Virtumonde infeste .DLL file
Résolu/Fermé
hydracom
Messages postés
29
Date d'inscription
jeudi 24 avril 2008
Statut
Membre
Dernière intervention
15 juin 2010
-
24 avril 2008 à 16:59
hydracom Messages postés 29 Date d'inscription jeudi 24 avril 2008 Statut Membre Dernière intervention 15 juin 2010 - 26 avril 2008 à 00:03
hydracom Messages postés 29 Date d'inscription jeudi 24 avril 2008 Statut Membre Dernière intervention 15 juin 2010 - 26 avril 2008 à 00:03
14 réponses
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
24 avril 2008 à 17:03
24 avril 2008 à 17:03
slt
vire ce qui est en quarantaine (sauvegarde) de spybot
________________
scan avec vundofix (colle le rapport)
Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4
Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.
Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.
__________________
virtumondebegone (colle le rapport)
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
______________________
Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
_______________________
vire spybot et installe la derniere version 1.5.2
_____________________
mettre la derniere version d'internet explorer
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
recolle un nouveau hijackthis
a plus
vire ce qui est en quarantaine (sauvegarde) de spybot
________________
scan avec vundofix (colle le rapport)
Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4
Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.
Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.
__________________
virtumondebegone (colle le rapport)
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
______________________
Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
_______________________
vire spybot et installe la derniere version 1.5.2
_____________________
mettre la derniere version d'internet explorer
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
recolle un nouveau hijackthis
a plus
Utilisateur anonyme
24 avril 2008 à 17:07
24 avril 2008 à 17:07
salut
supprime se que te dit spybot
puis telecharge ad-aware + malwarebytes mes les a jours puis fait un scan en mode normale et mode sans echec puis suppprime tous se qu'ils trouvent
puis recolle moi un log hijackthis!!
(fait un scan complet pour ad-aware et malwarebytes)
et passe un de ton antivirus norton
(on changera peut etre norton pour antivir)
supprime se que te dit spybot
puis telecharge ad-aware + malwarebytes mes les a jours puis fait un scan en mode normale et mode sans echec puis suppprime tous se qu'ils trouvent
puis recolle moi un log hijackthis!!
(fait un scan complet pour ad-aware et malwarebytes)
et passe un de ton antivirus norton
(on changera peut etre norton pour antivir)
hydracom
Messages postés
29
Date d'inscription
jeudi 24 avril 2008
Statut
Membre
Dernière intervention
15 juin 2010
24 avril 2008 à 17:48
24 avril 2008 à 17:48
1. J'ai scané avec VundoFix, RIEN trouvé !!
2. J'ai scané avec VirtumundoBeGone et ComboFix, les résultats sont en-dessous.
3. J'ai tout supprimé chaque fois tout ce que SpyBot a pu trouvé mais bon...ça change pas grand chose, les virus continuent à revenir.
4. J'ai NortonAV, mise à jour régulièrement. J'ai Ad-Aware 2007, pareil. J'ai scané avec les deux mais NAV ne trouvait RIEN et Ad-Aware trouvait Virtumonde une fois seulement, je l'ai supprimé . Mais après SpyBot trouve encore Virtumonde..
Résultat VBG
[04/24/2008, 17:29:06] - VirtumundoBeGone v1.5 ( "G:\Truyen tranh\Nouveau dossier\VirtumundoBeGone.exe" )
[04/24/2008, 17:29:11] - Detected System Information:
[04/24/2008, 17:29:11] - Windows Version: 5.1.2600, Service Pack 2
[04/24/2008, 17:29:11] - Current Username: NGUYEN Trung Hieu (Admin)
[04/24/2008, 17:29:11] - Windows is in NORMAL mode.
[04/24/2008, 17:29:11] - Searching for Browser Helper Objects:
[04/24/2008, 17:29:11] - BHO 1: {0055C089-8582-441B-A0BF-17B458C2A3A8} (IDMIEHlprObj Class)
[04/24/2008, 17:29:11] - BHO 2: {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
[04/24/2008, 17:29:11] - BHO 3: {072EE6CC-475A-4E6B-9302-274AA71B9908} ()
[04/24/2008, 17:29:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 17:29:11] - No filename found. Continuing.
[04/24/2008, 17:29:11] - BHO 4: {1753bd71-4ab4-4f04-b468-164e73e62d81} ()
[04/24/2008, 17:29:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 17:29:11] - No filename found. Continuing.
[04/24/2008, 17:29:11] - BHO 5: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[04/24/2008, 17:29:11] - BHO 6: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[04/24/2008, 17:29:11] - BHO 7: {5468800C-4BF2-424B-AA56-106C9806173E} ()
[04/24/2008, 17:29:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 17:29:11] - Checking for HKLM\...\Winlogon\Notify\hgGwVLCT
[04/24/2008, 17:29:11] - Key not found: HKLM\...\Winlogon\Notify\hgGwVLCT, continuing.
[04/24/2008, 17:29:11] - BHO 8: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
[04/24/2008, 17:29:11] - BHO 9: {7306ADF2-8640-4B78-A028-002395DAAE31} ()
[04/24/2008, 17:29:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 17:29:11] - Checking for HKLM\...\Winlogon\Notify\efcASlKe
[04/24/2008, 17:29:11] - Key not found: HKLM\...\Winlogon\Notify\efcASlKe, continuing.
[04/24/2008, 17:29:11] - BHO 10: {AB89A34B-2825-497E-8C19-E1F903F86346} ()
[04/24/2008, 17:29:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 17:29:11] - Checking for HKLM\...\Winlogon\Notify\qoMeBrpO
[04/24/2008, 17:29:11] - Key not found: HKLM\...\Winlogon\Notify\qoMeBrpO, continuing.
[04/24/2008, 17:29:11] - BHO 11: {C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA} ()
[04/24/2008, 17:29:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 17:29:11] - Checking for HKLM\...\Winlogon\Notify\ljJARIcD
[04/24/2008, 17:29:11] - Found: HKLM\...\Winlogon\Notify\ljJARIcD - This is probably Virtumundo.
[04/24/2008, 17:29:11] - Assigning {C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA} MSEvents Object
[04/24/2008, 17:29:11] - BHO list has been changed! Starting over...
[04/24/2008, 17:29:11] - BHO 1: {0055C089-8582-441B-A0BF-17B458C2A3A8} (IDMIEHlprObj Class)
[04/24/2008, 17:29:11] - BHO 2: {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
[04/24/2008, 17:29:11] - BHO 3: {072EE6CC-475A-4E6B-9302-274AA71B9908} ()
[04/24/2008, 17:29:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 17:29:11] - No filename found. Continuing.
[04/24/2008, 17:29:11] - BHO 4: {1753bd71-4ab4-4f04-b468-164e73e62d81} ()
[04/24/2008, 17:29:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 17:29:11] - No filename found. Continuing.
[04/24/2008, 17:29:11] - BHO 5: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[04/24/2008, 17:29:11] - BHO 6: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[04/24/2008, 17:29:11] - BHO 7: {5468800C-4BF2-424B-AA56-106C9806173E} ()
[04/24/2008, 17:29:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 17:29:11] - Checking for HKLM\...\Winlogon\Notify\hgGwVLCT
[04/24/2008, 17:29:11] - Key not found: HKLM\...\Winlogon\Notify\hgGwVLCT, continuing.
[04/24/2008, 17:29:12] - BHO 8: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
[04/24/2008, 17:29:12] - BHO 9: {7306ADF2-8640-4B78-A028-002395DAAE31} ()
[04/24/2008, 17:29:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 17:29:12] - Checking for HKLM\...\Winlogon\Notify\efcASlKe
[04/24/2008, 17:29:12] - Key not found: HKLM\...\Winlogon\Notify\efcASlKe, continuing.
[04/24/2008, 17:29:12] - BHO 10: {AB89A34B-2825-497E-8C19-E1F903F86346} ()
[04/24/2008, 17:29:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 17:29:12] - Checking for HKLM\...\Winlogon\Notify\qoMeBrpO
[04/24/2008, 17:29:12] - Key not found: HKLM\...\Winlogon\Notify\qoMeBrpO, continuing.
[04/24/2008, 17:29:12] - BHO 11: {C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA} (MSEvents Object)
[04/24/2008, 17:29:12] - ALERT: Found MSEvents Object!
[04/24/2008, 17:29:12] - BHO 12: {E23399DA-4A91-4216-B4BF-BF4744113902} ()
[04/24/2008, 17:29:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 17:29:12] - Checking for HKLM\...\Winlogon\Notify\ljJApMDv
[04/24/2008, 17:29:12] - Key not found: HKLM\...\Winlogon\Notify\ljJApMDv, continuing.
[04/24/2008, 17:29:12] - Finished Searching Browser Helper Objects
[04/24/2008, 17:29:12] - *** Detected MSEvents Object
[04/24/2008, 17:29:12] - Trying to remove MSEvents Object...
[04/24/2008, 17:29:13] - Terminating Process: IEXPLORE.EXE
[04/24/2008, 17:29:13] - Terminating Process: RUNDLL32.EXE
[04/24/2008, 17:29:13] - Disabling Automatic Shell Restart
[04/24/2008, 17:29:13] - Terminating Process: EXPLORER.EXE
[04/24/2008, 17:29:14] - Suspending the NT Session Manager System Service
[04/24/2008, 17:29:14] - Terminating Windows NT Logon/Logoff Manager
[04/24/2008, 17:29:14] - Re-enabling Automatic Shell Restart
[04/24/2008, 17:29:14] - File to disable: C:\WINDOWS\system32\ljJARIcD.dll
[04/24/2008, 17:29:14] - Renaming C:\WINDOWS\system32\ljJARIcD.dll -> C:\WINDOWS\system32\ljJARIcD.dll.vir
[04/24/2008, 17:29:14] - File successfully renamed!
[04/24/2008, 17:29:14] - Removing HKLM\...\Browser Helper Objects\{C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA}
[04/24/2008, 17:29:14] - Removing HKCR\CLSID\{C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA}
[04/24/2008, 17:29:14] - Adding Kill Bit for ActiveX for GUID: {C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA}
[04/24/2008, 17:29:14] - Deleting ATLEvents/MSEvents Registry entries
[04/24/2008, 17:29:14] - Removing HKLM\...\Winlogon\Notify\ljJARIcD
[04/24/2008, 17:29:15] - Searching for Browser Helper Objects:
[04/24/2008, 17:29:15] - BHO 1: {0055C089-8582-441B-A0BF-17B458C2A3A8} (IDMIEHlprObj Class)
[04/24/2008, 17:29:15] - BHO 2: {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
[04/24/2008, 17:29:15] - BHO 3: {072EE6CC-475A-4E6B-9302-274AA71B9908} ()
[04/24/2008, 17:29:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 17:29:15] - No filename found. Continuing.
