 14:30:05 -------- d-----w C:\Program Files\Common Files
2008-02-18 12:36:49 -------- d-----w C:\DOCUME~1\Herrmann\APPLIC~1\TuneUp Software
2008-02-18 09:19:56 -------- d-----w C:\Program Files\Warcraft III
2008-02-16 15:34:00 -------- d-----w C:\Program Files\Sony Ericsson
2008-02-16 15:33:55 -------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2008-02-16 15:31:08 -------- d-----w C:\Program Files\Microsoft Silverlight
2008-02-16 15:20:42 -------- d-----w C:\Program Files\Zeb-Utility
2008-02-16 15:10:03 -------- d-----w C:\Program Files\EPSON
2008-02-16 15:06:13 -------- d-----w C:\Program Files\Canon
2008-02-09 20:38:00 118,019 ----a-w C:\WINDOWS\War3Unin.dat
2008-02-09 19:02:13 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-27 23:10:11 -------- d-----w C:\DOCUME~1\Herrmann\APPLIC~1\Apple Computer
2008-01-27 20:14:32 -------- d-----w C:\Program Files\Total Video Converter
2008-01-27 20:07:04 -------- d-----w C:\Program Files\AviSynth 2.5
2008-01-27 20:06:23 -------- d-----w C:\Program Files\eRightSoft
2008-01-14 12:52:00 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2006-05-03 10:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47:16 31,744 --sh--r C:\WINDOWS\system32\msfDX.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11241072-58BB-40CE-9171-0B2BDFB22E97}]
2008-03-21 13:47 37888 --a------ C:\WINDOWS\system32\tuvusqp.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{231a64f8-ebd6-4516-aa44-e2d754e92af3}]
2008-03-21 13:55 91712 --a------ C:\WINDOWS\system32\gujdicxs.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
2007-06-28 11:11 94308 --a------ C:\Program Files\FlashGet\jccatch.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 02:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89A1E40D-0254-4F99-B9AE-B60A2D8754A9}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2007-09-20 10:30 328752 --a------ C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-06-09 20:48 2436160 -ra------ c:\program files\google\googletoolbar2.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
2007-08-11 11:38 654832 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8341D93-055D-48CB-912B-4ED80744CC20}]
2008-03-21 13:52 305152 --a------ C:\WINDOWS\system32\ssqro.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
2007-05-18 17:13 163840 --a------ C:\Program Files\FlashGet\getflash.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 10:38]
"WOOTASKBARICON"="C:\Program Files\Wanadoo\taskbaricon.exe" [2004-10-05 16:00]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 20:54]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-20 00:10 C:\WINDOWS\system32\bthprops.cpl]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-15 13:42]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
"Adobe Photoshop Album Starter Edition 3.0 component"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" []
"MzRamBooster"="C:\Program Files\MzRam\MzRamBooster.exe" [2008-02-01 10:01]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"combofix"=C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 13:29]
"{11241072-58BB-40CE-9171-0B2BDFB22E97}"="C:\WINDOWS\system32\tuvusqp.dll" [2008-03-21 13:47]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnkjgg]
nnnkjgg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvusqp]
tuvusqp.dll 2008-03-21 13:47 37888 C:\WINDOWS\system32\tuvusqp.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 C:\WINDOWS\system32\ssqro.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avg Antivirus]
C:\WINDOWS\system32\icpldrvx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNA]
"C:\Program Files\BitTorrent_DNA\dna.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
C:\Program Files\FlashGet\flashget.exe /min
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\program files\valve\steam\steam.exe" -silent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1959f36e-b489-11db-a425-000e505a106b}]
play\Command- "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1c608f9-8ceb-11db-a3ee-000e505a106b}]
Auto\command- J:\AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5e7790e-b483-11db-a424-000e505a106b}]
Rip\Command- "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:3 /RipAudioCD "%L"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b35c35ff-a946-11db-a411-000e505a106b}]
Auto\command- J:\AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e004b519-14cb-11dc-a4c0-000e505a106b}]
Auto\command- AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f53af055-9b4a-11dc-80ca-000e505a106b}]
Auto\command- AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe448c1c-3243-11dc-a513-000e505a106b}]
Auto\command- J:\AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
Contents of the 'Scheduled Tasks' folder
2008-02-29 16:15:00 C:\WINDOWS\tasks\1-Click Maintenance.job
2008-03-16 18:58:03 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2008-03-22 10:58:05 C:\WINDOWS\tasks\MP Scheduled Scan.job
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 11:55:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2008-03-22 12:01:36 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2008-03-22 12:01
C:\ComboFix2.txt ... 2007-07-11 17:37
--- E O F ---
"Herrmann" - 2008-03-22 11:42:22 - ComboFix 07-07-10.1 - Service Pack 2
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Documents and Settings\Herrmann\ravmonlog
C:\WINDOWS\system32\11156910.dll
C:\WINDOWS\system32\21394968.dll
C:\WINDOWS\system32\2314740.dll
C:\WINDOWS\system32\2750958.dll
