TR/VundoGS
Résolu/Fermé
atchoum83440
Messages postés
28
Date d'inscription
jeudi 15 mai 2008
Statut
Membre
Dernière intervention
12 juin 2011
-
15 mai 2008 à 20:59
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 18 mai 2008 à 11:34
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 18 mai 2008 à 11:34
A voir également:
- TR/VundoGS
- Google tr - Télécharger - Traduction
- Sennheiser tr 4200 problème - Forum TV & Vidéo
- Problème casque sennheiser 4200 - Forum Casque et écouteurs
- We tr - Guide
- Tr/crypt.xpack.gen ✓ - Forum Virus
18 réponses
slt, sui ttes ces etapes merci:
-etape 1 : Hijackthis poste le rapport ici meme
- etape 2:
prend sa Dr Web CureIt ! analyse rapide puis complete
-etape3 :
AVG Anti-spyware et A-squared mise a jour des 2
-etape 4 :
CCleaner repare et nettoie
-etape 5 :
Disk Defrag
-etape 6 :
SmitFraudFix choisit la deuxieme reponse puis au bout d'un moment il va te dire:"voulez vous nettoyer le registre" met o
-etape 7 :
poste 1nouveau log de hijack
-etape 1 : Hijackthis poste le rapport ici meme
- etape 2:
prend sa Dr Web CureIt ! analyse rapide puis complete
-etape3 :
AVG Anti-spyware et A-squared mise a jour des 2
-etape 4 :
CCleaner repare et nettoie
-etape 5 :
Disk Defrag
-etape 6 :
SmitFraudFix choisit la deuxieme reponse puis au bout d'un moment il va te dire:"voulez vous nettoyer le registre" met o
-etape 7 :
poste 1nouveau log de hijack
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
15 mai 2008 à 21:14
15 mai 2008 à 21:14
tu es infécté par vundo effectivement le plus efficace sont ces trois logiciels qui sont specialisés
pour le virer:
scan avec vundofix (colle le rapport)
Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4
Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.
Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.
_______________
virtumondebegone (colle le rapport)
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
________________
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
pour le virer:
scan avec vundofix (colle le rapport)
Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4
Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.
Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.
_______________
virtumondebegone (colle le rapport)
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
________________
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
J'ai fait le Virtumondebegone tiens voila rapport
[05/16/2008, 20:01:27] - VirtumundoBeGone v1.5 ( "C:\Users\atchoum\Desktop\VirtumundoBeGone.exe" )
[05/16/2008, 20:02:11] - Detected System Information:
[05/16/2008, 20:02:11] - Windows Version: 6.0.6000,
[05/16/2008, 20:02:11] - Current Username: atchoum (Admin)
[05/16/2008, 20:02:11] - Windows is in NORMAL mode.
[05/16/2008, 20:02:11] - Searching for Browser Helper Objects:
[05/16/2008, 20:02:11] - BHO 1: {3FEA0DFA-2D2E-497F-AFC0-98DED4909973} ()
[05/16/2008, 20:02:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2008, 20:02:11] - Checking for HKLM\...\Winlogon\Notify\byvwt
[05/16/2008, 20:02:12] - Key not found: HKLM\...\Winlogon\Notify\byvwt, continuing.
[05/16/2008, 20:02:12] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[05/16/2008, 20:02:12] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/16/2008, 20:02:12] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[05/16/2008, 20:02:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2008, 20:02:12] - No filename found. Continuing.
[05/16/2008, 20:02:12] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[05/16/2008, 20:02:12] - Finished Searching Browser Helper Objects
[05/16/2008, 20:02:12] - Finishing up...
[05/16/2008, 20:02:12] - Nothing found! Exiting...
[05/16/2008, 20:01:27] - VirtumundoBeGone v1.5 ( "C:\Users\atchoum\Desktop\VirtumundoBeGone.exe" )
[05/16/2008, 20:02:11] - Detected System Information:
[05/16/2008, 20:02:11] - Windows Version: 6.0.6000,
[05/16/2008, 20:02:11] - Current Username: atchoum (Admin)
[05/16/2008, 20:02:11] - Windows is in NORMAL mode.
[05/16/2008, 20:02:11] - Searching for Browser Helper Objects:
[05/16/2008, 20:02:11] - BHO 1: {3FEA0DFA-2D2E-497F-AFC0-98DED4909973} ()
[05/16/2008, 20:02:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2008, 20:02:11] - Checking for HKLM\...\Winlogon\Notify\byvwt
[05/16/2008, 20:02:12] - Key not found: HKLM\...\Winlogon\Notify\byvwt, continuing.
[05/16/2008, 20:02:12] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[05/16/2008, 20:02:12] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/16/2008, 20:02:12] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[05/16/2008, 20:02:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2008, 20:02:12] - No filename found. Continuing.
[05/16/2008, 20:02:12] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[05/16/2008, 20:02:12] - Finished Searching Browser Helper Objects
[05/16/2008, 20:02:12] - Finishing up...
[05/16/2008, 20:02:12] - Nothing found! Exiting...
fix chechek sa (tuto--> http://pageperso.aol.fr/balltrap34/demohijack.htm ) :
-O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
-O2 - BHO: (no name) - {B2087576-4233-48D9-8D09-53EE51A3C1C1} - C:\Windows\system32\byvwt.dll
-O2 - BHO: (no name) - {E9383002-FC55-4330-B9C9-67E03BC5C840} - C:\Windows\system32\vtuss.dll
-O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\vtuss.dll,#1
-O4 - HKLM\..\Run: [BM93a94a07] Rundll32.exe "C:\Windows\system32\seeifoli.dll",s
-O20 - Winlogon Notify: winskf32 - winskf32.dll (file missing)
-O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
-O2 - BHO: (no name) - {B2087576-4233-48D9-8D09-53EE51A3C1C1} - C:\Windows\system32\byvwt.dll
-O2 - BHO: (no name) - {E9383002-FC55-4330-B9C9-67E03BC5C840} - C:\Windows\system32\vtuss.dll
-O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\vtuss.dll,#1
-O4 - HKLM\..\Run: [BM93a94a07] Rundll32.exe "C:\Windows\system32\seeifoli.dll",s
-O20 - Winlogon Notify: winskf32 - winskf32.dll (file missing)
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
15 mai 2008 à 21:19
15 mai 2008 à 21:19
slt shadowdu74, j'espère que tu ne prendra pas mal mon intervention, c'est juste pour t'aider a progresser
effectivement ces fichiers ont inféctés mais fixer les lignes ne suffit pas car les infections reviennent et reste dans l'ordi
il faut les virer par exemple combofix dans le cas de vundo ou en general tu peux utiliser
otmovit comme ceci
télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\Windows\system32\byvwt.dll
C:\Windows\system32\vtuss.dll
C:\Windows\system32\vtuss.dll
C:\Windows\system32\seeifoli.dll
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
effectivement ces fichiers ont inféctés mais fixer les lignes ne suffit pas car les infections reviennent et reste dans l'ordi
il faut les virer par exemple combofix dans le cas de vundo ou en general tu peux utiliser
otmovit comme ceci
télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\Windows\system32\byvwt.dll
C:\Windows\system32\vtuss.dll
C:\Windows\system32\vtuss.dll
C:\Windows\system32\seeifoli.dll
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
oki merci jlpjlp pour ton aide
Non VundoFix lorsque je lance le scan complet ne trouve rien du tout pas de fichier type vundo ni quoique ce soit
j'ai donc recommencer au post d'avant avec le scan complet et ej ssuis les etapes et je tiens au courant
JE te donne quand meme des precision sur ma config
je posséde un Ordi Hp avec Amd Dual Core 2.0Ghz carte graphique nvidia 5 ou 6 124Mo dédié 1Go de ram DDR2
Niveau protection: Antivirus Antivir de Avira free
Spybot et windefender pour les virus
Tune Up et Ashampoo pour les erreurs
j'ai donc recommencer au post d'avant avec le scan complet et ej ssuis les etapes et je tiens au courant
JE te donne quand meme des precision sur ma config
je posséde un Ordi Hp avec Amd Dual Core 2.0Ghz carte graphique nvidia 5 ou 6 124Mo dédié 1Go de ram DDR2
Niveau protection: Antivirus Antivir de Avira free
Spybot et windefender pour les virus
Tune Up et Ashampoo pour les erreurs
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
>
atchoum83440
16 mai 2008 à 20:03
16 mai 2008 à 20:03
virtumondebegone (colle le rapport)
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
________________
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
________________
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
15 mai 2008 à 21:32
15 mai 2008 à 21:32
pour vundo les 3 logiciels du message 3 sont les plus efficaces , malwarebyte's antimalware est aussi bon pour ça
atchoum83440
Messages postés
28
Date d'inscription
jeudi 15 mai 2008
Statut
Membre
Dernière intervention
12 juin 2011
16 mai 2008 à 20:04
16 mai 2008 à 20:04
J'ai fait Virtumondebegone voila le rapport
[05/16/2008, 20:01:27] - VirtumundoBeGone v1.5 ( "C:\Users\atchoum\Desktop\VirtumundoBeGone.exe" )
[05/16/2008, 20:02:11] - Detected System Information:
[05/16/2008, 20:02:11] - Windows Version: 6.0.6000,
[05/16/2008, 20:02:11] - Current Username: atchoum (Admin)
[05/16/2008, 20:02:11] - Windows is in NORMAL mode.
[05/16/2008, 20:02:11] - Searching for Browser Helper Objects:
[05/16/2008, 20:02:11] - BHO 1: {3FEA0DFA-2D2E-497F-AFC0-98DED4909973} ()
[05/16/2008, 20:02:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2008, 20:02:11] - Checking for HKLM\...\Winlogon\Notify\byvwt
[05/16/2008, 20:02:12] - Key not found: HKLM\...\Winlogon\Notify\byvwt, continuing.
[05/16/2008, 20:02:12] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[05/16/2008, 20:02:12] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/16/2008, 20:02:12] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[05/16/2008, 20:02:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2008, 20:02:12] - No filename found. Continuing.
[05/16/2008, 20:02:12] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[05/16/2008, 20:02:12] - Finished Searching Browser Helper Objects
[05/16/2008, 20:02:12] - Finishing up...
[05/16/2008, 20:02:12] - Nothing found! Exiting...
[05/16/2008, 20:01:27] - VirtumundoBeGone v1.5 ( "C:\Users\atchoum\Desktop\VirtumundoBeGone.exe" )
[05/16/2008, 20:02:11] - Detected System Information:
[05/16/2008, 20:02:11] - Windows Version: 6.0.6000,
[05/16/2008, 20:02:11] - Current Username: atchoum (Admin)
[05/16/2008, 20:02:11] - Windows is in NORMAL mode.
[05/16/2008, 20:02:11] - Searching for Browser Helper Objects:
[05/16/2008, 20:02:11] - BHO 1: {3FEA0DFA-2D2E-497F-AFC0-98DED4909973} ()
[05/16/2008, 20:02:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2008, 20:02:11] - Checking for HKLM\...\Winlogon\Notify\byvwt
[05/16/2008, 20:02:12] - Key not found: HKLM\...\Winlogon\Notify\byvwt, continuing.
[05/16/2008, 20:02:12] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[05/16/2008, 20:02:12] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/16/2008, 20:02:12] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[05/16/2008, 20:02:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2008, 20:02:12] - No filename found. Continuing.
[05/16/2008, 20:02:12] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[05/16/2008, 20:02:12] - Finished Searching Browser Helper Objects
[05/16/2008, 20:02:12] - Finishing up...
[05/16/2008, 20:02:12] - Nothing found! Exiting...
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
16 mai 2008 à 20:26
16 mai 2008 à 20:26
ok fais combofix maintenant
atchoum83440
Messages postés
28
Date d'inscription
jeudi 15 mai 2008
Statut
Membre
Dernière intervention
12 juin 2011
16 mai 2008 à 20:50
16 mai 2008 à 20:50
Voila le rapport de combo fix
ComboFix 08-05-15.3 - atchoum 2008-05-16 20:35:24.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.314 [GMT 2:00]
Endroit: C:\Users\atchoum\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Windows\system32\byvwt.dll
C:\Windows\system32\comsa32.sys
C:\Windows\system32\drmgs.sys
C:\Windows\System32\eehhk.ini
C:\Windows\System32\eehhk.ini2
C:\Windows\system32\efcay.dll
C:\Windows\System32\fgjjl.ini
C:\Windows\System32\fgjjl.ini2
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\MSINET.oca
C:\Windows\system32\pac.txt
C:\Windows\system32\seeifoli.dll
C:\Windows\system32\twvyb.ini
C:\Windows\System32\twvyb.ini2
C:\Windows\system32\veddxdas.dll
C:\Windows\system32\vlpjjtuf.dll
C:\Windows\system32\vtuss.dll
C:\Windows\system32\yacfe.ini
C:\Windows\System32\yacfe.ini2
----- BITS: Possible sites infect‚s -----
hxxp://theinstalls.com
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-16 to 2008-05-16 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier cr‚‚ dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 19:07 --------- d-----w C:\Program Files\Trend Micro
2008-05-15 18:35 --------- d-----w C:\Program Files\RogueRemover FREE
2008-05-15 17:28 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-13 15:39 --------- d-----w C:\Users\atchoum\AppData\Roaming\uTorrent
2008-05-01 14:26 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-05-01 14:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-01 14:05 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-01 10:12 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll
2008-04-26 19:03 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-04-26 18:32 --------- d-----w C:\ProgramData\Apple Computer
2008-04-26 18:22 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-26 18:10 --------- d-----w C:\Program Files\Foxit Software
2008-04-26 17:53 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-26 17:28 --------- d-----w C:\Users\atchoum\AppData\Roaming\Druide
2008-04-26 07:28 --------- d-----w C:\Program Files\Transcode360
2008-04-25 17:53 --------- d-----w C:\Program Files\DivX
2008-04-21 15:07 --------- d-----w C:\Program Files\QuickTime
2008-04-20 09:18 --------- d-----w C:\Program Files\uTorrent
2008-04-19 22:47 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-04-19 22:43 --------- d-----w C:\Users\atchoum\AppData\Roaming\My Games
2008-03-30 01:37 --------- d-----w C:\Program Files\GameSpy Arcade
2008-03-24 12:44 --------- d-----w C:\Users\atchoum\AppData\Roaming\Apple Computer
2008-03-19 18:47 4,608 ----a-w C:\Windows\System32\w95inf32.dll
2008-03-19 18:47 2,272 ----a-w C:\Windows\System32\w95inf16.dll
2008-03-17 09:30 --------- d-----w C:\Users\atchoum\AppData\Roaming\Image Zone Express
2008-03-17 09:23 --------- d-----w C:\Users\atchoum\AppData\Roaming\Printer Info Cache
2008-03-16 21:37 307,968 ----a-w C:\Windows\System32\TuneUpDefragService.exe
2008-03-11 21:00 409,600 ----a-w C:\Windows\System32\wrap_oal.dll
2008-03-11 21:00 114,688 ----a-w C:\Windows\System32\OpenAL32.dll
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-28 19:13 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-02-27 12:15 28,416 ----a-w C:\Windows\System32\uxtuneup.dll
2008-02-27 12:15 16,640 ----a-w C:\Windows\System32\authuitu.dll
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2007-09-17 18:28 174 --sha-w C:\Program Files\desktop.ini
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-16 19:28 1232896]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"DriveLED"="J:\Program Files\OO Software\DriveLED\oodled.exe" [2005-02-28 13:29 293376]
"PeerGuardian"="J:\Program Files\PeerGuardian2\pg2.exe" [2007-06-02 15:59 1457152]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 18:15 221184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-17 15:40 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 15:42 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2006-11-20 13:34 155648]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 15:16 65536]
"ooccctrl.exe"="J:\Program Files\OO Software\CleverCache\ooccctrl.exe" [2007-01-28 16:08 1911568]
"OODefragTray"="C:\Windows\system32\oodtray.exe" [2007-06-29 00:01 2512128]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 20:15 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 20:15 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 20:15 81920]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-14 21:14 262401]
"BM93a94a07"="C:\Windows\system32\nudfaxdj.dll" [ ]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Nolnstrumentation"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_lmwl]
fsp_lmwl.dll 2007-06-12 19:56 44400 C:\Windows\System32\fsp_lmwl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winskf32]
winskf32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"msacm.imc"= imc32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"Gestionnaire Antidote.exe"=J:\Program Files\Antidote\Gestionnaire Antidote.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"PAC7311_Monitor"=C:\Windows\PixArt\PAC7311\Monitor.exe
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"Transcode360"=C:\Program Files\Transcode360\Transcode360Tray.exe
"MSServer"=rundll32.exe C:\Windows\system32\khfge.dll,#1
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{13AC203D-38B6-4DF0-99DE-A6000DCBA468}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{87C25274-A5CA-412C-83ED-EA83E5E87399}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{4461F9CA-3507-4661-B5A3-87D872C57458}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{93CE7140-2063-426D-8320-64EE19097F00}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{04456528-1587-42B5-97AB-D180F4DA45A7}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{9EC78425-ABEF-4119-89A4-AE99509C389F}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{D142A534-4244-4896-9DC7-0D5EA35DDCB2}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"{068FCEB7-E411-445E-96C4-263187887218}"= UDP:7885:7885
"{8D29B88C-B8DF-442A-8C9E-33657CBD577B}"= TCP:7558:7885udp
"TCP Query User{B150A8C2-2869-4D83-AED5-19E90B795464}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{CBCC388E-2AA1-414B-AE8C-E0111DDA895A}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{19B1AABC-780B-4FE5-B48E-4C75BFD55971}"= TCP:8889:468
"{5D2E23CD-6C48-4214-9A65-1F273300BC16}"= Profile=Public|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C285AC17-F217-496A-B669-316735601E2D}"= Profile=Public|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9927D472-031B-4D21-9166-42412741CC3A}"= Disabled:C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3D4B4FF4-1B81-4050-9F60-50BA251B6868}"= Disabled:C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7B61000D-1DE4-4B63-9BD9-E1927A2DB8FA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B521AE01-2E24-45EF-9039-0D9E46AE79D2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{982127C9-407B-45AA-A2E5-82F0BD76807D}"= UDP:1401:xbox 360
"{85213D7D-E0BA-48E7-AB92-C6CC51FFB96B}"= TCP:1401:xbox 360
"TCP Query User{0DD16419-7E46-42ED-898D-26D94F07D371}C:\\program files\\transcode360\\transcode360tray.exe"= UDP:C:\program files\transcode360\transcode360tray.exe:
"UDP Query User{9B8050A4-EB45-4E70-85F2-41A5109E69CE}C:\\program files\\transcode360\\transcode360tray.exe"= TCP:C:\program files\transcode360\transcode360tray.exe:
"{09F3264F-50FC-476D-9786-C842884DE51B}"= UDP:54437:µtorTCP
"{5CE5F299-85C5-4F6A-9849-EF03F31EA599}"= TCP:54437:µto UDP
"TCP Query User{EF185A12-0EDB-4E71-B571-615A78CF55FA}J:\\program files\\foxit software\\pdf editor\\pdfedit.exe"= UDP:J:\program files\foxit software\pdf editor\pdfedit.exe:Foxit PDF Editor, the first REAL editor for PDF files!