[04/24/2008, 17:29:15] - BHO 4: {1753bd71-4ab4-4f04-b468-164e73e62d81} ()
[04/24/2008, 17:29:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 17:29:15] - No filename found. Continuing.
[04/24/2008, 17:29:15] - BHO 5: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[04/24/2008, 17:29:15] - BHO 6: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[04/24/2008, 17:29:15] - BHO 7: {5468800C-4BF2-424B-AA56-106C9806173E} ()
[04/24/2008, 17:29:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 17:29:15] - Checking for HKLM\...\Winlogon\Notify\hgGwVLCT
[04/24/2008, 17:29:15] - Key not found: HKLM\...\Winlogon\Notify\hgGwVLCT, continuing.
[04/24/2008, 17:29:15] - BHO 8: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
[04/24/2008, 17:29:15] - BHO 9: {7306ADF2-8640-4B78-A028-002395DAAE31} ()
[04/24/2008, 17:29:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 17:29:15] - Checking for HKLM\...\Winlogon\Notify\efcASlKe
[04/24/2008, 17:29:15] - Key not found: HKLM\...\Winlogon\Notify\efcASlKe, continuing.
[04/24/2008, 17:29:15] - BHO 10: {AB89A34B-2825-497E-8C19-E1F903F86346} ()
[04/24/2008, 17:29:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 17:29:15] - Checking for HKLM\...\Winlogon\Notify\qoMeBrpO
[04/24/2008, 17:29:15] - Key not found: HKLM\...\Winlogon\Notify\qoMeBrpO, continuing.
[04/24/2008, 17:29:15] - BHO 11: {E23399DA-4A91-4216-B4BF-BF4744113902} ()
[04/24/2008, 17:29:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 17:29:15] - Checking for HKLM\...\Winlogon\Notify\ljJApMDv
[04/24/2008, 17:29:15] - Key not found: HKLM\...\Winlogon\Notify\ljJApMDv, continuing.
[04/24/2008, 17:29:15] - Finished Searching Browser Helper Objects
[04/24/2008, 17:29:15] - Finishing up...
[04/24/2008, 17:29:15] - A restart is needed.
[04/24/2008, 17:29:27] - Attempting to Restart via STOP error (Blue Screen!)
__________________________
Résultat ComboFix
ComboFix 08-04-22.5 - NGUYEN Trung Hieu 2008-04-24 17:33:51.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.609 [GMT 2:00]
Endroit: C:\Documents and Settings\NGUYEN Trung Hieu\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\eKlSAcfe.ini
C:\WINDOWS\system32\eKlSAcfe.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\opnkjGVo.dll
C:\WINDOWS\system32\OprBeMoq.ini
C:\WINDOWS\system32\OprBeMoq.ini2
C:\WINDOWS\system32\qoMEUnMf.dll
C:\WINDOWS\system32\TCLVwGgh.ini
C:\WINDOWS\system32\TCLVwGgh.ini2
C:\WINDOWS\system32\vDMpAJjl.ini
C:\WINDOWS\system32\vDMpAJjl.ini2
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-24 to 2008-04-24 ))))))))))))))))))))))))))))))))))))
.
2008-04-24 16:56 . 2008-04-24 16:56 <REP> d-------- C:\Program Files\Trend Micro
2008-04-24 16:29 . 2008-04-24 16:29 <REP> d-------- C:\VundoFix Backups
2008-04-24 15:32 . 2008-04-24 15:32 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-04-24 15:29 . 2007-09-26 18:32 66,048 --a------ C:\WINDOWS\ieResetIcons.exe
2008-04-24 13:35 . 2008-04-24 16:25 1,504,068 ---hs---- C:\WINDOWS\system32\hysjkmpe.ini
2008-04-24 13:32 . 2008-04-24 13:32 93,248 --------- C:\WINDOWS\system32\wpqdphsq.dll_old
2008-04-23 23:20 . 2008-04-24 00:24 1,540,729 ---hs---- C:\WINDOWS\system32\qnjqgral.ini
2008-04-23 22:56 . 2008-04-23 22:56 0 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-04-23 21:40 . 2008-04-23 22:21 1,540,617 ---hs---- C:\WINDOWS\system32\bhwfdtdd.ini
2008-04-23 21:28 . 2008-04-16 20:49 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-04-23 21:28 . 2008-04-16 20:49 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-04-23 21:28 . 2008-04-16 18:55 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-04-23 21:28 . 2008-04-16 20:49 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-04-23 21:28 . 2008-04-16 20:49 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-04-23 21:28 . 2008-04-16 20:49 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-04-23 21:28 . 2008-04-16 20:49 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-04-23 21:28 . 2008-04-23 21:28 <REP> d-------- C:\Documents and Settings\Administrateur
2008-04-23 21:28 . 2008-04-24 17:33 1,024 --ah----- C:\Documents and Settings\Administrateur\ntuser.dat.LOG
2008-04-23 18:56 . 2008-04-24 16:28 1,483 --a------ C:\WINDOWS\wininit.ini
2008-04-23 18:34 . 2008-04-23 18:34 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-23 18:34 . 2008-04-23 21:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-23 17:37 . 2008-04-23 17:37 <REP> d-------- C:\Program Files\Lavasoft
2008-04-23 17:36 . 2008-04-23 17:36 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-23 14:31 . 2008-04-23 19:55 1,540,737 ---hs---- C:\WINDOWS\system32\iqqifkgh.ini
2008-04-22 14:33 . 2008-04-23 09:51 1,540,797 ---hs---- C:\WINDOWS\system32\ypdcsoeg.ini
2008-04-22 14:29 . 2008-04-24 15:52 109,784 --a------ C:\WINDOWS\BM07f7532c.xml
2008-04-22 02:16 . 2008-04-23 17:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-22 02:16 . 2008-04-22 02:16 38,400 --a------ C:\WINDOWS\system32\ljJARIcD.dll.vir
2008-04-18 01:09 . 2008-04-23 21:22 463 --a------ C:\WINDOWS\FRENCHTL.INI
2008-04-18 01:07 . 2008-04-22 02:17 <REP> d-------- C:\Documents and Settings\NGUYEN Trung Hieu\Application Data\Lavasoft
2008-04-17 23:09 . 2008-04-17 23:09 3,932,214 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-04-17 23:09 . 2008-04-17 23:09 64,194 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-04-17 23:08 . 2008-04-17 23:09 6,120 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-04-17 23:07 . 2008-04-17 23:07 <REP> d-------- C:\WINDOWS\BricoPacks
2008-04-17 18:13 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-04-17 16:00 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-04-17 16:00 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-04-17 15:59 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-17 15:59 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-04-17 15:50 . 2008-04-17 15:50 <REP> d-------- C:\Program Files\Logitech
2008-04-17 15:50 . 2004-02-14 06:04 469,696 --a------ C:\WINDOWS\system32\drivers\lvcm.sys
2008-04-17 15:50 . 2004-02-14 06:08 372,736 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2008-04-17 15:50 . 2004-02-14 05:55 208,896 --a------ C:\WINDOWS\system32\lvcodec2.dll
2008-04-17 15:50 . 2004-02-14 06:01 204,800 --a------ C:\WINDOWS\system32\LVUI2.dll
2008-04-17 15:50 . 2004-02-14 05:53 110,592 --a------ C:\WINDOWS\system32\lvcoinst.dll
2008-04-17 15:50 . 2004-02-25 18:03 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
2008-04-17 15:50 . 2004-02-14 06:03 19,968 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2008-04-17 15:50 . 2004-02-14 05:39 5,993 --a------ C:\WINDOWS\system32\lvcoinst.ini
2008-04-17 15:49 . 2008-04-17 15:49 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2008-04-17 15:49 . 1998-11-13 13:16 308,224 --a------ C:\WINDOWS\IsUn040c.exe
2008-04-17 15:49 . 2008-04-17 15:49 272 --a------ C:\WINDOWS\_delis32.ini
2008-04-17 15:45 . 2008-04-17 15:45 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
2008-04-17 15:45 . 2008-04-17 15:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2008-04-17 15:42 . 2008-04-17 15:42 <REP> d-------- C:\WINDOWS\Downloaded Installations
2008-04-17 15:42 . 2008-04-17 19:07 <REP> d-------- C:\Documents and Settings\NGUYEN Trung Hieu\Application Data\Nokia
2008-04-17 15:42 . 2008-04-17 15:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-04-17 15:40 . 2008-04-17 15:40 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
2008-04-17 15:39 . 2008-04-17 15:39 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-17 15:39 . 2008-04-17 15:39 <REP> d-------- C:\Program Files\PC Connectivity Solution
2008-04-17 15:39 . 2008-04-17 15:45 <REP> d-------- C:\Program Files\Nokia
2008-04-17 15:39 . 2008-04-17 15:39 <REP> d-------- C:\Program Files\DIFX
2008-04-17 15:39 . 2008-04-17 15:39 <REP> d-------- C:\Documents and Settings\NGUYEN Trung Hieu\Application Data\PC Suite
2008-04-17 15:39 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-04-17 15:33 . 2008-04-17 15:33 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-17 15:33 . 2008-01-10 14:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-04-17 15:33 . 2006-09-24 17:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-04-17 15:33 . 2004-01-25 18:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-04-17 15:33 . 2008-01-10 14:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-04-17 15:33 . 2007-09-21 02:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-04-17 15:33 . 2008-03-28 19:41 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-04-17 15:33 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-04-17 15:33 . 2007-10-03 17:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-04-17 15:16 . 2008-04-17 15:26 152 --a------ C:\WINDOWS\system32\temp_0000_65-19.aok
2008-04-17 15:14 . 2008-04-17 15:16 153 --a------ C:\WINDOWS\system32\test.aok
2008-04-17 15:12 . 2008-04-17 15:12 <REP> d-------- C:\Program Files\Allok Video to MP4 Converter
2008-04-17 15:12 . 2002-10-05 07:04 921,600 --a------ C:\WINDOWS\system32\vorbisenc.dll
2008-04-17 15:12 . 2004-01-11 08:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax
2008-04-17 15:12 . 2002-10-07 02:42 237,568 --a------ C:\WINDOWS\system32\OggDS.dll
2008-04-17 15:12 . 2002-10-05 07:04 188,416 --a------ C:\WINDOWS\system32\vorbis.dll
2008-04-17 15:12 . 2007-04-12 14:19 129,024 --a------ C:\WINDOWS\system32\AVERM.dll
2008-04-17 15:12 . 2002-10-05 07:04 45,056 --a------ C:\WINDOWS\system32\ogg.dll
2008-04-17 15:12 . 2006-09-26 13:57 28,672 --a------ C:\WINDOWS\system32\AVEQT.dll
2008-04-17 14:38 . 2008-04-17 14:38 <REP> d-------- C:\Program Files\Webteh
2008-04-17 14:38 . 2008-04-17 14:39 <REP> d-------- C:\Documents and Settings\NGUYEN Trung Hieu\Application Data\BSplayer Pro
2008-04-17 14:36 . 2008-04-17 14:36 <REP> d-------- C:\Program Files\Gabest
2008-04-17 14:36 . 2008-04-17 14:36 <REP> d-------- C:\Documents and Settings\NGUYEN Trung Hieu\Application Data\DivX
2008-04-17 02:51 . 2008-04-17 15:33 <REP> d-------- C:\Program Files\DivX