C:\WINDOWS\system32\5386986.dll
C:\windows\xpupdate.exe
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_FOPF
((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 )))))))))))))))))))))))))))))))
2008-03-22 10:27 <REP> d-------- C:\Program Files\Iconoid
2008-03-22 07:46 251,416 --a------ C:\DOCUME~1\Herrmann\APPLIC~1\install_fr[2].exe
2008-03-21 13:55 91,712 --a------ C:\WINDOWS\system32\gujdicxs.dll
2008-03-21 13:53 90,176 --a------ C:\WINDOWS\system32\oumjdxkb.dll
2008-03-21 13:53 86,592 --a------ C:\WINDOWS\system32\fnliqjvk.dll
2008-03-21 13:52 305,152 --a------ C:\WINDOWS\system32\ssqro.dll
2008-03-21 13:52 196,672 --ahs---- C:\WINDOWS\system32\orqss.ini2
2008-03-21 13:47 37,888 --a------ C:\WINDOWS\system32\tuvusqp.dll
2008-03-09 16:52 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\RInfo
2008-03-09 16:14 <REP> d-------- C:\Program Files\EaseDic
2008-03-09 16:14 <REP> d-------- C:\DOCUME~1\Herrmann\APPLIC~1\EaseDic
2008-03-09 16:14 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\EaseDic
2008-03-09 16:13 <REP> d-------- C:\DOCUME~1\Herrmann\APPLIC~1\StarDict
2008-03-09 16:12 <REP> d-------- C:\Program Files\StarDict
2008-03-09 16:02 <REP> d-------- C:\Program Files\Foreignword
2008-03-01 11:06 <REP> d-------- C:\DOCUME~1\Herrmann\APPLIC~1\Panasonic
2008-03-01 11:02 <REP> d-------- C:\Program Files\Apple Software Update
2008-03-01 11:01 <REP> d-------- C:\Program Files\ISL
2008-03-01 10:57 77,824 --a------ C:\WINDOWS\system32\PICEntry.dll
2008-03-01 10:57 73,728 --a------ C:\WINDOWS\system32\PICSDK.dll
2008-03-01 10:57 65,536 --a------ C:\WINDOWS\system32\EPPicMgr.dll
2008-03-01 10:57 495,616 --a------ C:\WINDOWS\system32\PICSDK2.dll
2008-03-01 10:57 4,943 --a------ C:\WINDOWS\system32\EPPICPattern6.dat
2008-03-01 10:57 31,053 --a------ C:\WINDOWS\system32\EPPICPattern131.dat
2008-03-01 10:57 27,417 --a------ C:\WINDOWS\system32\EPPICPattern121.dat
2008-03-01 10:57 26,154 --a------ C:\WINDOWS\system32\EPPICPattern1.dat
2008-03-01 10:57 24,903 --a------ C:\WINDOWS\system32\EPPICPattern3.dat
2008-03-01 10:57 21,390 --a------ C:\WINDOWS\system32\EPPICPattern5.dat
2008-03-01 10:57 20,148 --a------ C:\WINDOWS\system32\EPPICPattern2.dat
2008-03-01 10:57 114,688 --a------ C:\WINDOWS\system32\EpPicPrt.dll
2008-03-01 10:57 111,932 --a------ C:\WINDOWS\system32\EPPICPrinterDB.dat
2008-03-01 10:57 11,811 --a------ C:\WINDOWS\system32\EPPICPattern4.dat
2008-03-01 10:57 1,146 --a------ C:\WINDOWS\system32\EPPICPresetData_DU.dat
2008-03-01 10:57 1,139 --a------ C:\WINDOWS\system32\EPPICPresetData_PT.dat
2008-03-01 10:57 1,139 --a------ C:\WINDOWS\system32\EPPICPresetData_BP.dat
2008-03-01 10:57 1,136 --a------ C:\WINDOWS\system32\EPPICPresetData_ES.dat
2008-03-01 10:57 1,129 --a------ C:\WINDOWS\system32\EPPICPresetData_FR.dat
2008-03-01 10:57 1,129 --a------ C:\WINDOWS\system32\EPPICPresetData_CF.dat
2008-03-01 10:57 1,120 --a------ C:\WINDOWS\system32\EPPICPresetData_IT.dat
2008-03-01 10:57 1,107 --a------ C:\WINDOWS\system32\EPPICPresetData_GE.dat
2008-03-01 10:57 1,104 --a------ C:\WINDOWS\system32\EPPICPresetData_EN.dat
2008-03-01 10:56 45,056 --a------ C:\WINDOWS\system32\PhDi2.sys
2008-03-01 10:56 <REP> d-------- C:\Program Files\Panasonic
2008-03-01 10:55 <REP> d-------- C:\DOCUME~1\Herrmann\APPLIC~1\InstallShield
2008-02-28 11:45 <REP> d-------- C:\Program Files\Swat 4 ATC v2.0
2008-02-27 11:30 1,689,088 --a------ C:\WINDOWS\system32\faa8908.dll
2008-02-26 09:01 82,944 --a------ C:\WINDOWS\system32\356644f8.dll
2008-02-25 16:37 82,944 --a------ C:\WINDOWS\system32\2b99a04.dll
2008-02-25 16:37 82,944 --a------ C:\WINDOWS\system32\166a88f4.dll
2008-02-25 16:37 1,689,088 --a------ C:\WINDOWS\system32\6064c04.dll
2008-02-25 16:37 1,689,088 --a------ C:\WINDOWS\system32\263825c0.dll
2008-02-25 12:02 <REP> d-------- C:\Program Files\Replay Converter
2008-02-25 11:53 <REP> d-------- C:\DOCUME~1\Herrmann\APPLIC~1\GetRightToGo
2008-02-25 11:41 60,416 --a------ C:\WINDOWS\system32\dsetup.dll
2008-02-25 00:37 <REP> d-------- C:\Program Files\7-Zip
2008-02-23 10:29 82,944 --a------ C:\WINDOWS\system32\30a2d3fc.dll
2008-02-23 09:26 82,944 --a------ C:\WINDOWS\system32\197fea2.dll
2008-02-23 09:26 1,689,088 --a------ C:\WINDOWS\system32\1419a886.dll
2008-02-22 12:58 <REP> d-------- C:\Program Files\AutoMz
2008-02-22 12:57 <REP> d-------- C:\Program Files\MzVistaForce
2008-02-22 12:56 <REP> d-------- C:\Program Files\Mz_CpuAcc
2008-02-22 12:55 <REP> d-------- C:\Program Files\MzRam
2008-02-22 12:54 <REP> d-------- C:\Program Files\MZ U.T
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2008-03-22 10:35:55 510,736 ----a-w C:\WINDOWS\system32\perfh00C.dat
2008-03-22 10:35:54 84,818 ----a-w C:\WINDOWS\system32\perfc00C.dat
2008-03-22 09:55:42 -------- d-----w C:\Program Files\FlashGet
2008-03-22 09:35:16 -------- d-----w C:\Program Files\Wanadoo
2008-03-14 17:30:36 96,624 ----a-w C:\DOCUME~1\Herrmann\APPLIC~1\GDIPFONTCACHEV1.DAT
2008-03-01 13:11:32 96,624 ----a-w C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-03-01 10:05:16 -------- d-----w C:\Program Files\QuickTime
2008-03-01 10:01:26 -------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-01 09:18:10 -------- d-----w C:\Program Files\LastChaosUSA
2008-02-29 09:57:29 -------- d-----w C:\DOCUME~1\Herrmann\APPLIC~1\Skype
2008-02-29 08:53:05 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-02-28 09:33:43 -------- d-----w C:\Program Files\Sierra
2008-02-26 22:56:16 -------- d-----w C:\Program Files\mIRC