"UDP Query User{1D5B8A8C-CF43-49D6-A7C3-01EDD15792E2}J:\\program files\\foxit software\\pdf editor\\pdfedit.exe"= TCP:J:\program files\foxit software\pdf editor\pdfedit.exe:Foxit PDF Editor, the first REAL editor for PDF files!
"TCP Query User{714DC2C7-0C1E-4F1F-82B2-5D171CC0F822}J:\\program files\\sacred underworld\\sacred.exe"= UDP:J:\program files\sacred underworld\sacred.exe:Sacred
"UDP Query User{0944B2FE-E828-4516-AEAC-12FF5E928F14}J:\\program files\\sacred underworld\\sacred.exe"= TCP:J:\program files\sacred underworld\sacred.exe:Sacred
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 OODrvled;OODrvled;C:\Windows\system32\DRIVERS\OODrvled.sys [2005-02-28 13:27]
R2 LmpcService;Lock My PC Service;J:\Program Files\Lock My PC 4\LmpcServ.exe [2007-06-12 16:47]
R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
R3 LMPC4;LMPC4;C:\Windows\system32\drivers\LMPC4.sys [2007-02-21 21:21]
R3 PAC7311;PAC7312 VGA USB Camera;C:\Windows\system32\DRIVERS\PA707UCM.SYS [2007-01-11 10:34]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-03-16 23:37]
S3 UMPass;Pilote Microsoft UMPass;C:\Windows\system32\DRIVERS\umpass.sys [2006-11-02 10:55]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
rsmsvcs REG_MULTI_SZ ntmssvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e70f95e-d4db-11db-bc8a-806e6f6e6963}]
\shell\AutoRun\command - E:\Monkey.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-16 18:42:07 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 20:44:51
Windows 6.0.6000 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
J:\Program Files\Lock My PC 4\lockpc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\System32\CISVC.EXE
C:\Windows\System32\Crypserv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\oodag.exe
J:\Program Files\OO Software\CleverCache\ooccag.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
C:\hp\KBD\kbd.exe
C:\Windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-16 20:48:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-16 18:48:05
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.
244 --- E O F --- 2008-05-15 17:28:30
ComboFix 08-05-15.3 - atchoum 2008-05-16 20:35:24.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.314 [GMT 2:00]
Endroit: C:\Users\atchoum\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Windows\system32\byvwt.dll
C:\Windows\system32\comsa32.sys
C:\Windows\system32\drmgs.sys
C:\Windows\System32\eehhk.ini
C:\Windows\System32\eehhk.ini2
C:\Windows\system32\efcay.dll
C:\Windows\System32\fgjjl.ini
C:\Windows\System32\fgjjl.ini2
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\MSINET.oca
C:\Windows\system32\pac.txt
C:\Windows\system32\seeifoli.dll
C:\Windows\system32\twvyb.ini
C:\Windows\System32\twvyb.ini2
C:\Windows\system32\veddxdas.dll
C:\Windows\system32\vlpjjtuf.dll
C:\Windows\system32\vtuss.dll
C:\Windows\system32\yacfe.ini
C:\Windows\System32\yacfe.ini2
----- BITS: Possible sites infect‚s -----
hxxp://theinstalls.com
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-16 to 2008-05-16 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier cr‚‚ dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 19:07 --------- d-----w C:\Program Files\Trend Micro
2008-05-15 18:35 --------- d-----w C:\Program Files\RogueRemover FREE
2008-05-15 17:28 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-13 15:39 --------- d-----w C:\Users\atchoum\AppData\Roaming\uTorrent
2008-05-01 14:26 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-05-01 14:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-01 14:05 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-01 10:12 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll
2008-04-26 19:03 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-04-26 18:32 --------- d-----w C:\ProgramData\Apple Computer
2008-04-26 18:22 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-26 18:10 --------- d-----w C:\Program Files\Foxit Software
2008-04-26 17:53 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-26 17:28 --------- d-----w C:\Users\atchoum\AppData\Roaming\Druide
2008-04-26 07:28 --------- d-----w C:\Program Files\Transcode360
2008-04-25 17:53 --------- d-----w C:\Program Files\DivX
2008-04-21 15:07 --------- d-----w C:\Program Files\QuickTime
2008-04-20 09:18 --------- d-----w C:\Program Files\uTorrent
2008-04-19 22:47 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-04-19 22:43 --------- d-----w C:\Users\atchoum\AppData\Roaming\My Games
2008-03-30 01:37 --------- d-----w C:\Program Files\GameSpy Arcade
2008-03-24 12:44 --------- d-----w C:\Users\atchoum\AppData\Roaming\Apple Computer
2008-03-19 18:47 4,608 ----a-w C:\Windows\System32\w95inf32.dll
2008-03-19 18:47 2,272 ----a-w C:\Windows\System32\w95inf16.dll
2008-03-17 09:30 --------- d-----w C:\Users\atchoum\AppData\Roaming\Image Zone Express
2008-03-17 09:23 --------- d-----w C:\Users\atchoum\AppData\Roaming\Printer Info Cache
2008-03-16 21:37 307,968 ----a-w C:\Windows\System32\TuneUpDefragService.exe
2008-03-11 21:00 409,600 ----a-w C:\Windows\System32\wrap_oal.dll
2008-03-11 21:00 114,688 ----a-w C:\Windows\System32\OpenAL32.dll
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-28 19:13 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-02-27 12:15 28,416 ----a-w C:\Windows\System32\uxtuneup.dll
2008-02-27 12:15 16,640 ----a-w C:\Windows\System32\authuitu.dll
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2007-09-17 18:28 174 --sha-w C:\Program Files\desktop.ini
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-16 19:28 1232896]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"DriveLED"="J:\Program Files\OO Software\DriveLED\oodled.exe" [2005-02-28 13:29 293376]
"PeerGuardian"="J:\Program Files\PeerGuardian2\pg2.exe" [2007-06-02 15:59 1457152]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 18:15 221184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-17 15:40 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 15:42 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2006-11-20 13:34 155648]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 15:16 65536]
"ooccctrl.exe"="J:\Program Files\OO Software\CleverCache\ooccctrl.exe" [2007-01-28 16:08 1911568]
"OODefragTray"="C:\Windows\system32\oodtray.exe" [2007-06-29 00:01 2512128]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 20:15 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 20:15 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 20:15 81920]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-14 21:14 262401]
"BM93a94a07"="C:\Windows\system32\nudfaxdj.dll" [ ]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Nolnstrumentation"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_lmwl]
fsp_lmwl.dll 2007-06-12 19:56 44400 C:\Windows\System32\fsp_lmwl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winskf32]
winskf32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"msacm.imc"= imc32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"Gestionnaire Antidote.exe"=J:\Program Files\Antidote\Gestionnaire Antidote.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"PAC7311_Monitor"=C:\Windows\PixArt\PAC7311\Monitor.exe
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"Transcode360"=C:\Program Files\Transcode360\Transcode360Tray.exe
"MSServer"=rundll32.exe C:\Windows\system32\khfge.dll,#1
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{13AC203D-38B6-4DF0-99DE-A6000DCBA468}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{87C25274-A5CA-412C-83ED-EA83E5E87399}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{4461F9CA-3507-4661-B5A3-87D872C57458}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{93CE7140-2063-426D-8320-64EE19097F00}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{04456528-1587-42B5-97AB-D180F4DA45A7}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{9EC78425-ABEF-4119-89A4-AE99509C389F}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{D142A534-4244-4896-9DC7-0D5EA35DDCB2}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"{068FCEB7-E411-445E-96C4-263187887218}"= UDP:7885:7885
"{8D29B88C-B8DF-442A-8C9E-33657CBD577B}"= TCP:7558:7885udp
"TCP Query User{B150A8C2-2869-4D83-AED5-19E90B795464}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{CBCC388E-2AA1-414B-AE8C-E0111DDA895A}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{19B1AABC-780B-4FE5-B48E-4C75BFD55971}"= TCP:8889:468
"{5D2E23CD-6C48-4214-9A65-1F273300BC16}"= Profile=Public|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C285AC17-F217-496A-B669-316735601E2D}"= Profile=Public|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9927D472-031B-4D21-9166-42412741CC3A}"= Disabled:C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3D4B4FF4-1B81-4050-9F60-50BA251B6868}"= Disabled:C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7B61000D-1DE4-4B63-9BD9-E1927A2DB8FA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B521AE01-2E24-45EF-9039-0D9E46AE79D2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{982127C9-407B-45AA-A2E5-82F0BD76807D}"= UDP:1401:xbox 360
"{85213D7D-E0BA-48E7-AB92-C6CC51FFB96B}"= TCP:1401:xbox 360
"TCP Query User{0DD16419-7E46-42ED-898D-26D94F07D371}C:\\program files\\transcode360\\transcode360tray.exe"= UDP:C:\program files\transcode360\transcode360tray.exe:
"UDP Query User{9B8050A4-EB45-4E70-85F2-41A5109E69CE}C:\\program files\\transcode360\\transcode360tray.exe"= TCP:C:\program files\transcode360\transcode360tray.exe:
"{09F3264F-50FC-476D-9786-C842884DE51B}"= UDP:54437:µtorTCP
"{5CE5F299-85C5-4F6A-9849-EF03F31EA599}"= TCP:54437:µto UDP
"TCP Query User{EF185A12-0EDB-4E71-B571-615A78CF55FA}J:\\program files\\foxit software\\pdf editor\\pdfedit.exe"= UDP:J:\program files\foxit software\pdf editor\pdfedit.exe:Foxit PDF Editor, the first REAL editor for PDF files!
"UDP Query User{1D5B8A8C-CF43-49D6-A7C3-01EDD15792E2}J:\\program files\\foxit software\\pdf editor\\pdfedit.exe"= TCP:J:\program files\foxit software\pdf editor\pdfedit.exe:Foxit PDF Editor, the first REAL editor for PDF files!
"TCP Query User{714DC2C7-0C1E-4F1F-82B2-5D171CC0F822}J:\\program files\\sacred underworld\\sacred.exe"= UDP:J:\program files\sacred underworld\sacred.exe:Sacred
"UDP Query User{0944B2FE-E828-4516-AEAC-12FF5E928F14}J:\\program files\\sacred underworld\\sacred.exe"= TCP:J:\program files\sacred underworld\sacred.exe:Sacred
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 OODrvled;OODrvled;C:\Windows\system32\DRIVERS\OODrvled.sys [2005-02-28 13:27]
R2 LmpcService;Lock My PC Service;J:\Program Files\Lock My PC 4\LmpcServ.exe [2007-06-12 16:47]
R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
R3 LMPC4;LMPC4;C:\Windows\system32\drivers\LMPC4.sys [2007-02-21 21:21]
R3 PAC7311;PAC7312 VGA USB Camera;C:\Windows\system32\DRIVERS\PA707UCM.SYS [2007-01-11 10:34]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-03-16 23:37]
S3 UMPass;Pilote Microsoft UMPass;C:\Windows\system32\DRIVERS\umpass.sys [2006-11-02 10:55]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
rsmsvcs REG_MULTI_SZ ntmssvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e70f95e-d4db-11db-bc8a-806e6f6e6963}]
\shell\AutoRun\command - E:\Monkey.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-16 18:42:07 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 20:44:51
Windows 6.0.6000 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
J:\Program Files\Lock My PC 4\lockpc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\System32\CISVC.EXE
C:\Windows\System32\Crypserv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\oodag.exe
J:\Program Files\OO Software\CleverCache\ooccag.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
C:\hp\KBD\kbd.exe
C:\Windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-16 20:48:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-16 18:48:05
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.