2008-04-17 02:51 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\drivers\MPE.sys
2008-04-17 02:51 . 2004-08-03 23:10 15,360 --a--c--- C:\WINDOWS\system32\dllcache\mpe.sys
2008-04-17 02:51 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008-04-17 02:51 . 2004-08-03 23:10 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys
2008-04-17 02:51 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-04-17 02:51 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2008-04-17 02:49 . 2008-04-17 02:49 <REP> d-------- C:\Program Files\MSXML 4.0
2008-04-17 02:49 . 1998-11-02 20:57 196,096 --------- C:\WINDOWS\system32\MACD32.DLL
2008-04-17 02:49 . 1998-11-02 20:57 138,752 --------- C:\WINDOWS\system32\MASE32.DLL
2008-04-17 02:49 . 1998-11-02 20:57 136,192 --------- C:\WINDOWS\system32\MAMC32.DLL
2008-04-17 02:49 . 1998-11-02 20:57 57,856 --------- C:\WINDOWS\system32\MASD32.DLL
2008-04-17 02:49 . 1998-11-02 20:57 27,648 --------- C:\WINDOWS\system32\MA32.DLL
2008-04-17 02:47 . 2008-04-17 02:48 <REP> d-------- C:\Program Files\Pinnacle
2008-04-17 02:38 . 2008-04-17 02:38 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-04-17 02:38 . 2008-04-17 02:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-17 02:34 . 2008-04-22 01:58 <REP> d-------- C:\Program Files\Internet Download Manager
2008-04-17 02:34 . 2008-04-22 23:43 <REP> d-------- C:\Documents and Settings\NGUYEN Trung Hieu\Application Data\IDM
2008-04-17 02:34 . 2008-04-24 17:37 <REP> d-------- C:\Documents and Settings\NGUYEN Trung Hieu\Application Data\DMCache
2008-04-17 02:33 . 2008-04-17 02:38 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-04-17 02:29 . 2008-04-17 02:30 <REP> d-------- C:\Program Files\BitComet
2008-04-17 02:29 . 2008-04-20 19:21 <REP> d-------- C:\Downloads
2008-04-17 02:20 . 2008-04-17 02:20 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-04-17 02:18 . 2008-04-17 02:19 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-17 02:18 . 2008-04-17 02:18 <REP> d-------- C:\WINDOWS\speech
2008-04-17 02:17 . 2008-04-23 18:19 <REP> d-------- C:\Program Files\mtd2002
2008-04-17 02:15 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-04-17 02:15 . 2008-04-17 02:15 385 --a------ C:\WINDOWS\ODBC.INI
2008-04-17 02:13 . 2008-04-17 02:14 <REP> d-------- C:\WINDOWS\SHELLNEW
2008-04-17 02:13 . 2008-04-17 02:13 <REP> d-------- C:\Program Files\Microsoft.NET
2008-04-17 01:17 . 2008-04-17 03:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-04-16 21:07 . 2005-01-22 21:12 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2008-04-16 21:03 . 2008-04-16 21:03 <REP> d-------- C:\Program Files\WinPcap
2008-04-16 19:27 . 2008-04-17 02:18 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-04-16 19:27 . 2008-04-17 01:07 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-04-16 19:22 . 2008-04-16 19:22 <REP> d-------- C:\Program Files\Razer
2008-04-16 19:22 . 2005-12-08 13:43 65,536 --a------ C:\WINDOWS\system32\krait.cpl
2008-04-16 19:22 . 2005-12-07 17:27 13,324 --a------ C:\WINDOWS\system32\drivers\krait.sys
2008-04-16 19:15 . 2008-04-20 05:56 <REP> d-------- C:\Program Files\Norton AntiVirus
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-18 19:12 --------- d-----w C:\Documents and Settings\NGUYEN Trung Hieu\Application Data\Yahoo!
2008-04-16 18:32 --------- d-----w C:\Documents and Settings\NGUYEN Trung Hieu\Application Data\Talkback
2008-04-16 18:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-16 18:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-04-16 18:26 --------- d-----w C:\Program Files\Yahoo!
2008-04-16 18:14 --------- d-----w C:\Program Files\SymNetDrv
2008-04-16 16:58 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-16 16:57 --------- d-----w C:\Program Files\Services en ligne
.
------- Sigcheck -------
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-05 14:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2gdr\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2qfe\explorer.exe
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{072EE6CC-475A-4E6B-9302-274AA71B9908}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1753bd71-4ab4-4f04-b468-164e73e62d81}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5468800C-4BF2-424B-AA56-106C9806173E}]
C:\WINDOWS\system32\hgGwVLCT.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7306ADF2-8640-4B78-A028-002395DAAE31}]
C:\WINDOWS\system32\efcASlKe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB89A34B-2825-497E-8C19-E1F903F86346}]
C:\WINDOWS\system32\qoMeBrpO.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E23399DA-4A91-4216-B4BF-BF4744113902}]
C:\WINDOWS\system32\ljJApMDv.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"mtd2002Svr"="C:\Program Files\mtd2002\mtdserver.exe" [2002-10-05 13:05 544768]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-04-17 02:44 2586032]
"PMCRemote"="C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2007-07-04 13:52 253000]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-11-03 13:46 4800512]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-01-17 11:42 58728]
"Krait"="C:\Program Files\Razer\Krait\razerhid.exe" [2006-01-24 10:38 147456]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-04-16 20:14 100056]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 14:44 3100672]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-02-25 16:15 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-25 17:15 454656]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-25 17:06 212992]
"04c460b0"="C:\WINDOWS\system32\epmkjsyh.dll" [ ]
"BM07f7532c"="C:\WINDOWS\system32\kfpgpion.dll" [ ]
"@"="" []
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJARIcD]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.enc"= ITIG726.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"E:\\Games\\Warcraft III\\war3.exe"=
"C:\\Program Files\\mtd2002\\mtdserver.exe"=
"E:\\Games\\Counter-Strike1.6v19\\hl.exe"=
"E:\\Games\\CS11\\hl.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11549:TCP"= 11549:TCP:BitComet 11549 TCP
"11549:UDP"= 11549:UDP:BitComet 11549 UDP
R3 krait03;Razer krait USB Filter Driver;C:\WINDOWS\system32\Drivers\krait.sys [2005-12-07 17:27]
R3 Ltn_stk7070P;PCTV based TV tuner device;C:\WINDOWS\system32\DRIVERS\Ltn_stk7070P.sys [2007-06-14 14:41]
R3 Ltn_stkrc;PCTV Infrared Receiver;C:\WINDOWS\system32\DRIVERS\Ltn_stkrc.sys [2007-06-13 19:30]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 23:10]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-18 19:13:16 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - NGUYEN Trung Hieu.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-24 17:37:02
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCEVTMGR.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMNTOR.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Razer\Krait\razertra.exe
C:\Program Files\Razer\Krait\razerofa.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-24 17:41:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-24 15:41:53
Pre-Run: 6,773,886,976 octets libres
Post-Run: 6,845,509,632 octets libres
270 --- E O F --- 2008-04-24 13:39:11
Merci pour votre attention
En attendant votre réponse
2. J'ai scané avec VirtumundoBeGone et ComboFix, les résultats sont en-dessous.
3. J'ai tout supprimé chaque fois tout ce que SpyBot a pu trouvé mais bon...ça change pas grand chose, les virus continuent à revenir.
4. J'ai NortonAV, mise à jour régulièrement. J'ai Ad-Aware 2007, pareil. J'ai scané avec les deux mais NAV ne trouvait RIEN et Ad-Aware trouvait Virtumonde une fois seulement, je l'ai supprimé . Mais après SpyBot trouve encore Virtumonde..
Résultat VBG
[04/24/2008, 17:29:06] - VirtumundoBeGone v1.5 ( "G:\Truyen tranh\Nouveau dossier\VirtumundoBeGone.exe" )
[04/24/2008, 17:29:11] - Detected System Information:
[04/24/2008, 17:29:11] - Windows Version: 5.1.2600, Service Pack 2
[04/24/2008, 17:29:11] - Current Username: NGUYEN Trung Hieu (Admin)
[04/24/2008, 17:29:11] - Windows is in NORMAL mode.
[04/24/2008, 17:29:11] - Searching for Browser Helper Objects:
[04/24/2008, 17:29:11] - BHO 1: {0055C089-8582-441B-A0BF-17B458C2A3A8} (IDMIEHlprObj Class)
[04/24/2008, 17:29:11] - BHO 2: {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
[04/24/2008, 17:29:11] - BHO 3: {072EE6CC-475A-4E6B-9302-274AA71B9908} ()
[04/24/2008, 17:29:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 17:29:11] - No filename found. Continuing.
[04/24/2008, 17:29:11] - BHO 4: {1753bd71-4ab4-4f04-b468-164e73e62d81} ()
[04/24/2008, 17:29:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 17:29:11] - No filename found. Continuing.
[04/24/2008, 17:29:11] - BHO 5: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[04/24/2008, 17:29:11] - BHO 6: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[04/24/2008, 17:29:11] - BHO 7: {5468800C-4BF2-424B-AA56-106C9806173E} ()
[04/24/2008, 17:29:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 17:29:11] - Checking for HKLM\...\Winlogon\Notify\hgGwVLCT
[04/24/2008, 17:29:11] - Key not found: HKLM\...\Winlogon\Notify\hgGwVLCT, continuing.
[04/24/2008, 17:29:11] - BHO 8: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
[04/24/2008, 17:29:11] - BHO 9: {7306ADF2-8640-4B78-A028-002395DAAE31} ()
[04/24/2008, 17:29:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 17:29:11] - Checking for HKLM\...\Winlogon\Notify\efcASlKe
[04/24/2008, 17:29:11] - Key not found: HKLM\...\Winlogon\Notify\efcASlKe, continuing.
[04/24/2008, 17:29:11] - BHO 10: {AB89A34B-2825-497E-8C19-E1F903F86346} ()
[04/24/2008, 17:29:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 17:29:11] - Checking for HKLM\...\Winlogon\Notify\qoMeBrpO
[04/24/2008, 17:29:11] - Key not found: HKLM\...\Winlogon\Notify\qoMeBrpO, continuing.
[04/24/2008, 17:29:11] - BHO 11: {C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA} ()
[04/24/2008, 17:29:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 17:29:11] - Checking for HKLM\...\Winlogon\Notify\ljJARIcD
[04/24/2008, 17:29:11] - Found: HKLM\...\Winlogon\Notify\ljJARIcD - This is probably Virtumundo.