2008-02-25 11:47:55 -------- d-----w C:\Program Files\GeoVid
2008-02-25 10:41:30 -------- d-----w C:\Program Files\Fichiers communs\GeoVid
2008-02-22 12:20:25 -------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-21 17:04:37 -------- d-----w C:\Program Files\Gpotato.eu
2008-02-18 16:50:56 -------- d-----w C:\Program Files\AxBx
2008-02-18 14:30:05 -------- d-----w C:\Program Files\Common Files
2008-02-18 12:36:49 -------- d-----w C:\DOCUME~1\Herrmann\APPLIC~1\TuneUp Software
2008-02-18 09:19:56 -------- d-----w C:\Program Files\Warcraft III
2008-02-16 15:34:00 -------- d-----w C:\Program Files\Sony Ericsson
2008-02-16 15:33:55 -------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2008-02-16 15:31:08 -------- d-----w C:\Program Files\Microsoft Silverlight
2008-02-16 15:20:42 -------- d-----w C:\Program Files\Zeb-Utility
2008-02-16 15:10:03 -------- d-----w C:\Program Files\EPSON
2008-02-16 15:06:13 -------- d-----w C:\Program Files\Canon
2008-02-09 20:38:00 118,019 ----a-w C:\WINDOWS\War3Unin.dat
2008-02-09 19:02:13 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-27 23:10:11 -------- d-----w C:\DOCUME~1\Herrmann\APPLIC~1\Apple Computer
2008-01-27 20:14:32 -------- d-----w C:\Program Files\Total Video Converter
2008-01-27 20:07:04 -------- d-----w C:\Program Files\AviSynth 2.5
2008-01-27 20:06:23 -------- d-----w C:\Program Files\eRightSoft
2008-01-14 12:52:00 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2006-05-03 10:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47:16 31,744 --sh--r C:\WINDOWS\system32\msfDX.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11241072-58BB-40CE-9171-0B2BDFB22E97}]
2008-03-21 13:47 37888 --a------ C:\WINDOWS\system32\tuvusqp.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{231a64f8-ebd6-4516-aa44-e2d754e92af3}]
2008-03-21 13:55 91712 --a------ C:\WINDOWS\system32\gujdicxs.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
2007-06-28 11:11 94308 --a------ C:\Program Files\FlashGet\jccatch.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 02:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89A1E40D-0254-4F99-B9AE-B60A2D8754A9}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2007-09-20 10:30 328752 --a------ C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-06-09 20:48 2436160 -ra------ c:\program files\google\googletoolbar2.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
2007-08-11 11:38 654832 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8341D93-055D-48CB-912B-4ED80744CC20}]
2008-03-21 13:52 305152 --a------ C:\WINDOWS\system32\ssqro.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
2007-05-18 17:13 163840 --a------ C:\Program Files\FlashGet\getflash.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 10:38]
"WOOTASKBARICON"="C:\Program Files\Wanadoo\taskbaricon.exe" [2004-10-05 16:00]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 20:54]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-20 00:10 C:\WINDOWS\system32\bthprops.cpl]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-15 13:42]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
"Adobe Photoshop Album Starter Edition 3.0 component"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" []
"MzRamBooster"="C:\Program Files\MzRam\MzRamBooster.exe" [2008-02-01 10:01]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"combofix"=C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 13:29]
"{11241072-58BB-40CE-9171-0B2BDFB22E97}"="C:\WINDOWS\system32\tuvusqp.dll" [2008-03-21 13:47]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnkjgg]
nnnkjgg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvusqp]
tuvusqp.dll 2008-03-21 13:47 37888 C:\WINDOWS\system32\tuvusqp.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 C:\WINDOWS\system32\ssqro.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avg Antivirus]
C:\WINDOWS\system32\icpldrvx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNA]
"C:\Program Files\BitTorrent_DNA\dna.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
C:\Program Files\FlashGet\flashget.exe /min
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\program files\valve\steam\steam.exe" -silent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1959f36e-b489-11db-a425-000e505a106b}]
play\Command- "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1c608f9-8ceb-11db-a3ee-000e505a106b}]
Auto\command- J:\AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5e7790e-b483-11db-a424-000e505a106b}]
Rip\Command- "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:3 /RipAudioCD "%L"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b35c35ff-a946-11db-a411-000e505a106b}]
Auto\command- J:\AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e004b519-14cb-11dc-a4c0-000e505a106b}]
Auto\command- AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f53af055-9b4a-11dc-80ca-000e505a106b}]
Auto\command- AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe448c1c-3243-11dc-a513-000e505a106b}]
Auto\command- J:\AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
Contents of the 'Scheduled Tasks' folder
2008-02-29 16:15:00 C:\WINDOWS\tasks\1-Click Maintenance.job
2008-03-16 18:58:03 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2008-03-22 10:58:05 C:\WINDOWS\tasks\MP Scheduled Scan.job
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 11:55:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2008-03-22 12:01:36 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2008-03-22 12:01