244 --- E O F --- 2008-05-15 17:28:30
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
16 mai 2008 à 21:02
16 mai 2008 à 21:02
parfait!!!
scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
________________
pour fusionner:
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
________________
Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\Windows\system32\khfge.dll
C:\Windows\system32\nudfaxdj.dll
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM93a94a07"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MSServer"=-
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Remets aussi un rapport Hijackthis et dis tes soucis actuels
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
________________
pour fusionner:
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
________________
Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\Windows\system32\khfge.dll
C:\Windows\system32\nudfaxdj.dll
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM93a94a07"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MSServer"=-
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Remets aussi un rapport Hijackthis et dis tes soucis actuels
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
atchoum83440
Messages postés
28
Date d'inscription
jeudi 15 mai 2008
Statut
Membre
Dernière intervention
12 juin 2011
16 mai 2008 à 21:16
16 mai 2008 à 21:16
Rapport du scan rapide de MalwareByte's Anti-Malware
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 755
Type de recherche: Examen rapide
Eléments examinés: 36335
Temps écoulé: 5 minute(s), 20 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM93a94a07 (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Windows\System32\pnVes06 (Trojan.Agent) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 755
Type de recherche: Examen rapide
Eléments examinés: 36335
Temps écoulé: 5 minute(s), 20 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM93a94a07 (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Windows\System32\pnVes06 (Trojan.Agent) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
16 mai 2008 à 21:20
16 mai 2008 à 21:20
ok fais le reste
atchoum83440
Messages postés
28
Date d'inscription
jeudi 15 mai 2008
Statut
Membre
Dernière intervention
12 juin 2011
16 mai 2008 à 21:28
16 mai 2008 à 21:28
combofix rapport:
ComboFix 08-05-15.3 - atchoum 2008-05-16 21:22:25.2 - NTFSx86
Endroit: C:\Users\atchoum\Desktop\ComboFix.exe
Command switches used :: C:\Users\atchoum\Desktop\CFscript.txt
* Création d'un nouveau point de restauration
FILE ::
C:\Windows\system32\khfge.dll
C:\Windows\system32\nudfaxdj.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-16 to 2008-05-16 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 19:08 --------- d-----w C:\Users\atchoum\AppData\Roaming\Malwarebytes
2008-05-16 19:08 --------- d-----w C:\ProgramData\Malwarebytes
2008-05-16 19:08 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-15 19:07 --------- d-----w C:\Program Files\Trend Micro
2008-05-15 18:35 --------- d-----w C:\Program Files\RogueRemover FREE
2008-05-15 17:28 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-13 15:39 --------- d-----w C:\Users\atchoum\AppData\Roaming\uTorrent
2008-05-05 18:46 27,048 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys
2008-05-05 18:46 15,864 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-05-01 14:26 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-05-01 14:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-01 14:05 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-01 10:12 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll
2008-04-26 19:03 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-04-26 18:32 --------- d-----w C:\ProgramData\Apple Computer
2008-04-26 18:22 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-26 18:10 --------- d-----w C:\Program Files\Foxit Software
2008-04-26 17:53 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-26 17:28 --------- d-----w C:\Users\atchoum\AppData\Roaming\Druide
2008-04-26 07:28 --------- d-----w C:\Program Files\Transcode360
2008-04-25 17:53 --------- d-----w C:\Program Files\DivX
2008-04-21 15:07 --------- d-----w C:\Program Files\QuickTime
2008-04-20 09:18 --------- d-----w C:\Program Files\uTorrent
2008-04-19 22:47 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-04-19 22:43 --------- d-----w C:\Users\atchoum\AppData\Roaming\My Games
2008-03-30 01:37 --------- d-----w C:\Program Files\GameSpy Arcade
2008-03-24 12:44 --------- d-----w C:\Users\atchoum\AppData\Roaming\Apple Computer
2008-03-19 18:47 4,608 ----a-w C:\Windows\System32\w95inf32.dll
2008-03-19 18:47 2,272 ----a-w C:\Windows\System32\w95inf16.dll
2008-03-17 09:30 --------- d-----w C:\Users\atchoum\AppData\Roaming\Image Zone Express
2008-03-17 09:23 --------- d-----w C:\Users\atchoum\AppData\Roaming\Printer Info Cache
2008-03-16 21:37 307,968 ----a-w C:\Windows\System32\TuneUpDefragService.exe
2008-03-11 21:00 409,600 ----a-w C:\Windows\System32\wrap_oal.dll
2008-03-11 21:00 114,688 ----a-w C:\Windows\System32\OpenAL32.dll
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-28 19:13 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-02-27 12:15 28,416 ----a-w C:\Windows\System32\uxtuneup.dll
2008-02-27 12:15 16,640 ----a-w C:\Windows\System32\authuitu.dll
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2007-09-17 18:28 174 --sha-w C:\Program Files\desktop.ini
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-16 19:28 1232896]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"DriveLED"="J:\Program Files\OO Software\DriveLED\oodled.exe" [2005-02-28 13:29 293376]
"PeerGuardian"="J:\Program Files\PeerGuardian2\pg2.exe" [2007-06-02 15:59 1457152]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 18:15 221184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-17 15:40 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 15:42 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2006-11-20 13:34 155648]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 15:16 65536]
"ooccctrl.exe"="J:\Program Files\OO Software\CleverCache\ooccctrl.exe" [2007-01-28 16:08 1911568]
"OODefragTray"="C:\Windows\system32\oodtray.exe" [2007-06-29 00:01 2512128]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 20:15 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 20:15 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 20:15 81920]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-14 21:14 262401]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Nolnstrumentation"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_lmwl]
fsp_lmwl.dll 2007-06-12 19:56 44400 C:\Windows\System32\fsp_lmwl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winskf32]
winskf32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"msacm.imc"= imc32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"Gestionnaire Antidote.exe"=J:\Program Files\Antidote\Gestionnaire Antidote.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"PAC7311_Monitor"=C:\Windows\PixArt\PAC7311\Monitor.exe
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"Transcode360"=C:\Program Files\Transcode360\Transcode360Tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{13AC203D-38B6-4DF0-99DE-A6000DCBA468}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{87C25274-A5CA-412C-83ED-EA83E5E87399}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{4461F9CA-3507-4661-B5A3-87D872C57458}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{93CE7140-2063-426D-8320-64EE19097F00}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{04456528-1587-42B5-97AB-D180F4DA45A7}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{9EC78425-ABEF-4119-89A4-AE99509C389F}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{D142A534-4244-4896-9DC7-0D5EA35DDCB2}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"{068FCEB7-E411-445E-96C4-263187887218}"= UDP:7885:7885
"{8D29B88C-B8DF-442A-8C9E-33657CBD577B}"= TCP:7558:7885udp
"TCP Query User{B150A8C2-2869-4D83-AED5-19E90B795464}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{CBCC388E-2AA1-414B-AE8C-E0111DDA895A}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{19B1AABC-780B-4FE5-B48E-4C75BFD55971}"= TCP:8889:468
"{5D2E23CD-6C48-4214-9A65-1F273300BC16}"= Profile=Public|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C285AC17-F217-496A-B669-316735601E2D}"= Profile=Public|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9927D472-031B-4D21-9166-42412741CC3A}"= Disabled:C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3D4B4FF4-1B81-4050-9F60-50BA251B6868}"= Disabled:C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7B61000D-1DE4-4B63-9BD9-E1927A2DB8FA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B521AE01-2E24-45EF-9039-0D9E46AE79D2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{982127C9-407B-45AA-A2E5-82F0BD76807D}"= UDP:1401:xbox 360
"{85213D7D-E0BA-48E7-AB92-C6CC51FFB96B}"= TCP:1401:xbox 360
"TCP Query User{0DD16419-7E46-42ED-898D-26D94F07D371}C:\\program files\\transcode360\\transcode360tray.exe"= UDP:C:\program files\transcode360\transcode360tray.exe:
"UDP Query User{9B8050A4-EB45-4E70-85F2-41A5109E69CE}C:\\program files\\transcode360\\transcode360tray.exe"= TCP:C:\program files\transcode360\transcode360tray.exe:
"{09F3264F-50FC-476D-9786-C842884DE51B}"= UDP:54437:µtorTCP
"{5CE5F299-85C5-4F6A-9849-EF03F31EA599}"= TCP:54437:µto UDP
"TCP Query User{EF185A12-0EDB-4E71-B571-615A78CF55FA}J:\\program files\\foxit software\\pdf editor\\pdfedit.exe"= UDP:J:\program files\foxit software\pdf editor\pdfedit.exe:Foxit PDF Editor, the first REAL editor for PDF files!
"UDP Query User{1D5B8A8C-CF43-49D6-A7C3-01EDD15792E2}J:\\program files\\foxit software\\pdf editor\\pdfedit.exe"= TCP:J:\program files\foxit software\pdf editor\pdfedit.exe:Foxit PDF Editor, the first REAL editor for PDF files!
"TCP Query User{714DC2C7-0C1E-4F1F-82B2-5D171CC0F822}J:\\program files\\sacred underworld\\sacred.exe"= UDP:J:\program files\sacred underworld\sacred.exe:Sacred
"UDP Query User{0944B2FE-E828-4516-AEAC-12FF5E928F14}J:\\program files\\sacred underworld\\sacred.exe"= TCP:J:\program files\sacred underworld\sacred.exe:Sacred
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 OODrvled;OODrvled;C:\Windows\system32\DRIVERS\OODrvled.sys [2005-02-28 13:27]
R2 LmpcService;Lock My PC Service;J:\Program Files\Lock My PC 4\LmpcServ.exe [2007-06-12 16:47]
R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
R3 LMPC4;LMPC4;C:\Windows\system32\drivers\LMPC4.sys [2007-02-21 21:21]
R3 PAC7311;PAC7312 VGA USB Camera;C:\Windows\system32\DRIVERS\PA707UCM.SYS [2007-01-11 10:34]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-03-16 23:37]
S3 UMPass;Pilote Microsoft UMPass;C:\Windows\system32\DRIVERS\umpass.sys [2006-11-02 10:55]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
rsmsvcs REG_MULTI_SZ ntmssvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e70f95e-d4db-11db-bc8a-806e6f6e6963}]
\shell\AutoRun\command - E:\Monkey.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-16 19:00:05 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 21:25:42
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-16 21:26:33
ComboFix-quarantined-files.txt 2008-05-16 19:26:27
ComboFix2.txt 2008-05-16 18:48:32
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
202 --- E O F --- 2008-05-15 17:28:30
Hijackthis rapport:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:27:04, on 16/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
J:\Program Files\Lock My PC 4\lockpc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
J:\Program Files\OO Software\CleverCache\ooccctrl.exe
C:\Windows\System32\oodtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
J:\Program Files\OO Software\DriveLED\oodled.exe
J:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\hp\kbd\kbd.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [ooccctrl.exe] J:\Program Files\OO Software\CleverCache\ooccctrl.exe /tasktray
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DriveLED] J:\Program Files\OO Software\DriveLED\oodled.exe
O4 - HKCU\..\Run: [PeerGuardian] J:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - J:\Program Files\Antidote\Internet Explorer\7\Antidote K - IE 7.htm (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - J:\Program Files\Antidote\Internet Explorer\7\Antidote D - IE 7.htm (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - J:\Program Files\Antidote\Internet Explorer\7\Antidote G - IE 7.htm (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: fsp_lmwl - C:\Windows\SYSTEM32\fsp_lmwl.dll
O20 - Winlogon Notify: winskf32 - winskf32.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lock My PC Service (LmpcService) - Unknown owner - J:\Program Files\Lock My PC 4\LmpcServ.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - J:\Program Files\OO Software\CleverCache\ooccag.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
ComboFix 08-05-15.3 - atchoum 2008-05-16 21:22:25.2 - NTFSx86
Endroit: C:\Users\atchoum\Desktop\ComboFix.exe
Command switches used :: C:\Users\atchoum\Desktop\CFscript.txt
* Création d'un nouveau point de restauration
FILE ::
C:\Windows\system32\khfge.dll
C:\Windows\system32\nudfaxdj.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-16 to 2008-05-16 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 19:08 --------- d-----w C:\Users\atchoum\AppData\Roaming\Malwarebytes
2008-05-16 19:08 --------- d-----w C:\ProgramData\Malwarebytes
2008-05-16 19:08 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-15 19:07 --------- d-----w C:\Program Files\Trend Micro
2008-05-15 18:35 --------- d-----w C:\Program Files\RogueRemover FREE
2008-05-15 17:28 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-13 15:39 --------- d-----w C:\Users\atchoum\AppData\Roaming\uTorrent
2008-05-05 18:46 27,048 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys
2008-05-05 18:46 15,864 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-05-01 14:26 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-05-01 14:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-01 14:05 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-01 10:12 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll
2008-04-26 19:03 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-04-26 18:32 --------- d-----w C:\ProgramData\Apple Computer
2008-04-26 18:22 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-26 18:10 --------- d-----w C:\Program Files\Foxit Software
2008-04-26 17:53 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-26 17:28 --------- d-----w C:\Users\atchoum\AppData\Roaming\Druide
2008-04-26 07:28 --------- d-----w C:\Program Files\Transcode360
2008-04-25 17:53 --------- d-----w C:\Program Files\DivX
2008-04-21 15:07 --------- d-----w C:\Program Files\QuickTime
2008-04-20 09:18 --------- d-----w C:\Program Files\uTorrent
2008-04-19 22:47 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-04-19 22:43 --------- d-----w C:\Users\atchoum\AppData\Roaming\My Games
2008-03-30 01:37 --------- d-----w C:\Program Files\GameSpy Arcade
2008-03-24 12:44 --------- d-----w C:\Users\atchoum\AppData\Roaming\Apple Computer
2008-03-19 18:47 4,608 ----a-w C:\Windows\System32\w95inf32.dll
2008-03-19 18:47 2,272 ----a-w C:\Windows\System32\w95inf16.dll
2008-03-17 09:30 --------- d-----w C:\Users\atchoum\AppData\Roaming\Image Zone Express
2008-03-17 09:23 --------- d-----w C:\Users\atchoum\AppData\Roaming\Printer Info Cache
2008-03-16 21:37 307,968 ----a-w C:\Windows\System32\TuneUpDefragService.exe
2008-03-11 21:00 409,600 ----a-w C:\Windows\System32\wrap_oal.dll
2008-03-11 21:00 114,688 ----a-w C:\Windows\System32\OpenAL32.dll
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-28 19:13 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-02-27 12:15 28,416 ----a-w C:\Windows\System32\uxtuneup.dll
2008-02-27 12:15 16,640 ----a-w C:\Windows\System32\authuitu.dll
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2007-09-17 18:28 174 --sha-w C:\Program Files\desktop.ini
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-16 19:28 1232896]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"DriveLED"="J:\Program Files\OO Software\DriveLED\oodled.exe" [2005-02-28 13:29 293376]
"PeerGuardian"="J:\Program Files\PeerGuardian2\pg2.exe" [2007-06-02 15:59 1457152]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 18:15 221184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-17 15:40 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 15:42 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2006-11-20 13:34 155648]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 15:16 65536]
"ooccctrl.exe"="J:\Program Files\OO Software\CleverCache\ooccctrl.exe" [2007-01-28 16:08 1911568]
"OODefragTray"="C:\Windows\system32\oodtray.exe" [2007-06-29 00:01 2512128]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 20:15 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 20:15 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 20:15 81920]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-14 21:14 262401]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Nolnstrumentation"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_lmwl]
fsp_lmwl.dll 2007-06-12 19:56 44400 C:\Windows\System32\fsp_lmwl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winskf32]
winskf32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"msacm.imc"= imc32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"Gestionnaire Antidote.exe"=J:\Program Files\Antidote\Gestionnaire Antidote.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"PAC7311_Monitor"=C:\Windows\PixArt\PAC7311\Monitor.exe
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"Transcode360"=C:\Program Files\Transcode360\Transcode360Tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{13AC203D-38B6-4DF0-99DE-A6000DCBA468}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{87C25274-A5CA-412C-83ED-EA83E5E87399}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{4461F9CA-3507-4661-B5A3-87D872C57458}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{93CE7140-2063-426D-8320-64EE19097F00}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{04456528-1587-42B5-97AB-D180F4DA45A7}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{9EC78425-ABEF-4119-89A4-AE99509C389F}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{D142A534-4244-4896-9DC7-0D5EA35DDCB2}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"{068FCEB7-E411-445E-96C4-263187887218}"= UDP:7885:7885
"{8D29B88C-B8DF-442A-8C9E-33657CBD577B}"= TCP:7558:7885udp
"TCP Query User{B150A8C2-2869-4D83-AED5-19E90B795464}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{CBCC388E-2AA1-414B-AE8C-E0111DDA895A}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{19B1AABC-780B-4FE5-B48E-4C75BFD55971}"= TCP:8889:468
"{5D2E23CD-6C48-4214-9A65-1F273300BC16}"= Profile=Public|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C285AC17-F217-496A-B669-316735601E2D}"= Profile=Public|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9927D472-031B-4D21-9166-42412741CC3A}"= Disabled:C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3D4B4FF4-1B81-4050-9F60-50BA251B6868}"= Disabled:C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7B61000D-1DE4-4B63-9BD9-E1927A2DB8FA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B521AE01-2E24-45EF-9039-0D9E46AE79D2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{982127C9-407B-45AA-A2E5-82F0BD76807D}"= UDP:1401:xbox 360
"{85213D7D-E0BA-48E7-AB92-C6CC51FFB96B}"= TCP:1401:xbox 360
"TCP Query User{0DD16419-7E46-42ED-898D-26D94F07D371}C:\\program files\\transcode360\\transcode360tray.exe"= UDP:C:\program files\transcode360\transcode360tray.exe:
"UDP Query User{9B8050A4-EB45-4E70-85F2-41A5109E69CE}C:\\program files\\transcode360\\transcode360tray.exe"= TCP:C:\program files\transcode360\transcode360tray.exe:
"{09F3264F-50FC-476D-9786-C842884DE51B}"= UDP:54437:µtorTCP
"{5CE5F299-85C5-4F6A-9849-EF03F31EA599}"= TCP:54437:µto UDP
"TCP Query User{EF185A12-0EDB-4E71-B571-615A78CF55FA}J:\\program files\\foxit software\\pdf editor\\pdfedit.exe"= UDP:J:\program files\foxit software\pdf editor\pdfedit.exe:Foxit PDF Editor, the first REAL editor for PDF files!