[04/24/2008, 17:29:11] - Assigning {C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA} MSEvents Object
[04/24/2008, 17:29:11] - BHO list has been changed! Starting over...
[04/24/2008, 17:29:11] - BHO 1: {0055C089-8582-441B-A0BF-17B458C2A3A8} (IDMIEHlprObj Class)
[04/24/2008, 17:29:11] - BHO 2: {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
[04/24/2008, 17:29:11] - BHO 3: {072EE6CC-475A-4E6B-9302-274AA71B9908} ()
[04/24/2008, 17:29:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 17:29:11] - No filename found. Continuing.
[04/24/2008, 17:29:11] - BHO 4: {1753bd71-4ab4-4f04-b468-164e73e62d81} ()
[04/24/2008, 17:29:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 17:29:11] - No filename found. Continuing.
[04/24/2008, 17:29:11] - BHO 5: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[04/24/2008, 17:29:11] - BHO 6: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[04/24/2008, 17:29:11] - BHO 7: {5468800C-4BF2-424B-AA56-106C9806173E} ()
[04/24/2008, 17:29:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 17:29:11] - Checking for HKLM\...\Winlogon\Notify\hgGwVLCT
[04/24/2008, 17:29:11] - Key not found: HKLM\...\Winlogon\Notify\hgGwVLCT, continuing.
[04/24/2008, 17:29:12] - BHO 8: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
[04/24/2008, 17:29:12] - BHO 9: {7306ADF2-8640-4B78-A028-002395DAAE31} ()
[04/24/2008, 17:29:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 17:29:12] - Checking for HKLM\...\Winlogon\Notify\efcASlKe
[04/24/2008, 17:29:12] - Key not found: HKLM\...\Winlogon\Notify\efcASlKe, continuing.
[04/24/2008, 17:29:12] - BHO 10: {AB89A34B-2825-497E-8C19-E1F903F86346} ()
[04/24/2008, 17:29:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 17:29:12] - Checking for HKLM\...\Winlogon\Notify\qoMeBrpO
[04/24/2008, 17:29:12] - Key not found: HKLM\...\Winlogon\Notify\qoMeBrpO, continuing.
[04/24/2008, 17:29:12] - BHO 11: {C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA} (MSEvents Object)
[04/24/2008, 17:29:12] - ALERT: Found MSEvents Object!
[04/24/2008, 17:29:12] - BHO 12: {E23399DA-4A91-4216-B4BF-BF4744113902} ()
[04/24/2008, 17:29:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 17:29:12] - Checking for HKLM\...\Winlogon\Notify\ljJApMDv
[04/24/2008, 17:29:12] - Key not found: HKLM\...\Winlogon\Notify\ljJApMDv, continuing.
[04/24/2008, 17:29:12] - Finished Searching Browser Helper Objects
[04/24/2008, 17:29:12] - *** Detected MSEvents Object
[04/24/2008, 17:29:12] - Trying to remove MSEvents Object...
[04/24/2008, 17:29:13] - Terminating Process: IEXPLORE.EXE
[04/24/2008, 17:29:13] - Terminating Process: RUNDLL32.EXE
[04/24/2008, 17:29:13] - Disabling Automatic Shell Restart
[04/24/2008, 17:29:13] - Terminating Process: EXPLORER.EXE
[04/24/2008, 17:29:14] - Suspending the NT Session Manager System Service
[04/24/2008, 17:29:14] - Terminating Windows NT Logon/Logoff Manager
[04/24/2008, 17:29:14] - Re-enabling Automatic Shell Restart
[04/24/2008, 17:29:14] - File to disable: C:\WINDOWS\system32\ljJARIcD.dll
[04/24/2008, 17:29:14] - Renaming C:\WINDOWS\system32\ljJARIcD.dll -> C:\WINDOWS\system32\ljJARIcD.dll.vir
[04/24/2008, 17:29:14] - File successfully renamed!
[04/24/2008, 17:29:14] - Removing HKLM\...\Browser Helper Objects\{C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA}
[04/24/2008, 17:29:14] - Removing HKCR\CLSID\{C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA}
[04/24/2008, 17:29:14] - Adding Kill Bit for ActiveX for GUID: {C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA}
[04/24/2008, 17:29:14] - Deleting ATLEvents/MSEvents Registry entries
[04/24/2008, 17:29:14] - Removing HKLM\...\Winlogon\Notify\ljJARIcD
[04/24/2008, 17:29:15] - Searching for Browser Helper Objects:
[04/24/2008, 17:29:15] - BHO 1: {0055C089-8582-441B-A0BF-17B458C2A3A8} (IDMIEHlprObj Class)
[04/24/2008, 17:29:15] - BHO 2: {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
[04/24/2008, 17:29:15] - BHO 3: {072EE6CC-475A-4E6B-9302-274AA71B9908} ()
[04/24/2008, 17:29:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 17:29:15] - No filename found. Continuing.
[04/24/2008, 17:29:15] - BHO 4: {1753bd71-4ab4-4f04-b468-164e73e62d81} ()
[04/24/2008, 17:29:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 17:29:15] - No filename found. Continuing.
[04/24/2008, 17:29:15] - BHO 5: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[04/24/2008, 17:29:15] - BHO 6: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[04/24/2008, 17:29:15] - BHO 7: {5468800C-4BF2-424B-AA56-106C9806173E} ()
[04/24/2008, 17:29:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 17:29:15] - Checking for HKLM\...\Winlogon\Notify\hgGwVLCT
[04/24/2008, 17:29:15] - Key not found: HKLM\...\Winlogon\Notify\hgGwVLCT, continuing.
[04/24/2008, 17:29:15] - BHO 8: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
[04/24/2008, 17:29:15] - BHO 9: {7306ADF2-8640-4B78-A028-002395DAAE31} ()
[04/24/2008, 17:29:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 17:29:15] - Checking for HKLM\...\Winlogon\Notify\efcASlKe
[04/24/2008, 17:29:15] - Key not found: HKLM\...\Winlogon\Notify\efcASlKe, continuing.
[04/24/2008, 17:29:15] - BHO 10: {AB89A34B-2825-497E-8C19-E1F903F86346} ()
[04/24/2008, 17:29:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 17:29:15] - Checking for HKLM\...\Winlogon\Notify\qoMeBrpO
[04/24/2008, 17:29:15] - Key not found: HKLM\...\Winlogon\Notify\qoMeBrpO, continuing.
[04/24/2008, 17:29:15] - BHO 11: {E23399DA-4A91-4216-B4BF-BF4744113902} ()
[04/24/2008, 17:29:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 17:29:15] - Checking for HKLM\...\Winlogon\Notify\ljJApMDv
[04/24/2008, 17:29:15] - Key not found: HKLM\...\Winlogon\Notify\ljJApMDv, continuing.
[04/24/2008, 17:29:15] - Finished Searching Browser Helper Objects
[04/24/2008, 17:29:15] - Finishing up...
[04/24/2008, 17:29:15] - A restart is needed.
[04/24/2008, 17:29:27] - Attempting to Restart via STOP error (Blue Screen!)
__________________________
Résultat ComboFix
ComboFix 08-04-22.5 - NGUYEN Trung Hieu 2008-04-24 17:33:51.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.609 [GMT 2:00]
Endroit: C:\Documents and Settings\NGUYEN Trung Hieu\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\eKlSAcfe.ini
C:\WINDOWS\system32\eKlSAcfe.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\opnkjGVo.dll
C:\WINDOWS\system32\OprBeMoq.ini
C:\WINDOWS\system32\OprBeMoq.ini2
C:\WINDOWS\system32\qoMEUnMf.dll
C:\WINDOWS\system32\TCLVwGgh.ini
C:\WINDOWS\system32\TCLVwGgh.ini2
C:\WINDOWS\system32\vDMpAJjl.ini
C:\WINDOWS\system32\vDMpAJjl.ini2
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-24 to 2008-04-24 ))))))))))))))))))))))))))))))))))))
.