C:\ComboFix2.txt ... 2007-07-11 17:37
--- E O F ---
selectionne ceci
registry::
[HKEY_LOCAL_MACHINE\system\CurrentControlSet\Control\lsa]
"Authentication Packages"= hex(7):6d,73,76,31,5f,30,00,00
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11241072-58BB-40CE-9171-0B2BDFB22E97}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{231a64f8-ebd6-4516-aa44-e2d754e92af3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89A1E40D-0254-4F99-B9AE-B60A2D8754A9}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8341D93-055D-48CB-912B-4ED80744CC20}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnkjgg]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvusqp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{11241072-58BB-40CE-9171-0B2BDFB22E97}"=-
File::
C:\WINDOWS\system32\gujdicxs.dll
C:\WINDOWS\system32\oumjdxkb.dll
C:\WINDOWS\system32\fnliqjvk.dll
C:\WINDOWS\system32\ssqro.dll
C:\WINDOWS\system32\orqss.ini2
C:\WINDOWS\system32\tuvusqp.dll
C:\WINDOWS\system32\faa8908.dll
C:\WINDOWS\system32\356644f8.dll
C:\WINDOWS\system32\2b99a04.dll
C:\WINDOWS\system32\166a88f4.dll
C:\WINDOWS\system32\6064c04.dll
C:\WINDOWS\system32\263825c0.dll
C:\WINDOWS\system32\30a2d3fc.dll
C:\WINDOWS\system32\197fea2.dll
C:\WINDOWS\system32\1419a886.dll
* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
ensuite
Télécharge sur le bureau
ftp://ftp.commentcamarche.com/download/HJTInstall.exe
= Double-clic dessus pour l'installer
= Clic Do a system scan and save the log
=coller le rapport
si problème voir l'aide
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
@+
registry::
[HKEY_LOCAL_MACHINE\system\CurrentControlSet\Control\lsa]
"Authentication Packages"= hex(7):6d,73,76,31,5f,30,00,00
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11241072-58BB-40CE-9171-0B2BDFB22E97}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{231a64f8-ebd6-4516-aa44-e2d754e92af3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89A1E40D-0254-4F99-B9AE-B60A2D8754A9}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8341D93-055D-48CB-912B-4ED80744CC20}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnkjgg]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvusqp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{11241072-58BB-40CE-9171-0B2BDFB22E97}"=-
File::
C:\WINDOWS\system32\gujdicxs.dll
C:\WINDOWS\system32\oumjdxkb.dll
C:\WINDOWS\system32\fnliqjvk.dll
C:\WINDOWS\system32\ssqro.dll
C:\WINDOWS\system32\orqss.ini2
C:\WINDOWS\system32\tuvusqp.dll
C:\WINDOWS\system32\faa8908.dll
C:\WINDOWS\system32\356644f8.dll
C:\WINDOWS\system32\2b99a04.dll
C:\WINDOWS\system32\166a88f4.dll
C:\WINDOWS\system32\6064c04.dll
C:\WINDOWS\system32\263825c0.dll
C:\WINDOWS\system32\30a2d3fc.dll
C:\WINDOWS\system32\197fea2.dll
C:\WINDOWS\system32\1419a886.dll
* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
ensuite
Télécharge sur le bureau
ftp://ftp.commentcamarche.com/download/HJTInstall.exe
= Double-clic dessus pour l'installer
= Clic Do a system scan and save the log
=coller le rapport
si problème voir l'aide
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
@+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Désoler de ne pas avoir répondu plus tot mais j'était a un repas de famille.
Voici le rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:27, on 2008-03-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Wanadoo\taskbaricon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\MzRam\MzRamBooster.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\Program Files\Wanadoo\taskbaricon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BM2350ad67] Rundll32.exe "C:\WINDOWS\system32\ltcoydnf.dll",s
O4 - HKLM\..\Run: [20639efb] rundll32.exe "C:\WINDOWS\system32\yomdigcj.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Adobe Photoshop Album Starter Edition 3.0 component] C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
O4 - HKCU\..\Run: [MzRamBooster] C:\Program Files\MzRam\MzRamBooster.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0051A22E-CC80-4C71-9036-09E40BA2A18B}: NameServer = 80.10.246.1 81.253.149.2
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{0051A22E-CC80-4C71-9036-09E40BA2A18B}: NameServer = 80.10.246.1 81.253.149.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Voici le rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:27, on 2008-03-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Wanadoo\taskbaricon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\MzRam\MzRamBooster.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\Program Files\Wanadoo\taskbaricon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BM2350ad67] Rundll32.exe "C:\WINDOWS\system32\ltcoydnf.dll",s
O4 - HKLM\..\Run: [20639efb] rundll32.exe "C:\WINDOWS\system32\yomdigcj.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Adobe Photoshop Album Starter Edition 3.0 component] C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
O4 - HKCU\..\Run: [MzRamBooster] C:\Program Files\MzRam\MzRamBooster.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0051A22E-CC80-4C71-9036-09E40BA2A18B}: NameServer = 80.10.246.1 81.253.149.2
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{0051A22E-CC80-4C71-9036-09E40BA2A18B}: NameServer = 80.10.246.1 81.253.149.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
recommence la manip avec combofix
mais avec ce texte
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{025cd60e-d0ff-4cc3-8123-6092c266cf87}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AEAD9B29-81CD-496B-95DB-63F7CADC67BE}]