"UDP Query User{1D5B8A8C-CF43-49D6-A7C3-01EDD15792E2}J:\\program files\\foxit software\\pdf editor\\pdfedit.exe"= TCP:J:\program files\foxit software\pdf editor\pdfedit.exe:Foxit PDF Editor, the first REAL editor for PDF files!
"TCP Query User{714DC2C7-0C1E-4F1F-82B2-5D171CC0F822}J:\\program files\\sacred underworld\\sacred.exe"= UDP:J:\program files\sacred underworld\sacred.exe:Sacred
"UDP Query User{0944B2FE-E828-4516-AEAC-12FF5E928F14}J:\\program files\\sacred underworld\\sacred.exe"= TCP:J:\program files\sacred underworld\sacred.exe:Sacred
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 OODrvled;OODrvled;C:\Windows\system32\DRIVERS\OODrvled.sys [2005-02-28 13:27]
R2 LmpcService;Lock My PC Service;J:\Program Files\Lock My PC 4\LmpcServ.exe [2007-06-12 16:47]
R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
R3 LMPC4;LMPC4;C:\Windows\system32\drivers\LMPC4.sys [2007-02-21 21:21]
R3 PAC7311;PAC7312 VGA USB Camera;C:\Windows\system32\DRIVERS\PA707UCM.SYS [2007-01-11 10:34]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-03-16 23:37]
S3 UMPass;Pilote Microsoft UMPass;C:\Windows\system32\DRIVERS\umpass.sys [2006-11-02 10:55]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
rsmsvcs REG_MULTI_SZ ntmssvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e70f95e-d4db-11db-bc8a-806e6f6e6963}]
\shell\AutoRun\command - E:\Monkey.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-16 19:00:05 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 21:25:42
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-16 21:26:33
ComboFix-quarantined-files.txt 2008-05-16 19:26:27
ComboFix2.txt 2008-05-16 18:48:32
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
202 --- E O F --- 2008-05-15 17:28:30
Hijackthis rapport:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:27:04, on 16/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
J:\Program Files\Lock My PC 4\lockpc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
J:\Program Files\OO Software\CleverCache\ooccctrl.exe
C:\Windows\System32\oodtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
J:\Program Files\OO Software\DriveLED\oodled.exe
J:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\hp\kbd\kbd.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [ooccctrl.exe] J:\Program Files\OO Software\CleverCache\ooccctrl.exe /tasktray
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DriveLED] J:\Program Files\OO Software\DriveLED\oodled.exe
O4 - HKCU\..\Run: [PeerGuardian] J:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - J:\Program Files\Antidote\Internet Explorer\7\Antidote K - IE 7.htm (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - J:\Program Files\Antidote\Internet Explorer\7\Antidote D - IE 7.htm (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - J:\Program Files\Antidote\Internet Explorer\7\Antidote G - IE 7.htm (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: fsp_lmwl - C:\Windows\SYSTEM32\fsp_lmwl.dll
O20 - Winlogon Notify: winskf32 - winskf32.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lock My PC Service (LmpcService) - Unknown owner - J:\Program Files\Lock My PC 4\LmpcServ.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - J:\Program Files\OO Software\CleverCache\ooccag.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
16 mai 2008 à 21:38
16 mai 2008 à 21:38
analyse ce fichier sur virus total et dis moi si infécté si c'est le cas tu attendra pour la suite je modifirai le script suivant sinon tu continue
https://www.virustotal.com/gui/
J:\Program Files\OO Software\CleverCache\ooccctrl.exe
______________
Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\Windows\System32\fsp_lmwl.dll
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_lmwl]
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Remets aussi un rapport Hijackthis et dis tes soucis actuels
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
_________________
installe
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/28872.html
https://www.virustotal.com/gui/
J:\Program Files\OO Software\CleverCache\ooccctrl.exe
______________
Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\Windows\System32\fsp_lmwl.dll
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_lmwl]
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Remets aussi un rapport Hijackthis et dis tes soucis actuels
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
_________________
installe
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/28872.html
atchoum83440
Messages postés
28
Date d'inscription
jeudi 15 mai 2008
Statut
Membre
Dernière intervention
12 juin 2011
16 mai 2008 à 21:42
16 mai 2008 à 21:42
Fichier ooccctrl.exe reçu le 2008.05.11 11:15:40 (CET)
Situation actuelle: terminé
Résultat: 0/31 (0.00%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.5.10.0 2008.05.10 -
AntiVir 7.8.0.17 2008.05.09 -
Authentium 4.93.8 2008.05.11 -
Avast 4.8.1169.0 2008.05.10 -
AVG 7.5.0.516 2008.05.10 -
BitDefender 7.2 2008.05.08 -
CAT-QuickHeal 9.50 2008.05.10 -
ClamAV 0.92.1 2008.05.10 -
DrWeb 4.44.0.09170 2008.05.10 -
eSafe 7.0.15.0 2008.05.09 -
eTrust-Vet 31.4.5771 2008.05.08 -
Ewido 4.0 2008.05.10 -
F-Prot 4.4.2.54 2008.05.10 -
F-Secure 6.70.13260.0 2008.05.10 -
Fortinet 3.14.0.0 2008.05.11 -
Ikarus T3.1.1.26.0 2008.05.11 -
Kaspersky 7.0.0.125 2008.05.11 -
McAfee 5292 2008.05.10 -
Microsoft 1.3408 2008.05.11 -
NOD32v2 3090 2008.05.09 -
Norman 5.80.02 2008.05.09 -
Panda 9.0.0.4 2008.05.10 -
Prevx1 V2 2008.05.11 -
Rising 20.43.60.00 2008.05.11 -
Sophos 4.29.0 2008.05.11 -
Sunbelt 3.0.1097.0 2008.05.07 -
Symantec 10 2008.05.11 -
TheHacker 6.2.92.307 2008.05.11 -
VBA32 3.12.6.5 2008.05.10 -
VirusBuster 4.3.26:9 2008.05.10 -
Webwasher-Gateway 6.6.2 2008.05.09 -
Information additionnelle
File size: 1911568 bytes
MD5...: df7dc2814970027f85c91f330213bdb7
SHA1..: 4a4aa97d10f2fcd4c89a92069593ab6bc33b18e1
SHA256: 159580f3482c97fe1cd622903a37ec7f8e939205baa728c3e90a0492a1717f3f
SHA512: c16c8fec3559ae19461fe818e2dd580c03a2bf88d052a8e237f95c402adef5f2
2409030ecc77b6fa9f3c944de12ecac6c29022f17474931c25a7f6b1129c948a
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x49037b
timedatestamp.....: 0x45bca7d9 (Sun Jan 28 13:40:41 2007)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x163ce6 0x164000 6.54 a182ea947720b836f4810e3533bef65a
.rdata 0x165000 0x58996 0x59000 4.78 5dea3ebe4bbc742aa5912333242280b9
.data 0x1be000 0x1f678 0x8000 4.45 53e5aa2836530bab68197c04ddbd8187
.rsrc 0x1de000 0xa1f8 0xb000 5.63 1636fcd9b04194d7d3f0edba010f7cd5
( 16 imports )
> VERSION.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
> COMCTL32.dll: -, _TrackMouseEvent, PropertySheetW
> SHELL32.dll: SHGetFileInfoW, DragQueryFileW, ExtractIconW, Shell_NotifyIconW, SHAppBarMessage, DragFinish, ShellExecuteExW
> KERNEL32.dll: WriteConsoleA, GetConsoleOutputCP, CreateFileA, SetEnvironmentVariableA, IsValidLocale, EnumSystemLocalesA, GetLocaleInfoA, GetUserDefaultLCID, GetStringTypeW, GetStringTypeA, GetConsoleMode, GetConsoleCP, SetConsoleCtrlHandler, GetDateFormatA, GetTimeFormatA, LocalLock, LocalUnlock, FindResourceExW, lstrcpynW, GetTempPathW, LCMapStringW, LCMapStringA, SizeofResource, LockResource, LoadResource, FindResourceW, MultiByteToWideChar, GetLocaleInfoW, GetVersion, IsValidCodePage, GetSystemDirectoryW, GetModuleFileNameW, GetExitCodeProcess, GetLastError, CloseHandle, FormatMessageW, lstrlenW, LocalFree, Sleep, FreeLibrary, GetVersionExW, GetProcAddress, SetLastError, LoadLibraryW, GetModuleHandleW, FindClose, FindFirstFileW, InitializeCriticalSection, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, CreateFileW, SetFilePointer, SetEndOfFile, GetCurrentProcessId, FileTimeToSystemTime, FileTimeToLocalFileTime, FlushFileBuffers, WriteFile, ReadFile, WriteConsoleW, SystemTimeToFileTime, SystemTimeToTzSpecificLocalTime, GetSystemTime, GetCurrentThreadId, GetStdHandle, AllocConsole, GetCommandLineW, GetComputerNameW, GetFileSize, GetFileAttributesExW, CreateDirectoryW, GetSystemInfo, GetLocalTime, GetTimeZoneInformation, LocalFileTimeToFileTime, GetOEMCP, GetACP, GetCPInfo, FatalAppExitA, QueryPerformanceCounter, VirtualFree, HeapCreate, HeapDestroy, GetStartupInfoA, SetHandleCount, GetCommandLineA, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, GetModuleFileNameA, VirtualQuery, VirtualAlloc, VirtualProtect, HeapSize, GetFileType, SetStdHandle, ExitProcess, ExitThread, RaiseException, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, RtlUnwind, HeapReAlloc, GetSystemTimeAsFileTime, GetStartupInfoW, GetProcessHeap, HeapAlloc, HeapFree, GetProfileIntW, GetCurrentDirectoryW, SetErrorMode, GlobalFlags, GetAtomNameW, TlsFree, LocalReAlloc, TlsSetValue, TlsAlloc, GlobalHandle, GlobalReAlloc, TlsGetValue, LocalAlloc, lstrlenA, ReleaseMutex, CreateMutexW, ReleaseSemaphore, CreateSemaphoreW, GetDiskFreeSpaceW, GetTempFileNameW, GetCurrentThread, ConvertDefaultLocale, EnumResourceLanguagesW, lstrcmpA, CompareStringA, InterlockedExchange, GlobalGetAtomNameW, SuspendThread, ResumeThread, SetThreadPriority, GetFileTime, GetFileAttributesW, SetFileAttributesW, SetFileTime, GetShortPathNameW, GetFullPathNameW, GetVolumeInformationW, DuplicateHandle, UnlockFile, LockFile, lstrcmpiW, GetThreadLocale, GetStringTypeExW, DeleteFileW, MoveFileW, GetModuleHandleA, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileIntW, GlobalAddAtomW, GlobalFindAtomW, GlobalDeleteAtom, CompareStringW, lstrcmpW, GetVersionExA, FreeResource, GlobalFree, CopyFileW, GlobalSize, GlobalAlloc, GlobalLock, GlobalUnlock, MulDiv, GetCurrentProcess, QueryPerformanceFrequency, GetSystemDirectoryA, LoadLibraryA, CreateThread, WideCharToMultiByte, CreateEventW, GetTickCount, WaitForMultipleObjects, WaitForSingleObject, SetEvent, InterlockedDecrement, InterlockedIncrement
> USER32.dll: CopyAcceleratorTableW, SetParent, WindowFromDC, InSendMessage, UnregisterClassW, SetWindowRgn, DrawIcon, IsRectEmpty, FindWindowW, GetDialogBaseUnits, MsgWaitForMultipleObjects, ShowOwnedPopups, PostQuitMessage, GetMenuItemInfoW, IsZoomed, UnpackDDElParam, ReuseDDElParam, DestroyMenu, LoadAcceleratorsW, InsertMenuItemW, CreatePopupMenu, SetRectEmpty, BringWindowToTop, SetMenu, TranslateAcceleratorW, SetRect, GetMessageW, ValidateRect, DestroyCursor, SetCursorPos, ReleaseCapture, SetCapture, InvalidateRect, CharUpperW, MapVirtualKeyW, GetKeyNameTextW, GetWindowThreadProcessId, EndPaint, BeginPaint, GetWindowDC, ClientToScreen, GrayStringW, DrawTextExW, DrawTextW, TabbedTextOutW, ScrollWindowEx, ShowWindow, SetTimer, KillTimer, LoadBitmapW, WaitMessage, DestroyIcon, LoadIconW, SendMessageW, MoveWindow, CreateMenu, IsDialogMessageW, IsDlgButtonChecked, SetDlgItemTextW, SetDlgItemInt, GetDlgItemTextW, GetDlgItemInt, CheckRadioButton, CheckDlgButton, SendDlgItemMessageW, SendDlgItemMessageA, WinHelpW, IsChild, GetCapture, SetWindowsHookExW, CallNextHookEx, GetClassLongW, GetClassNameW, SetPropW, GetPropW, RemovePropW, SetFocus, GetWindowTextLengthW, GetWindowTextW, GetForegroundWindow, IsClipboardFormatAvailable, BeginDeferWindowPos, EndDeferWindowPos, GetTopWindow, UnhookWindowsHookEx, GetMessageTime, GetMessagePos, MapWindowPoints, ScrollWindow, TrackPopupMenuEx, TrackPopupMenu, GetKeyState, SetScrollRange, ShowScrollBar, GetMenu, CreateWindowExW, GetClassInfoExW, GetClassInfoW, RegisterClassW, AdjustWindowRectEx, ScreenToClient, EqualRect, DeferWindowPos, GetScrollInfo, SetScrollInfo, PtInRect, SetWindowPlacement, DefWindowProcW, CallWindowProcW, SetWindowLongW, SetWindowPos, PostThreadMessageW, GetTabbedTextExtentA, WindowFromPoint, DeleteMenu, SetWindowTextW, UnionRect, EnableWindow, GetClientRect, InflateRect, GetSysColor, CopyRect, PeekMessageW, TranslateMessage, DispatchMessageW, MessageBoxW, GetTabbedTextExtentW, MapDialogRect, GetAsyncKeyState, TranslateMDISysAccel, DrawMenuBar, DefMDIChildProcW, DefFrameProcW, UnregisterClassA, GetClipboardFormatNameW, LoadMenuIndirectW, CreateIconFromResourceEx, CreateIconIndirect, CopyIcon, DrawIconEx, GetIconInfo, GetMenuDefaultItem, MessageBeep, HideCaret, ShowCaret, IsMenu, DrawAnimatedRects, EnumChildWindows, LoadImageW, GetKeyboardLayout, MapVirtualKeyExW, IsCharLowerW, CreateAcceleratorTableW, GetCursor, DrawFrameControl, EmptyClipboard, SetClipboardData, CloseClipboard, OpenClipboard, DrawStateW, InvertRect, DestroyAcceleratorTable, DrawFocusRect, PostMessageW, OffsetRect, GetFocus, SetCursor, LoadCursorW, GetDCEx, LockWindowUpdate, SendNotifyMessageW, GetWindow, RegisterClipboardFormatW, GetLastActivePopup, IsWindow, RedrawWindow, UpdateWindow, IsWindowVisible, LoadMenuW, GetSubMenu, GetCursorPos, SetForegroundWindow, EnableMenuItem, CheckMenuItem, RemoveMenu, SetMenuDefaultItem, AppendMenuW, RegisterWindowMessageW, FillRect, IntersectRect, SystemParametersInfoA, IsIconic, GetWindowPlacement, GetDesktopWindow, GetActiveWindow, SetActiveWindow, CreateDialogIndirectParamW, DestroyWindow, GetWindowLongW, GetDlgItem, IsWindowEnabled, GetNextDlgTabItem, EndDialog, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, ModifyMenuW, GetMenuState, GetMenuStringW, GetMenuItemID, InsertMenuW, GetMenuItemCount, wsprintfW, LoadStringW, ReleaseDC, GetDC, EnableScrollBar, GetDlgCtrlID, SetScrollPos, GetScrollPos, GetScrollRange, GetSysColorBrush, GetSystemMenu, SystemParametersInfoW, GetSystemMetrics, GetParent, GetWindowRect