2008-04-24 16:56 . 2008-04-24 16:56 <REP> d-------- C:\Program Files\Trend Micro
2008-04-24 16:29 . 2008-04-24 16:29 <REP> d-------- C:\VundoFix Backups
2008-04-24 15:32 . 2008-04-24 15:32 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-04-24 15:29 . 2007-09-26 18:32 66,048 --a------ C:\WINDOWS\ieResetIcons.exe
2008-04-24 13:35 . 2008-04-24 16:25 1,504,068 ---hs---- C:\WINDOWS\system32\hysjkmpe.ini
2008-04-24 13:32 . 2008-04-24 13:32 93,248 --------- C:\WINDOWS\system32\wpqdphsq.dll_old
2008-04-23 23:20 . 2008-04-24 00:24 1,540,729 ---hs---- C:\WINDOWS\system32\qnjqgral.ini
2008-04-23 22:56 . 2008-04-23 22:56 0 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-04-23 21:40 . 2008-04-23 22:21 1,540,617 ---hs---- C:\WINDOWS\system32\bhwfdtdd.ini
2008-04-23 21:28 . 2008-04-16 20:49 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-04-23 21:28 . 2008-04-16 20:49 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-04-23 21:28 . 2008-04-16 18:55 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-04-23 21:28 . 2008-04-16 20:49 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-04-23 21:28 . 2008-04-16 20:49 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-04-23 21:28 . 2008-04-16 20:49 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-04-23 21:28 . 2008-04-16 20:49 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-04-23 21:28 . 2008-04-23 21:28 <REP> d-------- C:\Documents and Settings\Administrateur
2008-04-23 21:28 . 2008-04-24 17:33 1,024 --ah----- C:\Documents and Settings\Administrateur\ntuser.dat.LOG
2008-04-23 18:56 . 2008-04-24 16:28 1,483 --a------ C:\WINDOWS\wininit.ini
2008-04-23 18:34 . 2008-04-23 18:34 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-23 18:34 . 2008-04-23 21:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-23 17:37 . 2008-04-23 17:37 <REP> d-------- C:\Program Files\Lavasoft
2008-04-23 17:36 . 2008-04-23 17:36 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-23 14:31 . 2008-04-23 19:55 1,540,737 ---hs---- C:\WINDOWS\system32\iqqifkgh.ini
2008-04-22 14:33 . 2008-04-23 09:51 1,540,797 ---hs---- C:\WINDOWS\system32\ypdcsoeg.ini
2008-04-22 14:29 . 2008-04-24 15:52 109,784 --a------ C:\WINDOWS\BM07f7532c.xml
2008-04-22 02:16 . 2008-04-23 17:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-22 02:16 . 2008-04-22 02:16 38,400 --a------ C:\WINDOWS\system32\ljJARIcD.dll.vir
2008-04-18 01:09 . 2008-04-23 21:22 463 --a------ C:\WINDOWS\FRENCHTL.INI
2008-04-18 01:07 . 2008-04-22 02:17 <REP> d-------- C:\Documents and Settings\NGUYEN Trung Hieu\Application Data\Lavasoft
2008-04-17 23:09 . 2008-04-17 23:09 3,932,214 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-04-17 23:09 . 2008-04-17 23:09 64,194 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-04-17 23:08 . 2008-04-17 23:09 6,120 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-04-17 23:07 . 2008-04-17 23:07 <REP> d-------- C:\WINDOWS\BricoPacks
2008-04-17 18:13 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-04-17 16:00 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-04-17 16:00 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-04-17 15:59 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-17 15:59 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-04-17 15:50 . 2008-04-17 15:50 <REP> d-------- C:\Program Files\Logitech
2008-04-17 15:50 . 2004-02-14 06:04 469,696 --a------ C:\WINDOWS\system32\drivers\lvcm.sys
2008-04-17 15:50 . 2004-02-14 06:08 372,736 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2008-04-17 15:50 . 2004-02-14 05:55 208,896 --a------ C:\WINDOWS\system32\lvcodec2.dll
2008-04-17 15:50 . 2004-02-14 06:01 204,800 --a------ C:\WINDOWS\system32\LVUI2.dll
2008-04-17 15:50 . 2004-02-14 05:53 110,592 --a------ C:\WINDOWS\system32\lvcoinst.dll
2008-04-17 15:50 . 2004-02-25 18:03 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
2008-04-17 15:50 . 2004-02-14 06:03 19,968 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2008-04-17 15:50 . 2004-02-14 05:39 5,993 --a------ C:\WINDOWS\system32\lvcoinst.ini
2008-04-17 15:49 . 2008-04-17 15:49 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2008-04-17 15:49 . 1998-11-13 13:16 308,224 --a------ C:\WINDOWS\IsUn040c.exe
2008-04-17 15:49 . 2008-04-17 15:49 272 --a------ C:\WINDOWS\_delis32.ini
2008-04-17 15:45 . 2008-04-17 15:45 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
2008-04-17 15:45 . 2008-04-17 15:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2008-04-17 15:42 . 2008-04-17 15:42 <REP> d-------- C:\WINDOWS\Downloaded Installations
2008-04-17 15:42 . 2008-04-17 19:07 <REP> d-------- C:\Documents and Settings\NGUYEN Trung Hieu\Application Data\Nokia
2008-04-17 15:42 . 2008-04-17 15:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-04-17 15:40 . 2008-04-17 15:40 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
2008-04-17 15:39 . 2008-04-17 15:39 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-17 15:39 . 2008-04-17 15:39 <REP> d-------- C:\Program Files\PC Connectivity Solution
2008-04-17 15:39 . 2008-04-17 15:45 <REP> d-------- C:\Program Files\Nokia
2008-04-17 15:39 . 2008-04-17 15:39 <REP> d-------- C:\Program Files\DIFX
2008-04-17 15:39 . 2008-04-17 15:39 <REP> d-------- C:\Documents and Settings\NGUYEN Trung Hieu\Application Data\PC Suite
2008-04-17 15:39 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-04-17 15:33 . 2008-04-17 15:33 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-17 15:33 . 2008-01-10 14:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-04-17 15:33 . 2006-09-24 17:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-04-17 15:33 . 2004-01-25 18:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-04-17 15:33 . 2008-01-10 14:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-04-17 15:33 . 2007-09-21 02:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-04-17 15:33 . 2008-03-28 19:41 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-04-17 15:33 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-04-17 15:33 . 2007-10-03 17:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-04-17 15:16 . 2008-04-17 15:26 152 --a------ C:\WINDOWS\system32\temp_0000_65-19.aok
2008-04-17 15:14 . 2008-04-17 15:16 153 --a------ C:\WINDOWS\system32\test.aok
2008-04-17 15:12 . 2008-04-17 15:12 <REP> d-------- C:\Program Files\Allok Video to MP4 Converter
2008-04-17 15:12 . 2002-10-05 07:04 921,600 --a------ C:\WINDOWS\system32\vorbisenc.dll
2008-04-17 15:12 . 2004-01-11 08:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax
2008-04-17 15:12 . 2002-10-07 02:42 237,568 --a------ C:\WINDOWS\system32\OggDS.dll
2008-04-17 15:12 . 2002-10-05 07:04 188,416 --a------ C:\WINDOWS\system32\vorbis.dll
2008-04-17 15:12 . 2007-04-12 14:19 129,024 --a------ C:\WINDOWS\system32\AVERM.dll
2008-04-17 15:12 . 2002-10-05 07:04 45,056 --a------ C:\WINDOWS\system32\ogg.dll
2008-04-17 15:12 . 2006-09-26 13:57 28,672 --a------ C:\WINDOWS\system32\AVEQT.dll
2008-04-17 14:38 . 2008-04-17 14:38 <REP> d-------- C:\Program Files\Webteh
2008-04-17 14:38 . 2008-04-17 14:39 <REP> d-------- C:\Documents and Settings\NGUYEN Trung Hieu\Application Data\BSplayer Pro
2008-04-17 14:36 . 2008-04-17 14:36 <REP> d-------- C:\Program Files\Gabest
2008-04-17 14:36 . 2008-04-17 14:36 <REP> d-------- C:\Documents and Settings\NGUYEN Trung Hieu\Application Data\DivX
2008-04-17 02:51 . 2008-04-17 15:33 <REP> d-------- C:\Program Files\DivX
2008-04-17 02:51 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\drivers\MPE.sys
2008-04-17 02:51 . 2004-08-03 23:10 15,360 --a--c--- C:\WINDOWS\system32\dllcache\mpe.sys
2008-04-17 02:51 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008-04-17 02:51 . 2004-08-03 23:10 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys
2008-04-17 02:51 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-04-17 02:51 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2008-04-17 02:49 . 2008-04-17 02:49 <REP> d-------- C:\Program Files\MSXML 4.0
2008-04-17 02:49 . 1998-11-02 20:57 196,096 --------- C:\WINDOWS\system32\MACD32.DLL
2008-04-17 02:49 . 1998-11-02 20:57 138,752 --------- C:\WINDOWS\system32\MASE32.DLL
2008-04-17 02:49 . 1998-11-02 20:57 136,192 --------- C:\WINDOWS\system32\MAMC32.DLL
2008-04-17 02:49 . 1998-11-02 20:57 57,856 --------- C:\WINDOWS\system32\MASD32.DLL
2008-04-17 02:49 . 1998-11-02 20:57 27,648 --------- C:\WINDOWS\system32\MA32.DLL
2008-04-17 02:47 . 2008-04-17 02:48 <REP> d-------- C:\Program Files\Pinnacle
2008-04-17 02:38 . 2008-04-17 02:38 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-04-17 02:38 . 2008-04-17 02:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-17 02:34 . 2008-04-22 01:58 <REP> d-------- C:\Program Files\Internet Download Manager
2008-04-17 02:34 . 2008-04-22 23:43 <REP> d-------- C:\Documents and Settings\NGUYEN Trung Hieu\Application Data\IDM
2008-04-17 02:34 . 2008-04-24 17:37 <REP> d-------- C:\Documents and Settings\NGUYEN Trung Hieu\Application Data\DMCache
2008-04-17 02:33 . 2008-04-17 02:38 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-04-17 02:29 . 2008-04-17 02:30 <REP> d-------- C:\Program Files\BitComet
2008-04-17 02:29 . 2008-04-20 19:21 <REP> d-------- C:\Downloads
2008-04-17 02:20 . 2008-04-17 02:20 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-04-17 02:18 . 2008-04-17 02:19 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-17 02:18 . 2008-04-17 02:18 <REP> d-------- C:\WINDOWS\speech
2008-04-17 02:17 . 2008-04-23 18:19 <REP> d-------- C:\Program Files\mtd2002
2008-04-17 02:15 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-04-17 02:15 . 2008-04-17 02:15 385 --a------ C:\WINDOWS\ODBC.INI
2008-04-17 02:13 . 2008-04-17 02:14 <REP> d-------- C:\WINDOWS\SHELLNEW
2008-04-17 02:13 . 2008-04-17 02:13 <REP> d-------- C:\Program Files\Microsoft.NET
2008-04-17 01:17 . 2008-04-17 03:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-04-16 21:07 . 2005-01-22 21:12 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2008-04-16 21:03 . 2008-04-16 21:03 <REP> d-------- C:\Program Files\WinPcap
2008-04-16 19:27 . 2008-04-17 02:18 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-04-16 19:27 . 2008-04-17 01:07 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-04-16 19:22 . 2008-04-16 19:22 <REP> d-------- C:\Program Files\Razer
2008-04-16 19:22 . 2005-12-08 13:43 65,536 --a------ C:\WINDOWS\system32\krait.cpl
2008-04-16 19:22 . 2005-12-07 17:27 13,324 --a------ C:\WINDOWS\system32\drivers\krait.sys
2008-04-16 19:15 . 2008-04-20 05:56 <REP> d-------- C:\Program Files\Norton AntiVirus
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-18 19:12 --------- d-----w C:\Documents and Settings\NGUYEN Trung Hieu\Application Data\Yahoo!
2008-04-16 18:32 --------- d-----w C:\Documents and Settings\NGUYEN Trung Hieu\Application Data\Talkback
2008-04-16 18:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-16 18:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-04-16 18:26 --------- d-----w C:\Program Files\Yahoo!
2008-04-16 18:14 --------- d-----w C:\Program Files\SymNetDrv
2008-04-16 16:58 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-16 16:57 --------- d-----w C:\Program Files\Services en ligne
.