File::
C:\WINDOWS\system32\yomdigcj.dll
C:\WINDOWS\system32\wbhsokpc.dll
C:\WINDOWS\system32\ltcoydnf.dll
C:\!KillBox
C:\WINDOWS\system32\bpbilaqy.dll
C:\WINDOWS\system32\qyywbsby.dll
C:\WINDOWS\system32\imlgdljq.dll
C:\WINDOWS\system32\icpldrvx.exe
@+
mais avec ce texte
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{025cd60e-d0ff-4cc3-8123-6092c266cf87}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AEAD9B29-81CD-496B-95DB-63F7CADC67BE}]
File::
C:\WINDOWS\system32\yomdigcj.dll
C:\WINDOWS\system32\wbhsokpc.dll
C:\WINDOWS\system32\ltcoydnf.dll
C:\!KillBox
C:\WINDOWS\system32\bpbilaqy.dll
C:\WINDOWS\system32\qyywbsby.dll
C:\WINDOWS\system32\imlgdljq.dll
C:\WINDOWS\system32\icpldrvx.exe
@+
Voici le Log de ComboFix :
"Herrmann" - 2008-03-24 13:14:49 - ComboFix 07-07-10.1 - Service Pack 2
Command switches used :: C:\Documents and Settings\Herrmann\Bureau\CFScript.txt
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\!KillBox
C:\WINDOWS\system32\bpbilaqy.dll
C:\WINDOWS\system32\imlgdljq.dll
C:\WINDOWS\system32\ltcoydnf.dll
C:\WINDOWS\system32\qyywbsby.dll
C:\WINDOWS\system32\wbhsokpc.dll
C:\WINDOWS\system32\yomdigcj.dll
((((((((((((((((((((((((( Files Created from 2008-02-24 to 2008-03-24 )))))))))))))))))))))))))))))))
2008-03-23 20:10 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-03-23 20:01 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2008-03-22 07:46 251,416 --a------ C:\DOCUME~1\Herrmann\APPLIC~1\install_fr[2].exe
2008-03-09 16:52 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\RInfo
2008-03-09 16:14 <REP> d-------- C:\Program Files\EaseDic
2008-03-09 16:14 <REP> d-------- C:\DOCUME~1\Herrmann\APPLIC~1\EaseDic
2008-03-09 16:14 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\EaseDic
2008-03-09 16:13 <REP> d-------- C:\DOCUME~1\Herrmann\APPLIC~1\StarDict
2008-03-09 16:12 <REP> d-------- C:\Program Files\StarDict
2008-03-09 16:02 <REP> d-------- C:\Program Files\Foreignword
2008-03-01 11:06 <REP> d-------- C:\DOCUME~1\Herrmann\APPLIC~1\Panasonic
2008-03-01 11:02 <REP> d-------- C:\Program Files\Apple Software Update
2008-03-01 11:01 <REP> d-------- C:\Program Files\ISL
2008-03-01 10:57 77,824 --a------ C:\WINDOWS\system32\PICEntry.dll
2008-03-01 10:57 73,728 --a------ C:\WINDOWS\system32\PICSDK.dll
2008-03-01 10:57 65,536 --a------ C:\WINDOWS\system32\EPPicMgr.dll
2008-03-01 10:57 495,616 --a------ C:\WINDOWS\system32\PICSDK2.dll
2008-03-01 10:57 4,943 --a------ C:\WINDOWS\system32\EPPICPattern6.dat
2008-03-01 10:57 31,053 --a------ C:\WINDOWS\system32\EPPICPattern131.dat
2008-03-01 10:57 27,417 --a------ C:\WINDOWS\system32\EPPICPattern121.dat
2008-03-01 10:57 26,154 --a------ C:\WINDOWS\system32\EPPICPattern1.dat
2008-03-01 10:57 24,903 --a------ C:\WINDOWS\system32\EPPICPattern3.dat
2008-03-01 10:57 21,390 --a------ C:\WINDOWS\system32\EPPICPattern5.dat
2008-03-01 10:57 20,148 --a------ C:\WINDOWS\system32\EPPICPattern2.dat
2008-03-01 10:57 114,688 --a------ C:\WINDOWS\system32\EpPicPrt.dll
2008-03-01 10:57 111,932 --a------ C:\WINDOWS\system32\EPPICPrinterDB.dat
2008-03-01 10:57 11,811 --a------ C:\WINDOWS\system32\EPPICPattern4.dat
2008-03-01 10:57 1,146 --a------ C:\WINDOWS\system32\EPPICPresetData_DU.dat
2008-03-01 10:57 1,139 --a------ C:\WINDOWS\system32\EPPICPresetData_PT.dat
2008-03-01 10:57 1,139 --a------ C:\WINDOWS\system32\EPPICPresetData_BP.dat
2008-03-01 10:57 1,136 --a------ C:\WINDOWS\system32\EPPICPresetData_ES.dat
2008-03-01 10:57 1,129 --a------ C:\WINDOWS\system32\EPPICPresetData_FR.dat
2008-03-01 10:57 1,129 --a------ C:\WINDOWS\system32\EPPICPresetData_CF.dat
2008-03-01 10:57 1,120 --a------ C:\WINDOWS\system32\EPPICPresetData_IT.dat
2008-03-01 10:57 1,107 --a------ C:\WINDOWS\system32\EPPICPresetData_GE.dat
2008-03-01 10:57 1,104 --a------ C:\WINDOWS\system32\EPPICPresetData_EN.dat
2008-03-01 10:56 45,056 --a------ C:\WINDOWS\system32\PhDi2.sys
2008-03-01 10:56 <REP> d-------- C:\Program Files\Panasonic
2008-03-01 10:55 <REP> d-------- C:\DOCUME~1\Herrmann\APPLIC~1\InstallShield
2008-02-28 11:45 <REP> d-------- C:\Program Files\Swat 4 ATC v2.0
2008-02-25 12:02 <REP> d-------- C:\Program Files\Replay Converter
2008-02-25 11:53 <REP> d-------- C:\DOCUME~1\Herrmann\APPLIC~1\GetRightToGo
2008-02-25 11:41 60,416 --a------ C:\WINDOWS\system32\dsetup.dll
2008-02-25 00:37 <REP> d-------- C:\Program Files\7-Zip
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2008-03-24 10:00:15 -------- d-----w C:\Program Files\Wanadoo
2008-03-24 07:50:29 -------- d-----w C:\Program Files\FlashGet
2008-03-23 20:01:12 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-03-22 15:12:01 510,736 ----a-w C:\WINDOWS\system32\perfh00C.dat
2008-03-22 15:12:00 84,818 ----a-w C:\WINDOWS\system32\perfc00C.dat
2008-03-14 17:30:36 96,624 ----a-w C:\DOCUME~1\Herrmann\APPLIC~1\GDIPFONTCACHEV1.DAT
2008-03-01 13:11:32 96,624 ----a-w C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-03-01 10:05:16 -------- d-----w C:\Program Files\QuickTime
2008-03-01 10:01:26 -------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-01 09:18:10 -------- d-----w C:\Program Files\LastChaosUSA
2008-02-29 09:57:29 -------- d-----w C:\DOCUME~1\Herrmann\APPLIC~1\Skype
2008-02-28 09:33:43 -------- d-----w C:\Program Files\Sierra
2008-02-26 22:56:16 -------- d-----w C:\Program Files\mIRC
2008-02-25 11:47:55 -------- d-----w C:\Program Files\GeoVid
2008-02-25 10:41:30 -------- d-----w C:\Program Files\Fichiers communs\GeoVid