> GDI32.dll: OffsetWindowOrgEx, SetWindowExtEx, ScaleWindowExtEx, GetCurrentPositionEx, ArcTo, PolyDraw, PolylineTo, PolyBezierTo, ExtSelectClipRgn, DeleteDC, CreateDIBPatternBrushPt, SelectPalette, PlayMetaFileRecord, GetObjectType, EnumMetaFile, PlayMetaFile, ExtCreatePen, CreateHatchBrush, CreateRectRgnIndirect, PatBlt, DPtoLP, StartPage, EndPage, SetAbortProc, AbortDoc, SetWindowOrgEx, GetViewportOrgEx, Rectangle, GetTextMetricsW, GetTextExtentPoint32W, CreateFontIndirectW, SetRectRgn, CombineRgn, GetMapMode, CreateEllipticRgn, LPtoDP, Ellipse, GetNearestColor, GetBkColor, GetBkMode, GetPolyFillMode, GetROP2, GetStretchBltMode, GetTextColor, GetTextAlign, GetTextFaceW, GetCharWidthW, GetTextExtentPoint32A, GetWindowOrgEx, StretchDIBits, CreateMetaFileW, CloseMetaFile, DeleteMetaFile, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, Escape, ExtTextOutW, CreatePen, CreateSolidBrush, GetStockObject, GetObjectW, CreateCompatibleDC, BitBlt, CreateFontW, SelectObject, CreateBitmap, MaskBlt, CreateCompatibleBitmap, DeleteObject, CreatePatternBrush, GetDeviceCaps, CopyMetaFileW, CreateDCW, GetDCOrgEx, GetClipBox, SetTextColor, SetBkColor, RestoreDC, SetBkMode, SetPolyFillMode, SetROP2, SetStretchBltMode, SetGraphicsMode, SetWorldTransform, ModifyWorldTransform, SetMapMode, ExcludeClipRect, IntersectClipRect, OffsetClipRgn, LineTo, MoveToEx, SetTextAlign, SetTextJustification, SetTextCharacterExtra, SetMapperFlags, SetArcDirection, SetColorAdjustment, SelectClipRgn, GetClipRgn, CreateRectRgn, SelectClipPath, GetViewportExtEx, GetWindowExtEx, GetPixel, RoundRect, StartDocW, PtVisible, RectVisible, TextOutW, EndDoc, SaveDC, EnumFontFamiliesExW, GetTextCharsetInfo, Polygon, SetPixel, StretchBlt, CreateDIBSection, GetDIBits, SetDIBits, ExtFloodFill, CreatePolygonRgn, GetRgnBox
> comdlg32.dll: GetFileTitleW
> WINSPOOL.DRV: OpenPrinterW, ClosePrinter, DocumentPropertiesW, GetJobW
> ADVAPI32.dll: SetSecurityDescriptorOwner, RegCreateKeyW, GetFileSecurityW, ReportEventW, DeregisterEventSource, OpenThreadToken, SetFileSecurityW, RegOpenKeyW, RegSetValueW, DeleteAce, AddAccessDeniedAce, AddAce, GetAclInformation, GetAce, OpenProcessToken, GetTokenInformation, MakeSelfRelativeSD, GetSecurityDescriptorLength, GetSecurityDescriptorSacl, GetSecurityDescriptorDacl, GetSecurityDescriptorOwner, GetSecurityDescriptorGroup, MakeAbsoluteSD, GetLengthSid, InitializeSecurityDescriptor, InitializeAcl, AddAccessAllowedAce, SetSecurityDescriptorDacl, SetSecurityDescriptorGroup, RegisterEventSourceW, EqualSid, LookupAccountNameW, AllocateAndInitializeSid, FreeSid, LookupAccountSidW, IsValidSid, GetSidIdentifierAuthority, GetSidSubAuthorityCount, GetSidSubAuthority, RegEnumValueW, RegEnumKeyExW, RegQueryInfoKeyW, RegDeleteValueW, RegEnumKeyW, RegDeleteKeyW, RegCreateKeyExW, RegSetValueExW, RegOpenKeyExW, RegQueryValueExW, RegCloseKey, RegQueryValueW, GetUserNameW, ControlService, CloseServiceHandle, QueryServiceStatus, OpenServiceW, OpenSCManagerW
> SHLWAPI.dll: PathRemoveExtensionW, PathFindExtensionW, PathIsUNCW, PathStripToRootW, PathFindFileNameW
> oledlg.dll: OleUIPasteSpecialW, OleUIUpdateLinksW, OleUIChangeIconW, OleUIConvertW, OleUIInsertObjectW, OleUIAddVerbMenuW, OleUIBusyW, OleUIEditLinksW
> ole32.dll: CoFreeUnusedLibraries, OleUninitialize, DoDragDrop, OleQueryLinkFromData, OleQueryCreateFromData, OleSetMenuDescriptor, OleFlushClipboard, OleIsCurrentClipboard, OleSetClipboard, OleGetClipboard, CreateDataAdviseHolder, StgIsStorageFile, StgOpenStorage, StgCreateDocfile, CoRegisterClassObject, OleIsRunning, OleRun, CoLockObjectExternal, GetRunningObjectTable, CreateFileMoniker, CreateGenericComposite, CreateItemMoniker, OleGetIconOfClass, OleCreateLinkToFile, OleCreateFromFile, OleSetContainedObject, GetHGlobalFromILockBytes, StgOpenStorageOnILockBytes, OleLoad, OleCreate, OleCreateStaticFromData, OleInitialize, OleCreateFromData, OleLockRunning, CreateStreamOnHGlobal, OleSaveToStream, WriteClassStm, OleSave, CreateILockBytesOnHGlobal, StgCreateDocfileOnILockBytes, OleDestroyMenuDescriptor, OleCreateMenuDescriptor, IsAccelerator, OleTranslateAccelerator, OleRegGetMiscStatus, OleRegEnumVerbs, CLSIDFromString, StringFromGUID2, CoCreateInstance, CoDisconnectObject, OleDuplicateData, CoTreatAsClass, StringFromCLSID, CoTaskMemAlloc, ReleaseStgMedium, CreateBindCtx, ReadClassStg, ReadFmtUserTypeStg, OleRegGetUserType, WriteClassStg, WriteFmtUserTypeStg, SetConvertStg, CoTaskMemFree, OleCreateLinkFromData, CoGetClassObject, CoRevokeClassObject, CoRegisterMessageFilter, CLSIDFromProgID, CoGetMalloc, GetClassFile, RevokeDragDrop, RegisterDragDrop, CreateOleAdviseHolder
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> WS2_32.dll: WSAWaitForMultipleEvents, WSAAccept, WSAConnect, -, -, -, -, -, -, -, -, -, WSAEnumNetworkEvents, -, -, -, -, WSAEnumProtocolsW, -, -, WSACloseEvent, -, WSASocketW, WSACreateEvent, WSAEventSelect, -, -, -, -, -, -, -
> WINMM.dll: PlaySoundW
> NETAPI32.dll: NetUserAdd, NetLocalGroupEnum, NetLocalGroupGetMembers, NetGroupGetUsers, NetUserDel, NetLocalGroupDelMembers, NetGroupDel, NetGroupAddUser, NetGroupAdd, NetWkstaGetInfo, NetLocalGroupAddMembers, NetGetDCName, NetApiBufferFree
( 0 exports )
ATENTION ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.
Situation actuelle: terminé
Résultat: 0/31 (0.00%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.5.10.0 2008.05.10 -
AntiVir 7.8.0.17 2008.05.09 -
Authentium 4.93.8 2008.05.11 -
Avast 4.8.1169.0 2008.05.10 -
AVG 7.5.0.516 2008.05.10 -
BitDefender 7.2 2008.05.08 -
CAT-QuickHeal 9.50 2008.05.10 -
ClamAV 0.92.1 2008.05.10 -
DrWeb 4.44.0.09170 2008.05.10 -
eSafe 7.0.15.0 2008.05.09 -
eTrust-Vet 31.4.5771 2008.05.08 -
Ewido 4.0 2008.05.10 -
F-Prot 4.4.2.54 2008.05.10 -
F-Secure 6.70.13260.0 2008.05.10 -
Fortinet 3.14.0.0 2008.05.11 -
Ikarus T3.1.1.26.0 2008.05.11 -
Kaspersky 7.0.0.125 2008.05.11 -
McAfee 5292 2008.05.10 -
Microsoft 1.3408 2008.05.11 -
NOD32v2 3090 2008.05.09 -
Norman 5.80.02 2008.05.09 -
Panda 9.0.0.4 2008.05.10 -
Prevx1 V2 2008.05.11 -
Rising 20.43.60.00 2008.05.11 -
Sophos 4.29.0 2008.05.11 -
Sunbelt 3.0.1097.0 2008.05.07 -
Symantec 10 2008.05.11 -
TheHacker 6.2.92.307 2008.05.11 -
VBA32 3.12.6.5 2008.05.10 -
VirusBuster 4.3.26:9 2008.05.10 -
Webwasher-Gateway 6.6.2 2008.05.09 -
Information additionnelle
File size: 1911568 bytes
MD5...: df7dc2814970027f85c91f330213bdb7
SHA1..: 4a4aa97d10f2fcd4c89a92069593ab6bc33b18e1
SHA256: 159580f3482c97fe1cd622903a37ec7f8e939205baa728c3e90a0492a1717f3f
SHA512: c16c8fec3559ae19461fe818e2dd580c03a2bf88d052a8e237f95c402adef5f2
2409030ecc77b6fa9f3c944de12ecac6c29022f17474931c25a7f6b1129c948a
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x49037b
timedatestamp.....: 0x45bca7d9 (Sun Jan 28 13:40:41 2007)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x163ce6 0x164000 6.54 a182ea947720b836f4810e3533bef65a
.rdata 0x165000 0x58996 0x59000 4.78 5dea3ebe4bbc742aa5912333242280b9
.data 0x1be000 0x1f678 0x8000 4.45 53e5aa2836530bab68197c04ddbd8187
.rsrc 0x1de000 0xa1f8 0xb000 5.63 1636fcd9b04194d7d3f0edba010f7cd5
( 16 imports )
> VERSION.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
> COMCTL32.dll: -, _TrackMouseEvent, PropertySheetW
> SHELL32.dll: SHGetFileInfoW, DragQueryFileW, ExtractIconW, Shell_NotifyIconW, SHAppBarMessage, DragFinish, ShellExecuteExW
> KERNEL32.dll: WriteConsoleA, GetConsoleOutputCP, CreateFileA, SetEnvironmentVariableA, IsValidLocale, EnumSystemLocalesA, GetLocaleInfoA, GetUserDefaultLCID, GetStringTypeW, GetStringTypeA, GetConsoleMode, GetConsoleCP, SetConsoleCtrlHandler, GetDateFormatA, GetTimeFormatA, LocalLock, LocalUnlock, FindResourceExW, lstrcpynW, GetTempPathW, LCMapStringW, LCMapStringA, SizeofResource, LockResource, LoadResource, FindResourceW, MultiByteToWideChar, GetLocaleInfoW, GetVersion, IsValidCodePage, GetSystemDirectoryW, GetModuleFileNameW, GetExitCodeProcess, GetLastError, CloseHandle, FormatMessageW, lstrlenW, LocalFree, Sleep, FreeLibrary, GetVersionExW, GetProcAddress, SetLastError, LoadLibraryW, GetModuleHandleW, FindClose, FindFirstFileW, InitializeCriticalSection, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, CreateFileW, SetFilePointer, SetEndOfFile, GetCurrentProcessId, FileTimeToSystemTime, FileTimeToLocalFileTime, FlushFileBuffers, WriteFile, ReadFile, WriteConsoleW, SystemTimeToFileTime, SystemTimeToTzSpecificLocalTime, GetSystemTime, GetCurrentThreadId, GetStdHandle, AllocConsole, GetCommandLineW, GetComputerNameW, GetFileSize, GetFileAttributesExW, CreateDirectoryW, GetSystemInfo, GetLocalTime, GetTimeZoneInformation, LocalFileTimeToFileTime, GetOEMCP, GetACP, GetCPInfo, FatalAppExitA, QueryPerformanceCounter, VirtualFree, HeapCreate, HeapDestroy, GetStartupInfoA, SetHandleCount, GetCommandLineA, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, GetModuleFileNameA, VirtualQuery, VirtualAlloc, VirtualProtect, HeapSize, GetFileType, SetStdHandle, ExitProcess, ExitThread, RaiseException, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, RtlUnwind, HeapReAlloc, GetSystemTimeAsFileTime, GetStartupInfoW, GetProcessHeap, HeapAlloc, HeapFree, GetProfileIntW, GetCurrentDirectoryW, SetErrorMode, GlobalFlags, GetAtomNameW, TlsFree, LocalReAlloc, TlsSetValue, TlsAlloc, GlobalHandle, GlobalReAlloc, TlsGetValue, LocalAlloc, lstrlenA, ReleaseMutex, CreateMutexW, ReleaseSemaphore, CreateSemaphoreW, GetDiskFreeSpaceW, GetTempFileNameW, GetCurrentThread, ConvertDefaultLocale, EnumResourceLanguagesW, lstrcmpA, CompareStringA, InterlockedExchange, GlobalGetAtomNameW, SuspendThread, ResumeThread, SetThreadPriority, GetFileTime, GetFileAttributesW, SetFileAttributesW, SetFileTime, GetShortPathNameW, GetFullPathNameW, GetVolumeInformationW, DuplicateHandle, UnlockFile, LockFile, lstrcmpiW, GetThreadLocale, GetStringTypeExW, DeleteFileW, MoveFileW, GetModuleHandleA, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileIntW, GlobalAddAtomW, GlobalFindAtomW, GlobalDeleteAtom, CompareStringW, lstrcmpW, GetVersionExA, FreeResource, GlobalFree, CopyFileW, GlobalSize, GlobalAlloc, GlobalLock, GlobalUnlock, MulDiv, GetCurrentProcess, QueryPerformanceFrequency, GetSystemDirectoryA, LoadLibraryA, CreateThread, WideCharToMultiByte, CreateEventW, GetTickCount, WaitForMultipleObjects, WaitForSingleObject, SetEvent, InterlockedDecrement, InterlockedIncrement