------- Sigcheck -------
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-05 14:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2gdr\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2qfe\explorer.exe
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{072EE6CC-475A-4E6B-9302-274AA71B9908}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1753bd71-4ab4-4f04-b468-164e73e62d81}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5468800C-4BF2-424B-AA56-106C9806173E}]
C:\WINDOWS\system32\hgGwVLCT.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7306ADF2-8640-4B78-A028-002395DAAE31}]
C:\WINDOWS\system32\efcASlKe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB89A34B-2825-497E-8C19-E1F903F86346}]
C:\WINDOWS\system32\qoMeBrpO.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E23399DA-4A91-4216-B4BF-BF4744113902}]
C:\WINDOWS\system32\ljJApMDv.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"mtd2002Svr"="C:\Program Files\mtd2002\mtdserver.exe" [2002-10-05 13:05 544768]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-04-17 02:44 2586032]
"PMCRemote"="C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2007-07-04 13:52 253000]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-11-03 13:46 4800512]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-01-17 11:42 58728]
"Krait"="C:\Program Files\Razer\Krait\razerhid.exe" [2006-01-24 10:38 147456]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-04-16 20:14 100056]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 14:44 3100672]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-02-25 16:15 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-25 17:15 454656]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-25 17:06 212992]
"04c460b0"="C:\WINDOWS\system32\epmkjsyh.dll" [ ]
"BM07f7532c"="C:\WINDOWS\system32\kfpgpion.dll" [ ]
"@"="" []
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJARIcD]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.enc"= ITIG726.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"E:\\Games\\Warcraft III\\war3.exe"=
"C:\\Program Files\\mtd2002\\mtdserver.exe"=
"E:\\Games\\Counter-Strike1.6v19\\hl.exe"=
"E:\\Games\\CS11\\hl.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11549:TCP"= 11549:TCP:BitComet 11549 TCP
"11549:UDP"= 11549:UDP:BitComet 11549 UDP
R3 krait03;Razer krait USB Filter Driver;C:\WINDOWS\system32\Drivers\krait.sys [2005-12-07 17:27]
R3 Ltn_stk7070P;PCTV based TV tuner device;C:\WINDOWS\system32\DRIVERS\Ltn_stk7070P.sys [2007-06-14 14:41]
R3 Ltn_stkrc;PCTV Infrared Receiver;C:\WINDOWS\system32\DRIVERS\Ltn_stkrc.sys [2007-06-13 19:30]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 23:10]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-18 19:13:16 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - NGUYEN Trung Hieu.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-24 17:37:02
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCEVTMGR.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMNTOR.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Razer\Krait\razertra.exe
C:\Program Files\Razer\Krait\razerofa.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-24 17:41:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-24 15:41:53
Pre-Run: 6,773,886,976 octets libres
Post-Run: 6,845,509,632 octets libres
270 --- E O F --- 2008-04-24 13:39:11
Merci pour votre attention
En attendant votre réponse
hydracom
Messages postés
29
Date d'inscription
jeudi 24 avril 2008
Statut
Membre
Dernière intervention
15 juin 2010
24 avril 2008 à 18:48
24 avril 2008 à 18:48
Oais !! Le prob semble être résolu. j'ai pu chercher sur google de nouveau. Mais quand je fais un dernier scan avec Spybot, il m'en reste encore un Virtumonde, sur un ficher .DLL
Virtumonde.dll: [SBI $8AEDD710] Bibliothèque (Fichier, nothing done)
C:\WINDOWS\system32\wpqdphsq.dll_old
J'ai choisi "fixer les prob" et j'respère que ça va marcher. Mais de tout façon ça allait marcher. Merci bcp de votre aide.
Cependant j'ai une toute petite dernière question : une fois avec le Scan par SpyBot, je sais pas comment pas il arrive à supprimer des fichiers DLL qui sont infestés. Depuis chaque fois au démarrage, il y a des annonces du fait qu'il est impossible à trouver ces fichiers DLL pour exécuter. J'aimerai savoir
1. Si ça va influencer mon PC (ces fichiers DLL sont de Bibliothèque) ?
2. Si non, comment je fais pour arrêter ces annonces.
3. Est-ce que cé normale que SpyBot demande pour une autorisation quand il détecte un changement au niveau du registry (automatique) ?
Merci encore et bonne soirée
Virtumonde.dll: [SBI $8AEDD710] Bibliothèque (Fichier, nothing done)
C:\WINDOWS\system32\wpqdphsq.dll_old
J'ai choisi "fixer les prob" et j'respère que ça va marcher. Mais de tout façon ça allait marcher. Merci bcp de votre aide.
Cependant j'ai une toute petite dernière question : une fois avec le Scan par SpyBot, je sais pas comment pas il arrive à supprimer des fichiers DLL qui sont infestés. Depuis chaque fois au démarrage, il y a des annonces du fait qu'il est impossible à trouver ces fichiers DLL pour exécuter. J'aimerai savoir
1. Si ça va influencer mon PC (ces fichiers DLL sont de Bibliothèque) ?
2. Si non, comment je fais pour arrêter ces annonces.
3. Est-ce que cé normale que SpyBot demande pour une autorisation quand il détecte un changement au niveau du registry (automatique) ?
Merci encore et bonne soirée
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
24 avril 2008 à 18:52
24 avril 2008 à 18:52
non ca ta rien fais sur ton pc
telecharge ccleaner
aide ccleaner:
https://www.malekal.com/tutoriel-ccleaner/
puis si c'est resolue n'oublie pas de mettre resolue merci
telecharge ccleaner
aide ccleaner:
https://www.malekal.com/tutoriel-ccleaner/
puis si c'est resolue n'oublie pas de mettre resolue merci
hydracom
Messages postés
29
Date d'inscription
jeudi 24 avril 2008
Statut
Membre
Dernière intervention
15 juin 2010
24 avril 2008 à 19:20
24 avril 2008 à 19:20
Oais !! J'ai fini le dernier scan de SpyBot et j'ai plus rien. Le problème est résolu. Merci bcp pour votre aide. Cé vraiment efficace et rapide.
Je compterai sur vous pour des prochaines probs :p s'il y en aura.
Je compterai sur vous pour des prochaines probs :p s'il y en aura.
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
25 avril 2008 à 00:00
25 avril 2008 à 00:00
analyse ces fichiers usr virus total et dis lesquels sont infectés: https://www.virustotal.com/gui/
C:\WINDOWS\system32\hgGwVLCT.dll
C:\WINDOWS\system32\efcASlKe.dll
C:\WINDOWS\system32\qoMeBrpO.dll
C:\WINDOWS\system32\ljJApMDv.dll
C:\WINDOWS\system32\epmkjsyh.dll
C:\WINDOWS\system32\kfpgpion.dll
__________________
recolle un rapport hijakchtis
C:\WINDOWS\system32\hgGwVLCT.dll
C:\WINDOWS\system32\efcASlKe.dll
C:\WINDOWS\system32\qoMeBrpO.dll
C:\WINDOWS\system32\ljJApMDv.dll
C:\WINDOWS\system32\epmkjsyh.dll
C:\WINDOWS\system32\kfpgpion.dll
__________________
recolle un rapport hijakchtis
hydracom
Messages postés
29
Date d'inscription
jeudi 24 avril 2008
Statut
Membre
Dernière intervention
15 juin 2010
25 avril 2008 à 01:54
25 avril 2008 à 01:54
aucun de ces fichiers existe dans le répertoire.
Mais apparament ça a bien marché, même le CCleaner, ça m'aide beaucoup.
Merci encore
Mais apparament ça a bien marché, même le CCleaner, ça m'aide beaucoup.
Merci encore
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
25 avril 2008 à 09:36
25 avril 2008 à 09:36
recolle un nouveau rapport hijackthis et combofix pour verifier
hydracom
Messages postés
29
Date d'inscription
jeudi 24 avril 2008
Statut
Membre
Dernière intervention
15 juin 2010
25 avril 2008 à 20:32
25 avril 2008 à 20:32
Bonjour
Voici des récents rapports pour hijacjthis et ComboFix.
Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:25:51, on 25/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Razer\Krait\razerhid.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Razer\Krait\razertra.exe
C:\Program Files\Razer\Krait\razerofa.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {072EE6CC-475A-4E6B-9302-274AA71B9908} - (no file)
O2 - BHO: (no name) - {1753bd71-4ab4-4f04-b468-164e73e62d81} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5468800C-4BF2-424B-AA56-106C9806173E} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7306ADF2-8640-4B78-A028-002395DAAE31} - (no file)
O2 - BHO: (no name) - {AB89A34B-2825-497E-8C19-E1F903F86346} - (no file)
O2 - BHO: (no name) - {C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA} - (no file)
O2 - BHO: (no name) - {E23399DA-4A91-4216-B4BF-BF4744113902} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Krait] C:\Program Files\Razer\Krait\razerhid.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [mtd2002Svr] "C:\Program Files\mtd2002"\mtdserver.exe -f
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{F47559E9-5FCB-4EAD-A1A9-406404D6F601}: NameServer = 192.168.1.1
O20 - Winlogon Notify: ljJARIcD - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
Voici des récents rapports pour hijacjthis et ComboFix.
Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:25:51, on 25/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Razer\Krait\razerhid.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Razer\Krait\razertra.exe
C:\Program Files\Razer\Krait\razerofa.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {072EE6CC-475A-4E6B-9302-274AA71B9908} - (no file)
O2 - BHO: (no name) - {1753bd71-4ab4-4f04-b468-164e73e62d81} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5468800C-4BF2-424B-AA56-106C9806173E} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7306ADF2-8640-4B78-A028-002395DAAE31} - (no file)
O2 - BHO: (no name) - {AB89A34B-2825-497E-8C19-E1F903F86346} - (no file)
O2 - BHO: (no name) - {C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA} - (no file)
O2 - BHO: (no name) - {E23399DA-4A91-4216-B4BF-BF4744113902} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Krait] C:\Program Files\Razer\Krait\razerhid.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [mtd2002Svr] "C:\Program Files\mtd2002"\mtdserver.exe -f
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{F47559E9-5FCB-4EAD-A1A9-406404D6F601}: NameServer = 192.168.1.1
O20 - Winlogon Notify: ljJARIcD - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
25 avril 2008 à 21:32
25 avril 2008 à 21:32
relance hijackthis, fis DO A SYSTEM SCAN ONLY et fix ces lignes (fix cheked)
O2 - BHO: (no name) - {072EE6CC-475A-4E6B-9302-274AA71B9908} - (no file)
O2 - BHO: (no name) - {1753bd71-4ab4-4f04-b468-164e73e62d81} - (no file)
O2 - BHO: (no name) - {5468800C-4BF2-424B-AA56-106C9806173E} - (no file)
O2 - BHO: (no name) - {7306ADF2-8640-4B78-A028-002395DAAE31} - (no file)
O2 - BHO: (no name) - {AB89A34B-2825-497E-8C19-E1F903F86346} - (no file)
O2 - BHO: (no name) - {C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA} - (no file)
O2 - BHO: (no name) - {E23399DA-4A91-4216-B4BF-BF4744113902} - (no file)
O20 - Winlogon Notify: ljJARIcD - C:\WINDOWS\
______________
analyse ces fichier sur virus total (copie chaque fichier par copier/coller et mets les dans la recherche de virus total), ne les cherche pas toi meme car il peuvent etre cachés!