2008-02-22 12:20:25 -------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-22 11:58:11 -------- d-----w C:\Program Files\AutoMz
2008-02-22 11:57:56 -------- d-----w C:\Program Files\MZ U.T
2008-02-22 11:57:38 -------- d-----w C:\Program Files\MzVistaForce
2008-02-22 11:57:27 -------- d-----w C:\Program Files\Mz_CpuAcc
2008-02-22 11:56:24 -------- d-----w C:\Program Files\MzRam
2008-02-21 17:04:37 -------- d-----w C:\Program Files\Gpotato.eu
2008-02-18 16:50:56 -------- d-----w C:\Program Files\AxBx
2008-02-18 14:30:05 -------- d-----w C:\Program Files\Common Files
2008-02-18 12:36:49 -------- d-----w C:\DOCUME~1\Herrmann\APPLIC~1\TuneUp Software
2008-02-18 09:19:56 -------- d-----w C:\Program Files\Warcraft III
2008-02-16 15:34:00 -------- d-----w C:\Program Files\Sony Ericsson
2008-02-16 15:33:55 -------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2008-02-16 15:31:08 -------- d-----w C:\Program Files\Microsoft Silverlight
2008-02-16 15:20:42 -------- d-----w C:\Program Files\Zeb-Utility
2008-02-16 15:10:03 -------- d-----w C:\Program Files\EPSON
2008-02-16 15:06:13 -------- d-----w C:\Program Files\Canon
2008-02-09 20:38:00 118,019 ----a-w C:\WINDOWS\War3Unin.dat
2008-02-09 19:02:13 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-27 23:10:11 -------- d-----w C:\DOCUME~1\Herrmann\APPLIC~1\Apple Computer
2008-01-27 20:14:32 -------- d-----w C:\Program Files\Total Video Converter
2008-01-27 20:07:04 -------- d-----w C:\Program Files\AviSynth 2.5
2008-01-27 20:06:23 -------- d-----w C:\Program Files\eRightSoft
2008-01-14 12:52:00 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2006-05-03 10:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47:16 31,744 --sh--r C:\WINDOWS\system32\msfDX.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
2007-06-28 11:11 94308 --a------ C:\Program Files\FlashGet\jccatch.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 02:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2007-09-20 10:30 328752 --a------ C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-06-09 20:48 2436160 -ra------ c:\program files\google\googletoolbar2.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
2007-08-11 11:38 654832 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
2007-05-18 17:13 163840 --a------ C:\Program Files\FlashGet\getflash.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 10:38]
"WOOTASKBARICON"="C:\Program Files\Wanadoo\taskbaricon.exe" [2004-10-05 16:00]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 20:54]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-20 00:10 C:\WINDOWS\system32\bthprops.cpl]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-15 13:42]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
"Adobe Photoshop Album Starter Edition 3.0 component"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" []
"MzRamBooster"="C:\Program Files\MzRam\MzRamBooster.exe" [2008-02-01 10:01]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 19:46]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 13:29]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avg Antivirus]
C:\WINDOWS\system32\icpldrvx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNA]
"C:\Program Files\BitTorrent_DNA\dna.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
C:\Program Files\FlashGet\flashget.exe /min
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\program files\valve\steam\steam.exe" -silent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1959f36e-b489-11db-a425-000e505a106b}]
play\Command- "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1c608f9-8ceb-11db-a3ee-000e505a106b}]
Auto\command- J:\AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5e7790e-b483-11db-a424-000e505a106b}]
Rip\Command- "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:3 /RipAudioCD "%L"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6fab7d1-6428-11dc-9e22-000e505a106b}]
Auto\command- AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b35c35ff-a946-11db-a411-000e505a106b}]
Auto\command- J:\AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c45514a9-1667-11dc-a4c4-000e505a106b}]
Auto\command- L:\AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e004b519-14cb-11dc-a4c0-000e505a106b}]
Auto\command- AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f53af055-9b4a-11dc-80ca-000e505a106b}]
Auto\command- AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe448c1c-3243-11dc-a513-000e505a106b}]
Auto\command- J:\AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
Contents of the 'Scheduled Tasks' folder
2008-02-29 16:15:00 C:\WINDOWS\tasks\1-Click Maintenance.job
2008-03-23 19:02:10 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2008-03-24 06:33:41 C:\WINDOWS\tasks\MP Scheduled Scan.job
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-24 13:23:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2008-03-24 13:24:16
C:\ComboFix-quarantined-files.txt ... 2008-03-24 13:24
C:\ComboFix2.txt ... 2008-03-23 19:41
C:\ComboFix3.txt ... 2008-03-22 12:01
--- E O F ---
@+
"Herrmann" - 2008-03-24 13:14:49 - ComboFix 07-07-10.1 - Service Pack 2
Command switches used :: C:\Documents and Settings\Herrmann\Bureau\CFScript.txt
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\!KillBox
C:\WINDOWS\system32\bpbilaqy.dll
C:\WINDOWS\system32\imlgdljq.dll
C:\WINDOWS\system32\ltcoydnf.dll
C:\WINDOWS\system32\qyywbsby.dll
C:\WINDOWS\system32\wbhsokpc.dll
C:\WINDOWS\system32\yomdigcj.dll
((((((((((((((((((((((((( Files Created from 2008-02-24 to 2008-03-24 )))))))))))))))))))))))))))))))