> USER32.dll: CopyAcceleratorTableW, SetParent, WindowFromDC, InSendMessage, UnregisterClassW, SetWindowRgn, DrawIcon, IsRectEmpty, FindWindowW, GetDialogBaseUnits, MsgWaitForMultipleObjects, ShowOwnedPopups, PostQuitMessage, GetMenuItemInfoW, IsZoomed, UnpackDDElParam, ReuseDDElParam, DestroyMenu, LoadAcceleratorsW, InsertMenuItemW, CreatePopupMenu, SetRectEmpty, BringWindowToTop, SetMenu, TranslateAcceleratorW, SetRect, GetMessageW, ValidateRect, DestroyCursor, SetCursorPos, ReleaseCapture, SetCapture, InvalidateRect, CharUpperW, MapVirtualKeyW, GetKeyNameTextW, GetWindowThreadProcessId, EndPaint, BeginPaint, GetWindowDC, ClientToScreen, GrayStringW, DrawTextExW, DrawTextW, TabbedTextOutW, ScrollWindowEx, ShowWindow, SetTimer, KillTimer, LoadBitmapW, WaitMessage, DestroyIcon, LoadIconW, SendMessageW, MoveWindow, CreateMenu, IsDialogMessageW, IsDlgButtonChecked, SetDlgItemTextW, SetDlgItemInt, GetDlgItemTextW, GetDlgItemInt, CheckRadioButton, CheckDlgButton, SendDlgItemMessageW, SendDlgItemMessageA, WinHelpW, IsChild, GetCapture, SetWindowsHookExW, CallNextHookEx, GetClassLongW, GetClassNameW, SetPropW, GetPropW, RemovePropW, SetFocus, GetWindowTextLengthW, GetWindowTextW, GetForegroundWindow, IsClipboardFormatAvailable, BeginDeferWindowPos, EndDeferWindowPos, GetTopWindow, UnhookWindowsHookEx, GetMessageTime, GetMessagePos, MapWindowPoints, ScrollWindow, TrackPopupMenuEx, TrackPopupMenu, GetKeyState, SetScrollRange, ShowScrollBar, GetMenu, CreateWindowExW, GetClassInfoExW, GetClassInfoW, RegisterClassW, AdjustWindowRectEx, ScreenToClient, EqualRect, DeferWindowPos, GetScrollInfo, SetScrollInfo, PtInRect, SetWindowPlacement, DefWindowProcW, CallWindowProcW, SetWindowLongW, SetWindowPos, PostThreadMessageW, GetTabbedTextExtentA, WindowFromPoint, DeleteMenu, SetWindowTextW, UnionRect, EnableWindow, GetClientRect, InflateRect, GetSysColor, CopyRect, PeekMessageW, TranslateMessage, DispatchMessageW, MessageBoxW, GetTabbedTextExtentW, MapDialogRect, GetAsyncKeyState, TranslateMDISysAccel, DrawMenuBar, DefMDIChildProcW, DefFrameProcW, UnregisterClassA, GetClipboardFormatNameW, LoadMenuIndirectW, CreateIconFromResourceEx, CreateIconIndirect, CopyIcon, DrawIconEx, GetIconInfo, GetMenuDefaultItem, MessageBeep, HideCaret, ShowCaret, IsMenu, DrawAnimatedRects, EnumChildWindows, LoadImageW, GetKeyboardLayout, MapVirtualKeyExW, IsCharLowerW, CreateAcceleratorTableW, GetCursor, DrawFrameControl, EmptyClipboard, SetClipboardData, CloseClipboard, OpenClipboard, DrawStateW, InvertRect, DestroyAcceleratorTable, DrawFocusRect, PostMessageW, OffsetRect, GetFocus, SetCursor, LoadCursorW, GetDCEx, LockWindowUpdate, SendNotifyMessageW, GetWindow, RegisterClipboardFormatW, GetLastActivePopup, IsWindow, RedrawWindow, UpdateWindow, IsWindowVisible, LoadMenuW, GetSubMenu, GetCursorPos, SetForegroundWindow, EnableMenuItem, CheckMenuItem, RemoveMenu, SetMenuDefaultItem, AppendMenuW, RegisterWindowMessageW, FillRect, IntersectRect, SystemParametersInfoA, IsIconic, GetWindowPlacement, GetDesktopWindow, GetActiveWindow, SetActiveWindow, CreateDialogIndirectParamW, DestroyWindow, GetWindowLongW, GetDlgItem, IsWindowEnabled, GetNextDlgTabItem, EndDialog, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, ModifyMenuW, GetMenuState, GetMenuStringW, GetMenuItemID, InsertMenuW, GetMenuItemCount, wsprintfW, LoadStringW, ReleaseDC, GetDC, EnableScrollBar, GetDlgCtrlID, SetScrollPos, GetScrollPos, GetScrollRange, GetSysColorBrush, GetSystemMenu, SystemParametersInfoW, GetSystemMetrics, GetParent, GetWindowRect
> GDI32.dll: OffsetWindowOrgEx, SetWindowExtEx, ScaleWindowExtEx, GetCurrentPositionEx, ArcTo, PolyDraw, PolylineTo, PolyBezierTo, ExtSelectClipRgn, DeleteDC, CreateDIBPatternBrushPt, SelectPalette, PlayMetaFileRecord, GetObjectType, EnumMetaFile, PlayMetaFile, ExtCreatePen, CreateHatchBrush, CreateRectRgnIndirect, PatBlt, DPtoLP, StartPage, EndPage, SetAbortProc, AbortDoc, SetWindowOrgEx, GetViewportOrgEx, Rectangle, GetTextMetricsW, GetTextExtentPoint32W, CreateFontIndirectW, SetRectRgn, CombineRgn, GetMapMode, CreateEllipticRgn, LPtoDP, Ellipse, GetNearestColor, GetBkColor, GetBkMode, GetPolyFillMode, GetROP2, GetStretchBltMode, GetTextColor, GetTextAlign, GetTextFaceW, GetCharWidthW, GetTextExtentPoint32A, GetWindowOrgEx, StretchDIBits, CreateMetaFileW, CloseMetaFile, DeleteMetaFile, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, Escape, ExtTextOutW, CreatePen, CreateSolidBrush, GetStockObject, GetObjectW, CreateCompatibleDC, BitBlt, CreateFontW, SelectObject, CreateBitmap, MaskBlt, CreateCompatibleBitmap, DeleteObject, CreatePatternBrush, GetDeviceCaps, CopyMetaFileW, CreateDCW, GetDCOrgEx, GetClipBox, SetTextColor, SetBkColor, RestoreDC, SetBkMode, SetPolyFillMode, SetROP2, SetStretchBltMode, SetGraphicsMode, SetWorldTransform, ModifyWorldTransform, SetMapMode, ExcludeClipRect, IntersectClipRect, OffsetClipRgn, LineTo, MoveToEx, SetTextAlign, SetTextJustification, SetTextCharacterExtra, SetMapperFlags, SetArcDirection, SetColorAdjustment, SelectClipRgn, GetClipRgn, CreateRectRgn, SelectClipPath, GetViewportExtEx, GetWindowExtEx, GetPixel, RoundRect, StartDocW, PtVisible, RectVisible, TextOutW, EndDoc, SaveDC, EnumFontFamiliesExW, GetTextCharsetInfo, Polygon, SetPixel, StretchBlt, CreateDIBSection, GetDIBits, SetDIBits, ExtFloodFill, CreatePolygonRgn, GetRgnBox
> comdlg32.dll: GetFileTitleW
> WINSPOOL.DRV: OpenPrinterW, ClosePrinter, DocumentPropertiesW, GetJobW
> ADVAPI32.dll: SetSecurityDescriptorOwner, RegCreateKeyW, GetFileSecurityW, ReportEventW, DeregisterEventSource, OpenThreadToken, SetFileSecurityW, RegOpenKeyW, RegSetValueW, DeleteAce, AddAccessDeniedAce, AddAce, GetAclInformation, GetAce, OpenProcessToken, GetTokenInformation, MakeSelfRelativeSD, GetSecurityDescriptorLength, GetSecurityDescriptorSacl, GetSecurityDescriptorDacl, GetSecurityDescriptorOwner, GetSecurityDescriptorGroup, MakeAbsoluteSD, GetLengthSid, InitializeSecurityDescriptor, InitializeAcl, AddAccessAllowedAce, SetSecurityDescriptorDacl, SetSecurityDescriptorGroup, RegisterEventSourceW, EqualSid, LookupAccountNameW, AllocateAndInitializeSid, FreeSid, LookupAccountSidW, IsValidSid, GetSidIdentifierAuthority, GetSidSubAuthorityCount, GetSidSubAuthority, RegEnumValueW, RegEnumKeyExW, RegQueryInfoKeyW, RegDeleteValueW, RegEnumKeyW, RegDeleteKeyW, RegCreateKeyExW, RegSetValueExW, RegOpenKeyExW, RegQueryValueExW, RegCloseKey, RegQueryValueW, GetUserNameW, ControlService, CloseServiceHandle, QueryServiceStatus, OpenServiceW, OpenSCManagerW
> SHLWAPI.dll: PathRemoveExtensionW, PathFindExtensionW, PathIsUNCW, PathStripToRootW, PathFindFileNameW
> oledlg.dll: OleUIPasteSpecialW, OleUIUpdateLinksW, OleUIChangeIconW, OleUIConvertW, OleUIInsertObjectW, OleUIAddVerbMenuW, OleUIBusyW, OleUIEditLinksW
> ole32.dll: CoFreeUnusedLibraries, OleUninitialize, DoDragDrop, OleQueryLinkFromData, OleQueryCreateFromData, OleSetMenuDescriptor, OleFlushClipboard, OleIsCurrentClipboard, OleSetClipboard, OleGetClipboard, CreateDataAdviseHolder, StgIsStorageFile, StgOpenStorage, StgCreateDocfile, CoRegisterClassObject, OleIsRunning, OleRun, CoLockObjectExternal, GetRunningObjectTable, CreateFileMoniker, CreateGenericComposite, CreateItemMoniker, OleGetIconOfClass, OleCreateLinkToFile, OleCreateFromFile, OleSetContainedObject, GetHGlobalFromILockBytes, StgOpenStorageOnILockBytes, OleLoad, OleCreate, OleCreateStaticFromData, OleInitialize, OleCreateFromData, OleLockRunning, CreateStreamOnHGlobal, OleSaveToStream, WriteClassStm, OleSave, CreateILockBytesOnHGlobal, StgCreateDocfileOnILockBytes, OleDestroyMenuDescriptor, OleCreateMenuDescriptor, IsAccelerator, OleTranslateAccelerator, OleRegGetMiscStatus, OleRegEnumVerbs, CLSIDFromString, StringFromGUID2, CoCreateInstance, CoDisconnectObject, OleDuplicateData, CoTreatAsClass, StringFromCLSID, CoTaskMemAlloc, ReleaseStgMedium, CreateBindCtx, ReadClassStg, ReadFmtUserTypeStg, OleRegGetUserType, WriteClassStg, WriteFmtUserTypeStg, SetConvertStg, CoTaskMemFree, OleCreateLinkFromData, CoGetClassObject, CoRevokeClassObject, CoRegisterMessageFilter, CLSIDFromProgID, CoGetMalloc, GetClassFile, RevokeDragDrop, RegisterDragDrop, CreateOleAdviseHolder
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> WS2_32.dll: WSAWaitForMultipleEvents, WSAAccept, WSAConnect, -, -, -, -, -, -, -, -, -, WSAEnumNetworkEvents, -, -, -, -, WSAEnumProtocolsW, -, -, WSACloseEvent, -, WSASocketW, WSACreateEvent, WSAEventSelect, -, -, -, -, -, -, -
> WINMM.dll: PlaySoundW
> NETAPI32.dll: NetUserAdd, NetLocalGroupEnum, NetLocalGroupGetMembers, NetGroupGetUsers, NetUserDel, NetLocalGroupDelMembers, NetGroupDel, NetGroupAddUser, NetGroupAdd, NetWkstaGetInfo, NetLocalGroupAddMembers, NetGetDCName, NetApiBufferFree
( 0 exports )
ATENTION ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
16 mai 2008 à 21:49
16 mai 2008 à 21:49
ok alors continue
atchoum83440
Messages postés
28
Date d'inscription
jeudi 15 mai 2008
Statut
Membre
Dernière intervention
12 juin 2011
16 mai 2008 à 22:04
16 mai 2008 à 22:04
Rapport ComboFix
ComboFix 08-05-15.3 - atchoum 2008-05-16 21:58:52.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.199 [GMT 2:00]
Endroit: C:\Users\atchoum\Desktop\ComboFix.exe
Command switches used :: C:\Users\atchoum\Desktop\CFscript.txt
* Création d'un nouveau point de restauration
FILE ::
C:\Windows\System32\fsp_lmwl.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\System32\fsp_lmwl.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-16 to 2008-05-16 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 19:08 --------- d-----w C:\Users\atchoum\AppData\Roaming\Malwarebytes
2008-05-16 19:08 --------- d-----w C:\ProgramData\Malwarebytes
2008-05-16 19:08 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-15 19:07 --------- d-----w C:\Program Files\Trend Micro
2008-05-15 18:35 --------- d-----w C:\Program Files\RogueRemover FREE
2008-05-15 17:28 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-13 15:39 --------- d-----w C:\Users\atchoum\AppData\Roaming\uTorrent
2008-05-05 18:46 27,048 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys
2008-05-05 18:46 15,864 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-05-01 14:26 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-05-01 14:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-01 14:05 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-01 10:12 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll
2008-04-26 19:03 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-04-26 18:32 --------- d-----w C:\ProgramData\Apple Computer
2008-04-26 18:22 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-26 18:10 --------- d-----w C:\Program Files\Foxit Software
2008-04-26 17:53 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-26 17:28 --------- d-----w C:\Users\atchoum\AppData\Roaming\Druide
2008-04-26 07:28 --------- d-----w C:\Program Files\Transcode360
2008-04-25 17:53 --------- d-----w C:\Program Files\DivX
2008-04-21 15:07 --------- d-----w C:\Program Files\QuickTime
2008-04-20 09:18 --------- d-----w C:\Program Files\uTorrent
2008-04-19 22:47 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-04-19 22:43 --------- d-----w C:\Users\atchoum\AppData\Roaming\My Games
2008-03-30 01:37 --------- d-----w C:\Program Files\GameSpy Arcade
2008-03-24 12:44 --------- d-----w C:\Users\atchoum\AppData\Roaming\Apple Computer
2008-03-19 18:47 4,608 ----a-w C:\Windows\System32\w95inf32.dll
2008-03-19 18:47 2,272 ----a-w C:\Windows\System32\w95inf16.dll
2008-03-17 09:30 --------- d-----w C:\Users\atchoum\AppData\Roaming\Image Zone Express
2008-03-17 09:23 --------- d-----w C:\Users\atchoum\AppData\Roaming\Printer Info Cache
2008-03-16 21:37 307,968 ----a-w C:\Windows\System32\TuneUpDefragService.exe
2008-03-11 21:00 409,600 ----a-w C:\Windows\System32\wrap_oal.dll
2008-03-11 21:00 114,688 ----a-w C:\Windows\System32\OpenAL32.dll
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-28 19:13 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-02-27 12:15 28,416 ----a-w C:\Windows\System32\uxtuneup.dll
2008-02-27 12:15 16,640 ----a-w C:\Windows\System32\authuitu.dll
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2007-09-17 18:28 174 --sha-w C:\Program Files\desktop.ini
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-16 19:28 1232896]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"DriveLED"="J:\Program Files\OO Software\DriveLED\oodled.exe" [2005-02-28 13:29 293376]
"PeerGuardian"="J:\Program Files\PeerGuardian2\pg2.exe" [2007-06-02 15:59 1457152]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 18:15 221184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-17 15:40 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 15:42 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2006-11-20 13:34 155648]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 15:16 65536]
"ooccctrl.exe"="J:\Program Files\OO Software\CleverCache\ooccctrl.exe" [2007-01-28 16:08 1911568]
"OODefragTray"="C:\Windows\system32\oodtray.exe" [2007-06-29 00:01 2512128]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 20:15 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 20:15 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 20:15 81920]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-14 21:14 262401]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Nolnstrumentation"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_lmwl]
fsp_lmwl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winskf32]
winskf32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"msacm.imc"= imc32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"Gestionnaire Antidote.exe"=J:\Program Files\Antidote\Gestionnaire Antidote.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"PAC7311_Monitor"=C:\Windows\PixArt\PAC7311\Monitor.exe
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"Transcode360"=C:\Program Files\Transcode360\Transcode360Tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{13AC203D-38B6-4DF0-99DE-A6000DCBA468}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{87C25274-A5CA-412C-83ED-EA83E5E87399}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{4461F9CA-3507-4661-B5A3-87D872C57458}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{93CE7140-2063-426D-8320-64EE19097F00}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{04456528-1587-42B5-97AB-D180F4DA45A7}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{9EC78425-ABEF-4119-89A4-AE99509C389F}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{D142A534-4244-4896-9DC7-0D5EA35DDCB2}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"{068FCEB7-E411-445E-96C4-263187887218}"= UDP:7885:7885