C:\WINDOWS\system32\hysjkmpe.ini
C:\WINDOWS\system32\qnjqgral.ini
C:\WINDOWS\system32\bhwfdtdd.ini
C:\WINDOWS\system32\iqqifkgh.ini
C:\WINDOWS\system32\ypdcsoeg.ini
C:\WINDOWS\system32\ljJARIcD.dll.vir
__________________
les fichiers infectés tu les mets dans la citation otmovit:
télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
________________
vire ce qui est dans moved files en allant dans psote de travail puis C puis otmovit
O2 - BHO: (no name) - {072EE6CC-475A-4E6B-9302-274AA71B9908} - (no file)
O2 - BHO: (no name) - {1753bd71-4ab4-4f04-b468-164e73e62d81} - (no file)
O2 - BHO: (no name) - {5468800C-4BF2-424B-AA56-106C9806173E} - (no file)
O2 - BHO: (no name) - {7306ADF2-8640-4B78-A028-002395DAAE31} - (no file)
O2 - BHO: (no name) - {AB89A34B-2825-497E-8C19-E1F903F86346} - (no file)
O2 - BHO: (no name) - {C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA} - (no file)
O2 - BHO: (no name) - {E23399DA-4A91-4216-B4BF-BF4744113902} - (no file)
O20 - Winlogon Notify: ljJARIcD - C:\WINDOWS\
______________
analyse ces fichier sur virus total (copie chaque fichier par copier/coller et mets les dans la recherche de virus total), ne les cherche pas toi meme car il peuvent etre cachés!
C:\WINDOWS\system32\hysjkmpe.ini
C:\WINDOWS\system32\qnjqgral.ini
C:\WINDOWS\system32\bhwfdtdd.ini
C:\WINDOWS\system32\iqqifkgh.ini
C:\WINDOWS\system32\ypdcsoeg.ini
C:\WINDOWS\system32\ljJARIcD.dll.vir
__________________
les fichiers infectés tu les mets dans la citation otmovit:
télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
________________
vire ce qui est dans moved files en allant dans psote de travail puis C puis otmovit
hydracom
Messages postés
29
Date d'inscription
jeudi 24 avril 2008
Statut
Membre
Dernière intervention
15 juin 2010
>
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
25 avril 2008 à 22:47
25 avril 2008 à 22:47
Salut,
Il y a un fichier qui est infesté par plusieurs sorts de virus @@ cé affreux.
OTMoveIt a réussi à enlever ce fichier
le rapport est voilà
C:\WINDOWS\system32\ljJARIcD.dll.vir moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04252008_224227
Les autres fichiers que tu m'as cité sont ok.
Les problèmes sont totalement résolus :-). Je ne sais pas comment te dire pour remercier, pas de façon français , je suis étranger :p. Bon !! Cam on rat rat nhieu :-) (cé ma langue maternelle)
Pour l'autre PC, je suis entrain de faire ce que tu m'as dit.
Il y a un fichier qui est infesté par plusieurs sorts de virus @@ cé affreux.
OTMoveIt a réussi à enlever ce fichier
le rapport est voilà
C:\WINDOWS\system32\ljJARIcD.dll.vir moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04252008_224227
Les autres fichiers que tu m'as cité sont ok.
Les problèmes sont totalement résolus :-). Je ne sais pas comment te dire pour remercier, pas de façon français , je suis étranger :p. Bon !! Cam on rat rat nhieu :-) (cé ma langue maternelle)
Pour l'autre PC, je suis entrain de faire ce que tu m'as dit.
hydracom
Messages postés
29
Date d'inscription
jeudi 24 avril 2008
Statut
Membre
Dernière intervention
15 juin 2010
25 avril 2008 à 21:04
25 avril 2008 à 21:04
Bonjour,
En fait j'ai un autre PC et le même problème avec. J'ai essayé de faire exactement la même chose mais ça marche pas. Il existe encore quelque sort de virus sous forme de sites web (viruseffaceur) qui saute tout le temps avec IE (et non pas with FireFox.
J'ai refait un scan avec Hijackthis et ComboFix. Veuillez jetter un coup d'oeil
Merci encore
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:21:20, on 24/04/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files\Lenovo\EnergyCut\utilty.exe
C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\ITECIR\x86\CIRAP.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcrobatInfo.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://webmail.utc.fr/login.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxyweb.utc.fr:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\EnergyCut\utilty.exe
O4 - HKLM\..\Run: [EnergyCut] C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [CIRAP] C:\Windows\ITECIR\x86\CIRAP.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [mtd2002Svr] "C:\Program Files\mtd2002"\mtdserver.exe -f
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\HANGHI~1\AppData\Local\Temp\khfETkhg.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\HANGHI~1\AppData\Local\Temp\iifGXpNe.dll,c
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\HANGHI~1\AppData\Local\Temp\dskienlv.dll",run
O4 - HKCU\..\Run: [86642310] rundll32.exe "C:\Users\HANGHI~1\AppData\Local\Temp\lmdpxmnm.dll",b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BM8557108c] Rundll32.exe "C:\Users\HANGHI~1\AppData\Local\Temp\spdoyylx.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: NewShortcut2.lnk = ?
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
En fait j'ai un autre PC et le même problème avec. J'ai essayé de faire exactement la même chose mais ça marche pas. Il existe encore quelque sort de virus sous forme de sites web (viruseffaceur) qui saute tout le temps avec IE (et non pas with FireFox.
J'ai refait un scan avec Hijackthis et ComboFix. Veuillez jetter un coup d'oeil
Merci encore
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:21:20, on 24/04/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files\Lenovo\EnergyCut\utilty.exe
C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\ITECIR\x86\CIRAP.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcrobatInfo.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://webmail.utc.fr/login.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxyweb.utc.fr:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\EnergyCut\utilty.exe
O4 - HKLM\..\Run: [EnergyCut] C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [CIRAP] C:\Windows\ITECIR\x86\CIRAP.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [mtd2002Svr] "C:\Program Files\mtd2002"\mtdserver.exe -f
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\HANGHI~1\AppData\Local\Temp\khfETkhg.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\HANGHI~1\AppData\Local\Temp\iifGXpNe.dll,c
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\HANGHI~1\AppData\Local\Temp\dskienlv.dll",run
O4 - HKCU\..\Run: [86642310] rundll32.exe "C:\Users\HANGHI~1\AppData\Local\Temp\lmdpxmnm.dll",b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BM8557108c] Rundll32.exe "C:\Users\HANGHI~1\AppData\Local\Temp\spdoyylx.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: NewShortcut2.lnk = ?
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
25 avril 2008 à 21:38
25 avril 2008 à 21:38
analyse ce fichier sur virus total tu le rajoute a la citation otmovit
C:\Users\HANGHI~1\AppData\Local\Temp\ibawsstp.dll
___________________________
télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\Users\HANGHI~1\AppData\Local\Temp\khfETkhg.dll
C:\Users\HANGHI~1\AppData\Local\Temp\iifGXpNe.dll
C:\Users\HANGHI~1\AppData\Local\Temp\dskienlv.dll
C:\Users\HANGHI~1\AppData\Local\Temp\lmdpxmnm.dll
C:\Users\HANGHI~1\AppData\Local\Temp\spdoyylx.dll
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
_______________________________
colle le rapport d'un scan en ligne
avec un des suivants:
(désactiver avast le temps du scan)
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
_________________________________
recolle un hijackthis et dis tes soucis
C:\Users\HANGHI~1\AppData\Local\Temp\ibawsstp.dll
___________________________
télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\Users\HANGHI~1\AppData\Local\Temp\khfETkhg.dll
C:\Users\HANGHI~1\AppData\Local\Temp\iifGXpNe.dll
C:\Users\HANGHI~1\AppData\Local\Temp\dskienlv.dll
C:\Users\HANGHI~1\AppData\Local\Temp\lmdpxmnm.dll
C:\Users\HANGHI~1\AppData\Local\Temp\spdoyylx.dll
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
_______________________________
colle le rapport d'un scan en ligne
avec un des suivants:
(désactiver avast le temps du scan)
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
_________________________________
recolle un hijackthis et dis tes soucis
hydracom
Messages postés
29
Date d'inscription
jeudi 24 avril 2008
Statut
Membre
Dernière intervention
15 juin 2010
25 avril 2008 à 23:58
25 avril 2008 à 23:58
Salut,
C:\Users\HANGHI~1\AppData\Local\Temp\ibawsstp.dll
Ce fichier est infesté gravement mais OTMoveIt n'a pas pu l'enlever, avec des autres fichiers non plus.
J'ai fait un scan en ligne avec Panda j'ai refait un Hijackthis scan, voici les résultats. Dis moi quoi fait suite :-/. En résume je n'ai pu rien faire. Mon PC marche pas très bien, il se plante souvent lorsque je lance IE ou FireFox et aller sur internet.
Panda
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-04-25 23:52:35
PROTECTIONS: 1
MALWARE: 10
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Norton AntiVirus 2007 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Hang Hieu\AppData\Roaming\Mozilla\Firefox\Profiles\iqlz1tk8.default\cookies.txt[.doubleclick.net/]
00139535 Application/Processor HackTools No 0 No No C:\Users\Hang Hieu\Desktop\VirtumundoBeGone.exe[²ƒÇ]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\Hang Hieu\AppData\Roaming\Mozilla\Firefox\Profiles\iqlz1tk8.default\cookies.txt[.yadro.ru/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\Hang Hieu\AppData\Roaming\Mozilla\Firefox\Profiles\iqlz1tk8.default\cookies.txt[.yadro.ru/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Hang Hieu\AppData\Roaming\Mozilla\Firefox\Profiles\iqlz1tk8.default\cookies.txt[.xiti.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Hang Hieu\AppData\Roaming\Microsoft\Windows\Cookies\Low\hang__hieu@xiti[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Hang Hieu\AppData\Roaming\Mozilla\Firefox\Profiles\iqlz1tk8.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Hang Hieu\AppData\Roaming\Microsoft\Windows\Cookies\hang__hieu@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Hang Hieu\AppData\Roaming\Mozilla\Firefox\Profiles\iqlz1tk8.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Hang Hieu\AppData\Roaming\Mozilla\Firefox\Profiles\iqlz1tk8.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Hang Hieu\AppData\Roaming\Mozilla\Firefox\Profiles\iqlz1tk8.default\cookies.txt[ad.yieldmanager.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Hang Hieu\AppData\Roaming\Mozilla\Firefox\Profiles\iqlz1tk8.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Hang Hieu\AppData\Roaming\Mozilla\Firefox\Profiles\iqlz1tk8.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Hang Hieu\AppData\Roaming\Mozilla\Firefox\Profiles\iqlz1tk8.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Hang Hieu\AppData\Roaming\Mozilla\Firefox\Profiles\iqlz1tk8.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Hang Hieu\AppData\Roaming\Mozilla\Firefox\Profiles\iqlz1tk8.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Hang Hieu\AppData\Roaming\Mozilla\Firefox\Profiles\iqlz1tk8.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Hang Hieu\AppData\Roaming\Mozilla\Firefox\Profiles\iqlz1tk8.default\cookies.txt[.bs.serving-sys.com/]
00519333 Application/Processor HackTools No 0 Yes No C:\Users\Hang Hieu\Desktop\VirtumundoBeGone.exe
01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\Users\Hang Hieu\Desktop\ComboFix.exe[327882R2FWJFW\NirCmdC.cfexe]
02917836 W32/Gaobot.OXI.worm Virus/Worm No 1 Yes No D:\Softwares\Nero 8.3.2.1 Ultra + Working Keygen(Vista Compatible).zip[Keygen.exe]
;===================================================================================================================================================================================
SUSPECTS
Sent Location 0=-_��(
3
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description 0=-_��(
3
;===================================================================================================================================================================================
;===================================================================================================================================================================================
HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:21:20, on 24/04/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files\Lenovo\EnergyCut\utilty.exe
C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\ITECIR\x86\CIRAP.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcrobatInfo.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://webmail.utc.fr/login.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxyweb.utc.fr:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\EnergyCut\utilty.exe
O4 - HKLM\..\Run: [EnergyCut] C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [CIRAP] C:\Windows\ITECIR\x86\CIRAP.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [mtd2002Svr] "C:\Program Files\mtd2002"\mtdserver.exe -f
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\HANGHI~1\AppData\Local\Temp\khfETkhg.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\HANGHI~1\AppData\Local\Temp\iifGXpNe.dll,c
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\HANGHI~1\AppData\Local\Temp\dskienlv.dll",run
O4 - HKCU\..\Run: [86642310] rundll32.exe "C:\Users\HANGHI~1\AppData\Local\Temp\lmdpxmnm.dll",b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BM8557108c] Rundll32.exe "C:\Users\HANGHI~1\AppData\Local\Temp\spdoyylx.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: NewShortcut2.lnk = ?