2008-03-23 20:10 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-03-23 20:01 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2008-03-22 07:46 251,416 --a------ C:\DOCUME~1\Herrmann\APPLIC~1\install_fr[2].exe
2008-03-09 16:52 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\RInfo
2008-03-09 16:14 <REP> d-------- C:\Program Files\EaseDic
2008-03-09 16:14 <REP> d-------- C:\DOCUME~1\Herrmann\APPLIC~1\EaseDic
2008-03-09 16:14 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\EaseDic
2008-03-09 16:13 <REP> d-------- C:\DOCUME~1\Herrmann\APPLIC~1\StarDict
2008-03-09 16:12 <REP> d-------- C:\Program Files\StarDict
2008-03-09 16:02 <REP> d-------- C:\Program Files\Foreignword
2008-03-01 11:06 <REP> d-------- C:\DOCUME~1\Herrmann\APPLIC~1\Panasonic
2008-03-01 11:02 <REP> d-------- C:\Program Files\Apple Software Update
2008-03-01 11:01 <REP> d-------- C:\Program Files\ISL
2008-03-01 10:57 77,824 --a------ C:\WINDOWS\system32\PICEntry.dll
2008-03-01 10:57 73,728 --a------ C:\WINDOWS\system32\PICSDK.dll
2008-03-01 10:57 65,536 --a------ C:\WINDOWS\system32\EPPicMgr.dll
2008-03-01 10:57 495,616 --a------ C:\WINDOWS\system32\PICSDK2.dll
2008-03-01 10:57 4,943 --a------ C:\WINDOWS\system32\EPPICPattern6.dat
2008-03-01 10:57 31,053 --a------ C:\WINDOWS\system32\EPPICPattern131.dat
2008-03-01 10:57 27,417 --a------ C:\WINDOWS\system32\EPPICPattern121.dat
2008-03-01 10:57 26,154 --a------ C:\WINDOWS\system32\EPPICPattern1.dat
2008-03-01 10:57 24,903 --a------ C:\WINDOWS\system32\EPPICPattern3.dat
2008-03-01 10:57 21,390 --a------ C:\WINDOWS\system32\EPPICPattern5.dat
2008-03-01 10:57 20,148 --a------ C:\WINDOWS\system32\EPPICPattern2.dat
2008-03-01 10:57 114,688 --a------ C:\WINDOWS\system32\EpPicPrt.dll
2008-03-01 10:57 111,932 --a------ C:\WINDOWS\system32\EPPICPrinterDB.dat
2008-03-01 10:57 11,811 --a------ C:\WINDOWS\system32\EPPICPattern4.dat
2008-03-01 10:57 1,146 --a------ C:\WINDOWS\system32\EPPICPresetData_DU.dat
2008-03-01 10:57 1,139 --a------ C:\WINDOWS\system32\EPPICPresetData_PT.dat
2008-03-01 10:57 1,139 --a------ C:\WINDOWS\system32\EPPICPresetData_BP.dat
2008-03-01 10:57 1,136 --a------ C:\WINDOWS\system32\EPPICPresetData_ES.dat
2008-03-01 10:57 1,129 --a------ C:\WINDOWS\system32\EPPICPresetData_FR.dat
2008-03-01 10:57 1,129 --a------ C:\WINDOWS\system32\EPPICPresetData_CF.dat
2008-03-01 10:57 1,120 --a------ C:\WINDOWS\system32\EPPICPresetData_IT.dat
2008-03-01 10:57 1,107 --a------ C:\WINDOWS\system32\EPPICPresetData_GE.dat
2008-03-01 10:57 1,104 --a------ C:\WINDOWS\system32\EPPICPresetData_EN.dat
2008-03-01 10:56 45,056 --a------ C:\WINDOWS\system32\PhDi2.sys
2008-03-01 10:56 <REP> d-------- C:\Program Files\Panasonic
2008-03-01 10:55 <REP> d-------- C:\DOCUME~1\Herrmann\APPLIC~1\InstallShield
2008-02-28 11:45 <REP> d-------- C:\Program Files\Swat 4 ATC v2.0
2008-02-25 12:02 <REP> d-------- C:\Program Files\Replay Converter
2008-02-25 11:53 <REP> d-------- C:\DOCUME~1\Herrmann\APPLIC~1\GetRightToGo
2008-02-25 11:41 60,416 --a------ C:\WINDOWS\system32\dsetup.dll
2008-02-25 00:37 <REP> d-------- C:\Program Files\7-Zip
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2008-03-24 10:00:15 -------- d-----w C:\Program Files\Wanadoo
2008-03-24 07:50:29 -------- d-----w C:\Program Files\FlashGet
2008-03-23 20:01:12 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-03-22 15:12:01 510,736 ----a-w C:\WINDOWS\system32\perfh00C.dat
2008-03-22 15:12:00 84,818 ----a-w C:\WINDOWS\system32\perfc00C.dat
2008-03-14 17:30:36 96,624 ----a-w C:\DOCUME~1\Herrmann\APPLIC~1\GDIPFONTCACHEV1.DAT
2008-03-01 13:11:32 96,624 ----a-w C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-03-01 10:05:16 -------- d-----w C:\Program Files\QuickTime
2008-03-01 10:01:26 -------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-01 09:18:10 -------- d-----w C:\Program Files\LastChaosUSA
2008-02-29 09:57:29 -------- d-----w C:\DOCUME~1\Herrmann\APPLIC~1\Skype
2008-02-28 09:33:43 -------- d-----w C:\Program Files\Sierra
2008-02-26 22:56:16 -------- d-----w C:\Program Files\mIRC
2008-02-25 11:47:55 -------- d-----w C:\Program Files\GeoVid
2008-02-25 10:41:30 -------- d-----w C:\Program Files\Fichiers communs\GeoVid
2008-02-22 12:20:25 -------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-22 11:58:11 -------- d-----w C:\Program Files\AutoMz
2008-02-22 11:57:56 -------- d-----w C:\Program Files\MZ U.T
2008-02-22 11:57:38 -------- d-----w C:\Program Files\MzVistaForce
2008-02-22 11:57:27 -------- d-----w C:\Program Files\Mz_CpuAcc
2008-02-22 11:56:24 -------- d-----w C:\Program Files\MzRam
2008-02-21 17:04:37 -------- d-----w C:\Program Files\Gpotato.eu
2008-02-18 16:50:56 -------- d-----w C:\Program Files\AxBx
2008-02-18 14:30:05 -------- d-----w C:\Program Files\Common Files
2008-02-18 12:36:49 -------- d-----w C:\DOCUME~1\Herrmann\APPLIC~1\TuneUp Software
2008-02-18 09:19:56 -------- d-----w C:\Program Files\Warcraft III
2008-02-16 15:34:00 -------- d-----w C:\Program Files\Sony Ericsson
2008-02-16 15:33:55 -------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2008-02-16 15:31:08 -------- d-----w C:\Program Files\Microsoft Silverlight
2008-02-16 15:20:42 -------- d-----w C:\Program Files\Zeb-Utility
2008-02-16 15:10:03 -------- d-----w C:\Program Files\EPSON
2008-02-16 15:06:13 -------- d-----w C:\Program Files\Canon
2008-02-09 20:38:00 118,019 ----a-w C:\WINDOWS\War3Unin.dat
2008-02-09 19:02:13 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-27 23:10:11 -------- d-----w C:\DOCUME~1\Herrmann\APPLIC~1\Apple Computer
2008-01-27 20:14:32 -------- d-----w C:\Program Files\Total Video Converter
2008-01-27 20:07:04 -------- d-----w C:\Program Files\AviSynth 2.5
2008-01-27 20:06:23 -------- d-----w C:\Program Files\eRightSoft
2008-01-14 12:52:00 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2006-05-03 10:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47:16 31,744 --sh--r C:\WINDOWS\system32\msfDX.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
2007-06-28 11:11 94308 --a------ C:\Program Files\FlashGet\jccatch.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 02:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2007-09-20 10:30 328752 --a------ C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-06-09 20:48 2436160 -ra------ c:\program files\google\googletoolbar2.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
2007-08-11 11:38 654832 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
2007-05-18 17:13 163840 --a------ C:\Program Files\FlashGet\getflash.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 10:38]
"WOOTASKBARICON"="C:\Program Files\Wanadoo\taskbaricon.exe" [2004-10-05 16:00]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 20:54]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-20 00:10 C:\WINDOWS\system32\bthprops.cpl]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-15 13:42]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
"Adobe Photoshop Album Starter Edition 3.0 component"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" []
"MzRamBooster"="C:\Program Files\MzRam\MzRamBooster.exe" [2008-02-01 10:01]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 19:46]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 13:29]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avg Antivirus]
C:\WINDOWS\system32\icpldrvx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNA]
"C:\Program Files\BitTorrent_DNA\dna.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
C:\Program Files\FlashGet\flashget.exe /min
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\program files\valve\steam\steam.exe" -silent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1959f36e-b489-11db-a425-000e505a106b}]
play\Command- "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1c608f9-8ceb-11db-a3ee-000e505a106b}]
Auto\command- J:\AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5e7790e-b483-11db-a424-000e505a106b}]
Rip\Command- "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:3 /RipAudioCD "%L"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6fab7d1-6428-11dc-9e22-000e505a106b}]
Auto\command- AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b35c35ff-a946-11db-a411-000e505a106b}]
Auto\command- J:\AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c45514a9-1667-11dc-a4c4-000e505a106b}]
Auto\command- L:\AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e004b519-14cb-11dc-a4c0-000e505a106b}]
Auto\command- AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f53af055-9b4a-11dc-80ca-000e505a106b}]
Auto\command- AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe448c1c-3243-11dc-a513-000e505a106b}]
Auto\command- J:\AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
Contents of the 'Scheduled Tasks' folder
2008-02-29 16:15:00 C:\WINDOWS\tasks\1-Click Maintenance.job
2008-03-23 19:02:10 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2008-03-24 06:33:41 C:\WINDOWS\tasks\MP Scheduled Scan.job
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-24 13:23:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2008-03-24 13:24:16
C:\ComboFix-quarantined-files.txt ... 2008-03-24 13:24
C:\ComboFix2.txt ... 2008-03-23 19:41
C:\ComboFix3.txt ... 2008-03-22 12:01
--- E O F ---
@+
Salut
Télécharge:
http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware
= Installer
= Le lancer
= Clic : Mise à jour
------
= Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.
Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
-------
= Dans ANALYSE ( en forme de loupe )
==> Paramètres ==> sous COMMENT REAGIR==>clic sur Actions recommandées ==>Quarantaine
==> Clic : Analyse complète du système
En fin de scan ( qui est assez long)
==> Clic Appliquer toutes les actions <== ceci Très important
==> Clic Sauvegarder rapport puis Enregistrer sous et choisir bureau
-------
En mode normal
colle le rapport
====================================
ensuite fait un scan en ligne
avec bitdefender et colle le rapport
https://www.bitdefender.com/toolbox/
un tuto
http://pageperso.aol.fr/rginformatique/mapage/defender.htm
ensuite un nouveau rapport hijack
@+
Télécharge:
http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware
= Installer
= Le lancer
= Clic : Mise à jour
------
= Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.
Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
-------
= Dans ANALYSE ( en forme de loupe )
==> Paramètres ==> sous COMMENT REAGIR==>clic sur Actions recommandées ==>Quarantaine
==> Clic : Analyse complète du système
En fin de scan ( qui est assez long)
==> Clic Appliquer toutes les actions <== ceci Très important
==> Clic Sauvegarder rapport puis Enregistrer sous et choisir bureau
-------
En mode normal
colle le rapport
====================================
ensuite fait un scan en ligne
avec bitdefender et colle le rapport
https://www.bitdefender.com/toolbox/
un tuto
http://pageperso.aol.fr/rginformatique/mapage/defender.htm
ensuite un nouveau rapport hijack
@+