"{8D29B88C-B8DF-442A-8C9E-33657CBD577B}"= TCP:7558:7885udp
"TCP Query User{B150A8C2-2869-4D83-AED5-19E90B795464}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{CBCC388E-2AA1-414B-AE8C-E0111DDA895A}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{19B1AABC-780B-4FE5-B48E-4C75BFD55971}"= TCP:8889:468
"{5D2E23CD-6C48-4214-9A65-1F273300BC16}"= Profile=Public|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C285AC17-F217-496A-B669-316735601E2D}"= Profile=Public|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9927D472-031B-4D21-9166-42412741CC3A}"= Disabled:C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3D4B4FF4-1B81-4050-9F60-50BA251B6868}"= Disabled:C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7B61000D-1DE4-4B63-9BD9-E1927A2DB8FA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B521AE01-2E24-45EF-9039-0D9E46AE79D2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{982127C9-407B-45AA-A2E5-82F0BD76807D}"= UDP:1401:xbox 360
"{85213D7D-E0BA-48E7-AB92-C6CC51FFB96B}"= TCP:1401:xbox 360
"TCP Query User{0DD16419-7E46-42ED-898D-26D94F07D371}C:\\program files\\transcode360\\transcode360tray.exe"= UDP:C:\program files\transcode360\transcode360tray.exe:
"UDP Query User{9B8050A4-EB45-4E70-85F2-41A5109E69CE}C:\\program files\\transcode360\\transcode360tray.exe"= TCP:C:\program files\transcode360\transcode360tray.exe:
"{09F3264F-50FC-476D-9786-C842884DE51B}"= UDP:54437:µtorTCP
"{5CE5F299-85C5-4F6A-9849-EF03F31EA599}"= TCP:54437:µto UDP
"TCP Query User{EF185A12-0EDB-4E71-B571-615A78CF55FA}J:\\program files\\foxit software\\pdf editor\\pdfedit.exe"= UDP:J:\program files\foxit software\pdf editor\pdfedit.exe:Foxit PDF Editor, the first REAL editor for PDF files!
"UDP Query User{1D5B8A8C-CF43-49D6-A7C3-01EDD15792E2}J:\\program files\\foxit software\\pdf editor\\pdfedit.exe"= TCP:J:\program files\foxit software\pdf editor\pdfedit.exe:Foxit PDF Editor, the first REAL editor for PDF files!
"TCP Query User{714DC2C7-0C1E-4F1F-82B2-5D171CC0F822}J:\\program files\\sacred underworld\\sacred.exe"= UDP:J:\program files\sacred underworld\sacred.exe:Sacred
"UDP Query User{0944B2FE-E828-4516-AEAC-12FF5E928F14}J:\\program files\\sacred underworld\\sacred.exe"= TCP:J:\program files\sacred underworld\sacred.exe:Sacred
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 OODrvled;OODrvled;C:\Windows\system32\DRIVERS\OODrvled.sys [2005-02-28 13:27]
R2 LmpcService;Lock My PC Service;J:\Program Files\Lock My PC 4\LmpcServ.exe [2007-06-12 16:47]
R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
R3 LMPC4;LMPC4;C:\Windows\system32\drivers\LMPC4.sys [2007-02-21 21:21]
R3 PAC7311;PAC7312 VGA USB Camera;C:\Windows\system32\DRIVERS\PA707UCM.SYS [2007-01-11 10:34]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-03-16 23:37]
S3 UMPass;Pilote Microsoft UMPass;C:\Windows\system32\DRIVERS\umpass.sys [2006-11-02 10:55]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
rsmsvcs REG_MULTI_SZ ntmssvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e70f95e-d4db-11db-bc8a-806e6f6e6963}]
\shell\AutoRun\command - E:\Monkey.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-16 20:00:01 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 22:00:38
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-16 22:01:21
ComboFix-quarantined-files.txt 2008-05-16 20:01:18
ComboFix2.txt 2008-05-16 19:26:34
ComboFix3.txt 2008-05-16 18:48:32
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
207 --- E O F --- 2008-05-15 17:28:30
Rapport Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:02:12, on 16/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
J:\Program Files\Lock My PC 4\lockpc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
J:\Program Files\OO Software\CleverCache\ooccctrl.exe
C:\Windows\System32\oodtray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
J:\Program Files\OO Software\DriveLED\oodled.exe
J:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\conime.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [ooccctrl.exe] J:\Program Files\OO Software\CleverCache\ooccctrl.exe /tasktray
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DriveLED] J:\Program Files\OO Software\DriveLED\oodled.exe
O4 - HKCU\..\Run: [PeerGuardian] J:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - J:\Program Files\Antidote\Internet Explorer\7\Antidote K - IE 7.htm (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - J:\Program Files\Antidote\Internet Explorer\7\Antidote D - IE 7.htm (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - J:\Program Files\Antidote\Internet Explorer\7\Antidote G - IE 7.htm (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: fsp_lmwl - fsp_lmwl.dll (file missing)
O20 - Winlogon Notify: winskf32 - winskf32.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lock My PC Service (LmpcService) - Unknown owner - J:\Program Files\Lock My PC 4\LmpcServ.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - J:\Program Files\OO Software\CleverCache\ooccag.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
ComboFix 08-05-15.3 - atchoum 2008-05-16 21:58:52.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.199 [GMT 2:00]
Endroit: C:\Users\atchoum\Desktop\ComboFix.exe
Command switches used :: C:\Users\atchoum\Desktop\CFscript.txt
* Création d'un nouveau point de restauration
FILE ::
C:\Windows\System32\fsp_lmwl.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\System32\fsp_lmwl.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-16 to 2008-05-16 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 19:08 --------- d-----w C:\Users\atchoum\AppData\Roaming\Malwarebytes
2008-05-16 19:08 --------- d-----w C:\ProgramData\Malwarebytes
2008-05-16 19:08 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-15 19:07 --------- d-----w C:\Program Files\Trend Micro
2008-05-15 18:35 --------- d-----w C:\Program Files\RogueRemover FREE
2008-05-15 17:28 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-13 15:39 --------- d-----w C:\Users\atchoum\AppData\Roaming\uTorrent
2008-05-05 18:46 27,048 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys
2008-05-05 18:46 15,864 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-05-01 14:26 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-05-01 14:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-01 14:05 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-01 10:12 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll
2008-04-26 19:03 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-04-26 18:32 --------- d-----w C:\ProgramData\Apple Computer
2008-04-26 18:22 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-26 18:10 --------- d-----w C:\Program Files\Foxit Software
2008-04-26 17:53 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-26 17:28 --------- d-----w C:\Users\atchoum\AppData\Roaming\Druide
2008-04-26 07:28 --------- d-----w C:\Program Files\Transcode360
2008-04-25 17:53 --------- d-----w C:\Program Files\DivX
2008-04-21 15:07 --------- d-----w C:\Program Files\QuickTime
2008-04-20 09:18 --------- d-----w C:\Program Files\uTorrent
2008-04-19 22:47 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-04-19 22:43 --------- d-----w C:\Users\atchoum\AppData\Roaming\My Games
2008-03-30 01:37 --------- d-----w C:\Program Files\GameSpy Arcade
2008-03-24 12:44 --------- d-----w C:\Users\atchoum\AppData\Roaming\Apple Computer
2008-03-19 18:47 4,608 ----a-w C:\Windows\System32\w95inf32.dll
2008-03-19 18:47 2,272 ----a-w C:\Windows\System32\w95inf16.dll
2008-03-17 09:30 --------- d-----w C:\Users\atchoum\AppData\Roaming\Image Zone Express
2008-03-17 09:23 --------- d-----w C:\Users\atchoum\AppData\Roaming\Printer Info Cache
2008-03-16 21:37 307,968 ----a-w C:\Windows\System32\TuneUpDefragService.exe
2008-03-11 21:00 409,600 ----a-w C:\Windows\System32\wrap_oal.dll
2008-03-11 21:00 114,688 ----a-w C:\Windows\System32\OpenAL32.dll
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-28 19:13 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-02-27 12:15 28,416 ----a-w C:\Windows\System32\uxtuneup.dll
2008-02-27 12:15 16,640 ----a-w C:\Windows\System32\authuitu.dll
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2007-09-17 18:28 174 --sha-w C:\Program Files\desktop.ini
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-16 19:28 1232896]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"DriveLED"="J:\Program Files\OO Software\DriveLED\oodled.exe" [2005-02-28 13:29 293376]
"PeerGuardian"="J:\Program Files\PeerGuardian2\pg2.exe" [2007-06-02 15:59 1457152]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 18:15 221184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-17 15:40 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 15:42 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2006-11-20 13:34 155648]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 15:16 65536]
"ooccctrl.exe"="J:\Program Files\OO Software\CleverCache\ooccctrl.exe" [2007-01-28 16:08 1911568]
"OODefragTray"="C:\Windows\system32\oodtray.exe" [2007-06-29 00:01 2512128]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 20:15 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 20:15 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 20:15 81920]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-14 21:14 262401]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Nolnstrumentation"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_lmwl]
fsp_lmwl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winskf32]
winskf32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"msacm.imc"= imc32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"Gestionnaire Antidote.exe"=J:\Program Files\Antidote\Gestionnaire Antidote.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"PAC7311_Monitor"=C:\Windows\PixArt\PAC7311\Monitor.exe
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"Transcode360"=C:\Program Files\Transcode360\Transcode360Tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{13AC203D-38B6-4DF0-99DE-A6000DCBA468}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{87C25274-A5CA-412C-83ED-EA83E5E87399}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{4461F9CA-3507-4661-B5A3-87D872C57458}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{93CE7140-2063-426D-8320-64EE19097F00}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{04456528-1587-42B5-97AB-D180F4DA45A7}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{9EC78425-ABEF-4119-89A4-AE99509C389F}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{D142A534-4244-4896-9DC7-0D5EA35DDCB2}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"{068FCEB7-E411-445E-96C4-263187887218}"= UDP:7885:7885
"{8D29B88C-B8DF-442A-8C9E-33657CBD577B}"= TCP:7558:7885udp
"TCP Query User{B150A8C2-2869-4D83-AED5-19E90B795464}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{CBCC388E-2AA1-414B-AE8C-E0111DDA895A}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{19B1AABC-780B-4FE5-B48E-4C75BFD55971}"= TCP:8889:468
"{5D2E23CD-6C48-4214-9A65-1F273300BC16}"= Profile=Public|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C285AC17-F217-496A-B669-316735601E2D}"= Profile=Public|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9927D472-031B-4D21-9166-42412741CC3A}"= Disabled:C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3D4B4FF4-1B81-4050-9F60-50BA251B6868}"= Disabled:C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7B61000D-1DE4-4B63-9BD9-E1927A2DB8FA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B521AE01-2E24-45EF-9039-0D9E46AE79D2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{982127C9-407B-45AA-A2E5-82F0BD76807D}"= UDP:1401:xbox 360
"{85213D7D-E0BA-48E7-AB92-C6CC51FFB96B}"= TCP:1401:xbox 360
"TCP Query User{0DD16419-7E46-42ED-898D-26D94F07D371}C:\\program files\\transcode360\\transcode360tray.exe"= UDP:C:\program files\transcode360\transcode360tray.exe:
"UDP Query User{9B8050A4-EB45-4E70-85F2-41A5109E69CE}C:\\program files\\transcode360\\transcode360tray.exe"= TCP:C:\program files\transcode360\transcode360tray.exe:
"{09F3264F-50FC-476D-9786-C842884DE51B}"= UDP:54437:µtorTCP
"{5CE5F299-85C5-4F6A-9849-EF03F31EA599}"= TCP:54437:µto UDP
"TCP Query User{EF185A12-0EDB-4E71-B571-615A78CF55FA}J:\\program files\\foxit software\\pdf editor\\pdfedit.exe"= UDP:J:\program files\foxit software\pdf editor\pdfedit.exe:Foxit PDF Editor, the first REAL editor for PDF files!