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Users\HANGHI~1\AppData\Local\Temp\ibawsstp.dll
Ce fichier est infesté gravement mais OTMoveIt n'a pas pu l'enlever, avec des autres fichiers non plus.
J'ai fait un scan en ligne avec Panda j'ai refait un Hijackthis scan, voici les résultats. Dis moi quoi fait suite :-/. En résume je n'ai pu rien faire. Mon PC marche pas très bien, il se plante souvent lorsque je lance IE ou FireFox et aller sur internet.
Panda
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-04-25 23:52:35
PROTECTIONS: 1
MALWARE: 10
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Norton AntiVirus 2007 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Hang Hieu\AppData\Roaming\Mozilla\Firefox\Profiles\iqlz1tk8.default\cookies.txt[.doubleclick.net/]
00139535 Application/Processor HackTools No 0 No No C:\Users\Hang Hieu\Desktop\VirtumundoBeGone.exe[²ƒÇ]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\Hang Hieu\AppData\Roaming\Mozilla\Firefox\Profiles\iqlz1tk8.default\cookies.txt[.yadro.ru/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\Hang Hieu\AppData\Roaming\Mozilla\Firefox\Profiles\iqlz1tk8.default\cookies.txt[.yadro.ru/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Hang Hieu\AppData\Roaming\Mozilla\Firefox\Profiles\iqlz1tk8.default\cookies.txt[.xiti.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Hang Hieu\AppData\Roaming\Microsoft\Windows\Cookies\Low\hang__hieu@xiti[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Hang Hieu\AppData\Roaming\Mozilla\Firefox\Profiles\iqlz1tk8.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Hang Hieu\AppData\Roaming\Microsoft\Windows\Cookies\hang__hieu@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Hang Hieu\AppData\Roaming\Mozilla\Firefox\Profiles\iqlz1tk8.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Hang Hieu\AppData\Roaming\Mozilla\Firefox\Profiles\iqlz1tk8.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Hang Hieu\AppData\Roaming\Mozilla\Firefox\Profiles\iqlz1tk8.default\cookies.txt[ad.yieldmanager.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Hang Hieu\AppData\Roaming\Mozilla\Firefox\Profiles\iqlz1tk8.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Hang Hieu\AppData\Roaming\Mozilla\Firefox\Profiles\iqlz1tk8.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Hang Hieu\AppData\Roaming\Mozilla\Firefox\Profiles\iqlz1tk8.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Hang Hieu\AppData\Roaming\Mozilla\Firefox\Profiles\iqlz1tk8.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Hang Hieu\AppData\Roaming\Mozilla\Firefox\Profiles\iqlz1tk8.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Hang Hieu\AppData\Roaming\Mozilla\Firefox\Profiles\iqlz1tk8.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Hang Hieu\AppData\Roaming\Mozilla\Firefox\Profiles\iqlz1tk8.default\cookies.txt[.bs.serving-sys.com/]
00519333 Application/Processor HackTools No 0 Yes No C:\Users\Hang Hieu\Desktop\VirtumundoBeGone.exe
01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\Users\Hang Hieu\Desktop\ComboFix.exe[327882R2FWJFW\NirCmdC.cfexe]
02917836 W32/Gaobot.OXI.worm Virus/Worm No 1 Yes No D:\Softwares\Nero 8.3.2.1 Ultra + Working Keygen(Vista Compatible).zip[Keygen.exe]
;===================================================================================================================================================================================
SUSPECTS
Sent Location 0=-_��(
3
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description 0=-_��(
3
;===================================================================================================================================================================================
;===================================================================================================================================================================================
HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:21:20, on 24/04/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files\Lenovo\EnergyCut\utilty.exe
C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\ITECIR\x86\CIRAP.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcrobatInfo.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://webmail.utc.fr/login.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxyweb.utc.fr:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\EnergyCut\utilty.exe
O4 - HKLM\..\Run: [EnergyCut] C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [CIRAP] C:\Windows\ITECIR\x86\CIRAP.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [mtd2002Svr] "C:\Program Files\mtd2002"\mtdserver.exe -f
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\HANGHI~1\AppData\Local\Temp\khfETkhg.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\HANGHI~1\AppData\Local\Temp\iifGXpNe.dll,c
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\HANGHI~1\AppData\Local\Temp\dskienlv.dll",run
O4 - HKCU\..\Run: [86642310] rundll32.exe "C:\Users\HANGHI~1\AppData\Local\Temp\lmdpxmnm.dll",b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BM8557108c] Rundll32.exe "C:\Users\HANGHI~1\AppData\Local\Temp\spdoyylx.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: NewShortcut2.lnk = ?
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
hydracom
Messages postés
29
Date d'inscription
jeudi 24 avril 2008
Statut
Membre
Dernière intervention
15 juin 2010
26 avril 2008 à 00:03
26 avril 2008 à 00:03
J'ai oublié le rapport de OTMoveIt
DllUnregisterServer procedure not found in C:\Users\HANGHI~1\AppData\Local\Temp\ibawsstp.dll
C:\Users\HANGHI~1\AppData\Local\Temp\ibawsstp.dll NOT unregistered.
File move failed. C:\Users\HANGHI~1\AppData\Local\Temp\ibawsstp.dll scheduled to be moved on reboot.
File/Folder C:\Users\HANGHI~1\AppData\Local\Temp\khfETkhg.dll not found.
DllUnregisterServer procedure not found in C:\Users\HANGHI~1\AppData\Local\Temp\iifGXpNe.dll
C:\Users\HANGHI~1\AppData\Local\Temp\iifGXpNe.dll NOT unregistered.
File move failed. C:\Users\HANGHI~1\AppData\Local\Temp\iifGXpNe.dll scheduled to be moved on reboot.
File/Folder C:\Users\HANGHI~1\AppData\Local\Temp\dskienlv.dll not found.
DllUnregisterServer procedure not found in C:\Users\HANGHI~1\AppData\Local\Temp\lmdpxmnm.dll
C:\Users\HANGHI~1\AppData\Local\Temp\lmdpxmnm.dll NOT unregistered.
File move failed. C:\Users\HANGHI~1\AppData\Local\Temp\lmdpxmnm.dll scheduled to be moved on reboot.
File/Folder C:\Users\HANGHI~1\AppData\Local\Temp\spdoyylx.dll not found.
OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04252008_223002
Files moved on Reboot...
DllUnregisterServer procedure not found in C:\Users\HANGHI~1\AppData\Local\Temp\ibawsstp.dll
C:\Users\HANGHI~1\AppData\Local\Temp\ibawsstp.dll NOT unregistered.
File move failed. C:\Users\HANGHI~1\AppData\Local\Temp\ibawsstp.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Users\HANGHI~1\AppData\Local\Temp\iifGXpNe.dll
C:\Users\HANGHI~1\AppData\Local\Temp\iifGXpNe.dll NOT unregistered.
File move failed. C:\Users\HANGHI~1\AppData\Local\Temp\iifGXpNe.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Users\HANGHI~1\AppData\Local\Temp\lmdpxmnm.dll
C:\Users\HANGHI~1\AppData\Local\Temp\lmdpxmnm.dll NOT unregistered.
File move failed. C:\Users\HANGHI~1\AppData\Local\Temp\lmdpxmnm.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Users\HANGHI~1\AppData\Local\Temp\ibawsstp.dll
C:\Users\HANGHI~1\AppData\Local\Temp\ibawsstp.dll NOT unregistered.
File move failed. C:\Users\HANGHI~1\AppData\Local\Temp\ibawsstp.dll scheduled to be moved on reboot.
File/Folder C:\Users\HANGHI~1\AppData\Local\Temp\khfETkhg.dll not found.
DllUnregisterServer procedure not found in C:\Users\HANGHI~1\AppData\Local\Temp\iifGXpNe.dll
C:\Users\HANGHI~1\AppData\Local\Temp\iifGXpNe.dll NOT unregistered.
File move failed. C:\Users\HANGHI~1\AppData\Local\Temp\iifGXpNe.dll scheduled to be moved on reboot.
File/Folder C:\Users\HANGHI~1\AppData\Local\Temp\dskienlv.dll not found.
DllUnregisterServer procedure not found in C:\Users\HANGHI~1\AppData\Local\Temp\lmdpxmnm.dll
C:\Users\HANGHI~1\AppData\Local\Temp\lmdpxmnm.dll NOT unregistered.
File move failed. C:\Users\HANGHI~1\AppData\Local\Temp\lmdpxmnm.dll scheduled to be moved on reboot.
File/Folder C:\Users\HANGHI~1\AppData\Local\Temp\spdoyylx.dll not found.
OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04252008_223002
Files moved on Reboot...
DllUnregisterServer procedure not found in C:\Users\HANGHI~1\AppData\Local\Temp\ibawsstp.dll
C:\Users\HANGHI~1\AppData\Local\Temp\ibawsstp.dll NOT unregistered.
File move failed. C:\Users\HANGHI~1\AppData\Local\Temp\ibawsstp.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Users\HANGHI~1\AppData\Local\Temp\iifGXpNe.dll
C:\Users\HANGHI~1\AppData\Local\Temp\iifGXpNe.dll NOT unregistered.
File move failed. C:\Users\HANGHI~1\AppData\Local\Temp\iifGXpNe.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Users\HANGHI~1\AppData\Local\Temp\lmdpxmnm.dll
C:\Users\HANGHI~1\AppData\Local\Temp\lmdpxmnm.dll NOT unregistered.
File move failed. C:\Users\HANGHI~1\AppData\Local\Temp\lmdpxmnm.dll scheduled to be moved on reboot.