"UDP Query User{1D5B8A8C-CF43-49D6-A7C3-01EDD15792E2}J:\\program files\\foxit software\\pdf editor\\pdfedit.exe"= TCP:J:\program files\foxit software\pdf editor\pdfedit.exe:Foxit PDF Editor, the first REAL editor for PDF files!
"TCP Query User{714DC2C7-0C1E-4F1F-82B2-5D171CC0F822}J:\\program files\\sacred underworld\\sacred.exe"= UDP:J:\program files\sacred underworld\sacred.exe:Sacred
"UDP Query User{0944B2FE-E828-4516-AEAC-12FF5E928F14}J:\\program files\\sacred underworld\\sacred.exe"= TCP:J:\program files\sacred underworld\sacred.exe:Sacred
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 OODrvled;OODrvled;C:\Windows\system32\DRIVERS\OODrvled.sys [2005-02-28 13:27]
R2 LmpcService;Lock My PC Service;J:\Program Files\Lock My PC 4\LmpcServ.exe [2007-06-12 16:47]
R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
R3 LMPC4;LMPC4;C:\Windows\system32\drivers\LMPC4.sys [2007-02-21 21:21]
R3 PAC7311;PAC7312 VGA USB Camera;C:\Windows\system32\DRIVERS\PA707UCM.SYS [2007-01-11 10:34]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-03-16 23:37]
S3 UMPass;Pilote Microsoft UMPass;C:\Windows\system32\DRIVERS\umpass.sys [2006-11-02 10:55]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
rsmsvcs REG_MULTI_SZ ntmssvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e70f95e-d4db-11db-bc8a-806e6f6e6963}]
\shell\AutoRun\command - E:\Monkey.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-16 20:00:01 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 22:00:38
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-16 22:01:21
ComboFix-quarantined-files.txt 2008-05-16 20:01:18
ComboFix2.txt 2008-05-16 19:26:34
ComboFix3.txt 2008-05-16 18:48:32
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
207 --- E O F --- 2008-05-15 17:28:30
Rapport Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:02:12, on 16/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
J:\Program Files\Lock My PC 4\lockpc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
J:\Program Files\OO Software\CleverCache\ooccctrl.exe
C:\Windows\System32\oodtray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
J:\Program Files\OO Software\DriveLED\oodled.exe
J:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\conime.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [ooccctrl.exe] J:\Program Files\OO Software\CleverCache\ooccctrl.exe /tasktray
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DriveLED] J:\Program Files\OO Software\DriveLED\oodled.exe
O4 - HKCU\..\Run: [PeerGuardian] J:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - J:\Program Files\Antidote\Internet Explorer\7\Antidote K - IE 7.htm (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - J:\Program Files\Antidote\Internet Explorer\7\Antidote D - IE 7.htm (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - J:\Program Files\Antidote\Internet Explorer\7\Antidote G - IE 7.htm (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: fsp_lmwl - fsp_lmwl.dll (file missing)
O20 - Winlogon Notify: winskf32 - winskf32.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lock My PC Service (LmpcService) - Unknown owner - J:\Program Files\Lock My PC 4\LmpcServ.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - J:\Program Files\OO Software\CleverCache\ooccag.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
16 mai 2008 à 22:08
16 mai 2008 à 22:08
ok c'est bon
encore des soucis????
pour protéger gratos ton ordi
http://www.commentcamarche.net/telecharger/logiciel 4 securite
mettre un antivirus
AVAST en français ou ANTIVIR (en anglais mais très efficace)
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
MalwareByte's Anti-Malware + SPYBOT +/- si tea timer non active de spybot:
WINDOWS DEFENDER ou SPYWARE TERMINATOR
+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...
Rq : spybot et ad-aware ont sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
--------
un pare feu :
celui de (Windows) ou mieux Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)
http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall
https://forum.pcastuces.com/sujet.asp?f=25&s=35606
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm
-----------
CCLEANER pour effacer les traces de surf
---------
naviguer avec firefox ou safari ou opera et non internet explorer plus touché par les virus
http://www.mozilla-europe.org/fr/products/firefox/
encore des soucis????
pour protéger gratos ton ordi
http://www.commentcamarche.net/telecharger/logiciel 4 securite
mettre un antivirus
AVAST en français ou ANTIVIR (en anglais mais très efficace)
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
MalwareByte's Anti-Malware + SPYBOT +/- si tea timer non active de spybot:
WINDOWS DEFENDER ou SPYWARE TERMINATOR
+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...
Rq : spybot et ad-aware ont sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
--------
un pare feu :
celui de (Windows) ou mieux Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)
http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall
https://forum.pcastuces.com/sujet.asp?f=25&s=35606
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm
-----------
CCLEANER pour effacer les traces de surf
---------
naviguer avec firefox ou safari ou opera et non internet explorer plus touché par les virus
http://www.mozilla-europe.org/fr/products/firefox/
atchoum83440
Messages postés
28
Date d'inscription
jeudi 15 mai 2008
Statut
Membre
Dernière intervention
12 juin 2011
16 mai 2008 à 22:11
16 mai 2008 à 22:11
bah visiblement j'en ai put de souci enfin pour l'instant antivir ne passe pas son temps a me dire que j'ai un souci avec un trojan
donc c'est déjà un réel progrès je pence que c'est résolu je te dirai dans le temps si ça tiens vraiment la route ou pas
en tout cas merci de ton aide et de tes nombreux conseil
donc c'est déjà un réel progrès je pence que c'est résolu je te dirai dans le temps si ça tiens vraiment la route ou pas
en tout cas merci de ton aide et de tes nombreux conseil
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
16 mai 2008 à 23:13
16 mai 2008 à 23:13
ok
tu peux faire un scan avec antivir et le coller pour finir !
tu peux faire un scan avec antivir et le coller pour finir !
atchoum83440
Messages postés
28
Date d'inscription
jeudi 15 mai 2008
Statut
Membre
Dernière intervention
12 juin 2011
17 mai 2008 à 15:09
17 mai 2008 à 15:09
Avira AntiVir Personal
Report file date: samedi 17 mai 2008 12:00
Scanning for 1276115 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Boot mode: Normally booted
Username: SYSTEM
Computer name: BATISTIN
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 14/04/2008 19:14:04
AVSCAN.DLL : 8.1.1.0 53505 Bytes 14/04/2008 19:14:04
LUKE.DLL : 8.1.2.9 151809 Bytes 14/04/2008 19:14:05
LUKERES.DLL : 8.1.2.1 12033 Bytes 14/04/2008 19:14:05
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 16:17:57
ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 05/05/2008 17:48:27
ANTIVIR3.VDF : 7.0.4.52 329728 Bytes 16/05/2008 17:49:35
Engineversion : 8.1.0.46
AEVDF.DLL : 8.1.0.5 102772 Bytes 14/04/2008 19:14:06
AESCRIPT.DLL : 8.1.0.33 266618 Bytes 15/05/2008 17:48:36
AESCN.DLL : 8.1.0.18 119156 Bytes 15/05/2008 17:48:36
AERDL.DLL : 8.1.0.20 418165 Bytes 25/04/2008 09:34:13
AEPACK.DLL : 8.1.1.5 364918 Bytes 15/05/2008 17:48:35
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 18/04/2008 22:25:48
AEHEUR.DLL : 8.1.0.29 1253750 Bytes 15/05/2008 17:48:35
AEHELP.DLL : 8.1.0.14 115063 Bytes 18/04/2008 22:25:47
AEGEN.DLL : 8.1.0.21 303477 Bytes 15/05/2008 17:48:34
AEEMU.DLL : 8.1.0.6 430451 Bytes 08/05/2008 17:46:15
AECORE.DLL : 8.1.0.29 168311 Bytes 15/05/2008 17:48:33
AVWINLL.DLL : 1.0.0.7 14593 Bytes 14/04/2008 19:14:04
AVPREF.DLL : 8.0.0.1 25857 Bytes 14/04/2008 19:14:04
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 14/04/2008 19:14:04
AVARKT.DLL : 1.0.0.23 307457 Bytes 14/04/2008 19:14:04
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 14/04/2008 19:14:04
SQLITE3.DLL : 3.3.17.1 339968 Bytes 14/04/2008 19:14:05
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 14/04/2008 19:14:05
NETNT.DLL : 8.0.0.1 7937 Bytes 14/04/2008 19:14:05
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 14/04/2008 19:14:02
RCTEXT.DLL : 8.0.32.0 86273 Bytes 14/04/2008 19:14:02
Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, J:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: high
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Start of the scan: samedi 17 mai 2008 12:00
Starting search for hidden objects.
'64450' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'RacAgent.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'kbd.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'pg2.exe' - '1' Module(s) have been scanned
Scan process 'oodled.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'oodtray.exe' - '1' Module(s) have been scanned
Scan process 'ooccctrl.exe' - '1' Module(s) have been scanned
Scan process 'OSD.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'lockpc.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ooccag.exe' - '1' Module(s) have been scanned
Scan process 'oodag.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Crypserv.exe' - '1' Module(s) have been scanned
Scan process 'CISVC.EXE' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LmpcServ.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
66 processes with 66 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD2
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD3
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD4
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'J:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '13' files ).
Starting the file scan:
Begin scan in 'C:\' <HP>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <Recovery>
Begin scan in 'J:\' <Stock>
J:\pagefile.sys
[WARNING] The file could not be opened!
End of the scan: samedi 17 mai 2008 13:26
Used time: 1:25:57 min
The scan has been done completely.
15204 Scanning directories
351275 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
4 Files cannot be scanned
351275 Files not concerned
4336 Archives were scanned
8 Warnings
0 Notes
64450 Objects were scanned with rootkit scan
0 Hidden objects were found
Tiens voila mon scan avec antivir
merci de ton aide
aujourd'hui il en ma rien trouver merci pour tout
j'allé formaté mon vista parce que je trouver pas de solution
Report file date: samedi 17 mai 2008 12:00
Scanning for 1276115 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Boot mode: Normally booted
Username: SYSTEM
Computer name: BATISTIN
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 14/04/2008 19:14:04
AVSCAN.DLL : 8.1.1.0 53505 Bytes 14/04/2008 19:14:04
LUKE.DLL : 8.1.2.9 151809 Bytes 14/04/2008 19:14:05
LUKERES.DLL : 8.1.2.1 12033 Bytes 14/04/2008 19:14:05
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 16:17:57
ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 05/05/2008 17:48:27
ANTIVIR3.VDF : 7.0.4.52 329728 Bytes 16/05/2008 17:49:35
Engineversion : 8.1.0.46
AEVDF.DLL : 8.1.0.5 102772 Bytes 14/04/2008 19:14:06
AESCRIPT.DLL : 8.1.0.33 266618 Bytes 15/05/2008 17:48:36
AESCN.DLL : 8.1.0.18 119156 Bytes 15/05/2008 17:48:36
AERDL.DLL : 8.1.0.20 418165 Bytes 25/04/2008 09:34:13
AEPACK.DLL : 8.1.1.5 364918 Bytes 15/05/2008 17:48:35
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 18/04/2008 22:25:48
AEHEUR.DLL : 8.1.0.29 1253750 Bytes 15/05/2008 17:48:35
AEHELP.DLL : 8.1.0.14 115063 Bytes 18/04/2008 22:25:47
AEGEN.DLL : 8.1.0.21 303477 Bytes 15/05/2008 17:48:34
AEEMU.DLL : 8.1.0.6 430451 Bytes 08/05/2008 17:46:15
AECORE.DLL : 8.1.0.29 168311 Bytes 15/05/2008 17:48:33
AVWINLL.DLL : 1.0.0.7 14593 Bytes 14/04/2008 19:14:04
AVPREF.DLL : 8.0.0.1 25857 Bytes 14/04/2008 19:14:04
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 14/04/2008 19:14:04
AVARKT.DLL : 1.0.0.23 307457 Bytes 14/04/2008 19:14:04
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 14/04/2008 19:14:04
SQLITE3.DLL : 3.3.17.1 339968 Bytes 14/04/2008 19:14:05
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 14/04/2008 19:14:05
NETNT.DLL : 8.0.0.1 7937 Bytes 14/04/2008 19:14:05
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 14/04/2008 19:14:02
RCTEXT.DLL : 8.0.32.0 86273 Bytes 14/04/2008 19:14:02
Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, J:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: high
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Start of the scan: samedi 17 mai 2008 12:00
Starting search for hidden objects.
'64450' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'RacAgent.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'kbd.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'pg2.exe' - '1' Module(s) have been scanned
Scan process 'oodled.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'oodtray.exe' - '1' Module(s) have been scanned
Scan process 'ooccctrl.exe' - '1' Module(s) have been scanned
Scan process 'OSD.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'lockpc.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ooccag.exe' - '1' Module(s) have been scanned
Scan process 'oodag.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Crypserv.exe' - '1' Module(s) have been scanned
Scan process 'CISVC.EXE' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LmpcServ.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
66 processes with 66 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD2
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD3
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD4
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'J:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '13' files ).
Starting the file scan:
Begin scan in 'C:\' <HP>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <Recovery>
Begin scan in 'J:\' <Stock>
J:\pagefile.sys
[WARNING] The file could not be opened!
End of the scan: samedi 17 mai 2008 13:26
Used time: 1:25:57 min
The scan has been done completely.
15204 Scanning directories
351275 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
4 Files cannot be scanned
351275 Files not concerned
4336 Archives were scanned
8 Warnings
0 Notes
64450 Objects were scanned with rootkit scan
0 Hidden objects were found
Tiens voila mon scan avec antivir
merci de ton aide
aujourd'hui il en ma rien trouver merci pour tout
j'allé formaté mon vista parce que je trouver pas de solution
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
18 mai 2008 à 11:34
18 mai 2008 à 11:34
ok c'est bon bonne continuation
15 mai 2008 à 21:12
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:07:44, on 15/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
J:\Program Files\Lock My PC 4\lockpc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
J:\Program Files\OO Software\CleverCache\ooccctrl.exe
C:\Windows\System32\oodtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
J:\Program Files\OO Software\DriveLED\oodled.exe
J:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B2087576-4233-48D9-8D09-53EE51A3C1C1} - C:\Windows\system32\byvwt.dll
O2 - BHO: (no name) - {E9383002-FC55-4330-B9C9-67E03BC5C840} - C:\Windows\system32\vtuss.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [ooccctrl.exe] J:\Program Files\OO Software\CleverCache\ooccctrl.exe /tasktray
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\vtuss.dll,#1
O4 - HKLM\..\Run: [BM93a94a07] Rundll32.exe "C:\Windows\system32\seeifoli.dll",s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DriveLED] J:\Program Files\OO Software\DriveLED\oodled.exe
O4 - HKCU\..\Run: [PeerGuardian] J:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - J:\Program Files\Antidote\Internet Explorer\7\Antidote K - IE 7.htm (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - J:\Program Files\Antidote\Internet Explorer\7\Antidote D - IE 7.htm (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - J:\Program Files\Antidote\Internet Explorer\7\Antidote G - IE 7.htm (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - file:///C:/Users/atchoum/AppData/Local/Oberon%20Media/Oberon%20Games%20Host/popcaploader_v6.cab
O20 - Winlogon Notify: fsp_lmwl - C:\Windows\SYSTEM32\fsp_lmwl.dll
O20 - Winlogon Notify: winskf32 - winskf32.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lock My PC Service (LmpcService) - Unknown owner - J:\Program Files\Lock My PC 4\LmpcServ.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - J:\Program Files\OO Software\CleverCache\ooccag.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe