A voir également:
- You have a problem securitu
- Over current have been detected on your usb device - Forum Windows
- You have a lowid. please review your network config and/or your settings. - Forum Windows
- USB device over current status detected ✓ - Forum Virus
- You have not made any change to the bios settings - Forum Ubuntu
- The instruction data for this shipment have been provided by the sender to dhl electronically ✓ - Forum Consommation & Internet
47 réponses
Bonjour,
ce fichier m'agace :
C:\WINDOWS\system32\apepglcn.exe
Démarre en mode sans échec.
Ouvre l'explorateur Windows et supprime le par clic droit et suprimer.
Ferme l'Explorateur.
Regarde si il est dans la Corbeille. Vide la (qu'il y soit ou non).
Réouvre l'Explorateur.
Le fichier a disparu ?
Redémarre en mode normal.
Le fichier a disparu ? (vérification via l'Explorateur).
ce fichier m'agace :
C:\WINDOWS\system32\apepglcn.exe
Démarre en mode sans échec.
Ouvre l'explorateur Windows et supprime le par clic droit et suprimer.
Ferme l'Explorateur.
Regarde si il est dans la Corbeille. Vide la (qu'il y soit ou non).
Réouvre l'Explorateur.
Le fichier a disparu ?
Redémarre en mode normal.
Le fichier a disparu ? (vérification via l'Explorateur).
Re,
c'est quoi un automaticien ?
Un peu de nettoyage des outils.
Télécharge ToolsCleaner par A.Rothstein & dj QUIOU sur ton Bureau.
http://pc-system.fr/
hxxp://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe
hxxp://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe
Clique sur Recherche et laisse le scan se terminer.
Clique, sur Suppression pour finaliser.
Tu peux, si tu le souhaites, te servir des Options facultatives.
Clique sur Quitter, pour que le rapport puisse se créer.
Poste moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur( C:\).
c'est quoi un automaticien ?
Un peu de nettoyage des outils.
Télécharge ToolsCleaner par A.Rothstein & dj QUIOU sur ton Bureau.
http://pc-system.fr/
hxxp://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe
hxxp://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe
Clique sur Recherche et laisse le scan se terminer.
Clique, sur Suppression pour finaliser.
Tu peux, si tu le souhaites, te servir des Options facultatives.
Clique sur Quitter, pour que le rapport puisse se créer.
Poste moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur( C:\).
Re,
on a besoin de compétences en programmation "basique" (batch en DOS, files.ini, ...)
Supprime ToolsCleaner sur ton Bureau et C:\TCleaner.txt
Si tu as des problèmes, tu réouvres le post.
Pour le reste, bon boulot (et bon surf si tu pratiques aussi).
on a besoin de compétences en programmation "basique" (batch en DOS, files.ini, ...)
Supprime ToolsCleaner sur ton Bureau et C:\TCleaner.txt
Si tu as des problèmes, tu réouvres le post.
Pour le reste, bon boulot (et bon surf si tu pratiques aussi).
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
merci pour ton aide , ci joint le rapport
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:27:31, on 04/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\agrsmsvc.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\program files\common files\Siemens\ACE\bin\CCAgent.exe C:\program files\common files\Siemens\ACE\bin\CCEServer.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Binn\sqlservr.exe c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe C:\program files\common files\Siemens\ACE\bin\RedundancyControl.exe C:\program files\common files\Siemens\ACE\bin\RedundancyState.exe C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe C:\program files\common files\Siemens\S7IEPG\s7oiehsx.exe C:\Program Files\Fichiers communs\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe C:\program files\common files\Siemens\ACE\bin\SCSMX.exe C:\Program Files\UltraVNC\WinVNC.exe C:\WINDOWS\Explorer.EXE C:\program files\common files\Siemens\sws\almsrv\almsrvx.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Documents and Settings\All Users\Application Data\xmfilsrm\fgjkrczk.exe C:\Program Files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Binn\sqlagent.EXE C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\program files\common files\Siemens\S7ubtoox\s7ubtstx.exe C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2007\HmiSmartStart.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\lphcn42j0er87.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\video1018.cfg.exe C:\WINDOWS\system32\ncnqnmfi.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\a.exe C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2007\HmiES.exe C:\program files\common files\Siemens\Sqlany\dbsrv9.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\S7OTBXSX.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.2:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [S7UB Start] "C:\program files\common files\Siemens\S7ubtoox\s7ubtstx.exe" -StartDB O4 - HKLM\..\Run: [WinCC flexible Smart Start] "C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2007\HmiSmartStart.exe" /startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [lphcn42j0er87] C:\WINDOWS\system32\lphcn42j0er87.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [Somefox] C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\video1018.cfg.exe O4 - HKCU\..\Run: [ShAplGen] C:\WINDOWS\system32\ncnqnmfi.exe O4 - HKCU\..\Run: [SmartSrvAct] C:\WINDOWS\system32\utilmngd.exe O4 - HKLM\..\Policies\Explorer\Run: [0UDCe4MHJa] C:\Documents and Settings\All Users\Application Data\xmfilsrm\fgjkrczk.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_09] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_10] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_11] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Raccourci vers script.lnk = C:\script.bat O4 - Startup: SyncBack.lnk = C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/... O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\program files\common files\Siemens\sws\almsrv\almsrvx.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: CCAgent - SIEMENS AG - C:\program files\common files\Siemens\ACE\bin\CCAgent.exe O23 - Service: CCEClient - SIEMENS AG - C:\program files\common files\Siemens\ACE\bin\CCEClient.exe O23 - Service: CCEServer - SIEMENS AG - C:\program files\common files\Siemens\ACE\bin\CCEServer.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe O23 - Service: RedundancyControl - SIEMENS AG - C:\program files\common files\Siemens\ACE\bin\RedundancyControl.exe O23 - Service: RedundancyState - SIEMENS AG - C:\program files\common files\Siemens\ACE\bin\RedundancyState.exe O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\program files\common files\Siemens\S7IEPG\s7oiehsx.exe O23 - Service: S7TraceServiceX - SIEMENS AG - C:\Program Files\Fichiers communs\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe O23 - Service: SCSMonitor - SIEMENS AG - C:\program files\common files\Siemens\ACE\bin\SCSMX.exe O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe -- End of file - 12446 bytes
re , et merci de t interresser a mon pb
Windows security alert ( Trojan spy HTML braukfraud.ds)
Windows security alert ( Trojan spy 32.keylogger.aa)
ci joint le rapport.
merci
Yann
Windows security alert ( Trojan spy HTML braukfraud.ds)
Windows security alert ( Trojan spy 32.keylogger.aa)
ci joint le rapport.
Malwarebytes' Anti-Malware 1.26 Version de la base de données: 1112 Windows 5.1.2600 Service Pack 2 04/09/2008 13:03:59 mbam-log-2008-09-04 (13-03-59).txt Type de recherche: Examen rapide Eléments examinés: 66149 Temps écoulé: 10 minute(s), 52 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 2 Valeur(s) du Registre infectée(s): 4 Elément(s) de données du Registre infecté(s): 2 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 6 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcn42j0er87 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\lphcn42j0er87.exe (Trojan.FakeAlert) -> Delete on reboot. C:\WINDOWS\system32\phcn42j0er87.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Utilisateur\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Utilisateur\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Utilisateur\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Utilisateur\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
merci
Yann
voila ,
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:10:01, on 04/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\agrsmsvc.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\program files\common files\Siemens\ACE\bin\CCAgent.exe C:\program files\common files\Siemens\ACE\bin\CCEServer.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Binn\sqlservr.exe C:\WINDOWS\Explorer.EXE c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe C:\program files\common files\Siemens\ACE\bin\RedundancyControl.exe C:\program files\common files\Siemens\ACE\bin\RedundancyState.exe C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe C:\program files\common files\Siemens\S7IEPG\s7oiehsx.exe C:\Program Files\Fichiers communs\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe C:\program files\common files\Siemens\ACE\bin\SCSMX.exe C:\Program Files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Binn\sqlagent.EXE C:\Documents and Settings\All Users\Application Data\xmfilsrm\fgjkrczk.exe C:\Program Files\UltraVNC\WinVNC.exe C:\program files\common files\Siemens\sws\almsrv\almsrvx.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\program files\common files\Siemens\S7ubtoox\s7ubtstx.exe C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2007\HmiSmartStart.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\WINDOWS\system32\ncnqnmfi.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\program files\common files\Siemens\Sqlany\dbsrv9.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2007\HmiES.exe C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\WINDOWS\system32\S7OTBXSX.EXE C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Utilisateur\Local Settings\Temporary Internet Files\Content.IE5\PLZKNIRN\HiJackThis[1].exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.2:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [S7UB Start] "C:\program files\common files\Siemens\S7ubtoox\s7ubtstx.exe" -StartDB O4 - HKLM\..\Run: [WinCC flexible Smart Start] "C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2007\HmiSmartStart.exe" /startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [ShAplGen] C:\WINDOWS\system32\ncnqnmfi.exe O4 - HKCU\..\Run: [SmartSrvAct] C:\WINDOWS\system32\utilmngd.exe O4 - HKCU\..\Run: [appsmartsrv] C:\WINDOWS\system32\litwrwho.exe O4 - HKCU\..\Run: [SrvSh] C:\WINDOWS\system32\apepglcn.exe O4 - HKCU\..\Run: [comaplcfg] C:\WINDOWS\system32\zezkxovu.exe O4 - HKCU\..\Run: [sysinfo] C:\WINDOWS\system32\ufotslad.exe O4 - HKLM\..\Policies\Explorer\Run: [0UDCe4MHJa] C:\Documents and Settings\All Users\Application Data\xmfilsrm\fgjkrczk.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_09] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_10] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_11] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Raccourci vers script.lnk = C:\script.bat O4 - Startup: SyncBack.lnk = C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/... O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\program files\common files\Siemens\sws\almsrv\almsrvx.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: CCAgent - SIEMENS AG - C:\program files\common files\Siemens\ACE\bin\CCAgent.exe O23 - Service: CCEClient - SIEMENS AG - C:\program files\common files\Siemens\ACE\bin\CCEClient.exe O23 - Service: CCEServer - SIEMENS AG - C:\program files\common files\Siemens\ACE\bin\CCEServer.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe O23 - Service: RedundancyControl - SIEMENS AG - C:\program files\common files\Siemens\ACE\bin\RedundancyControl.exe O23 - Service: RedundancyState - SIEMENS AG - C:\program files\common files\Siemens\ACE\bin\RedundancyState.exe O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\program files\common files\Siemens\S7IEPG\s7oiehsx.exe O23 - Service: S7TraceServiceX - SIEMENS AG - C:\Program Files\Fichiers communs\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe O23 - Service: SCSMonitor - SIEMENS AG - C:\program files\common files\Siemens\ACE\bin\SCSMX.exe O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe -- End of file - 12462 bytes
salut , ben .. version non officiel ? c est mon portable du taf , il m a ete livré comme ca . mais bon ..
rapport de systemscan
rapport de systemscan
SystemScan - www.suspectfile.com - ver. 3.5.5 (code: holifay & bReAkdOWn) Running on: Windows XP PROFESSIONAL Edition, Service Pack 2 (2600.5.1) System directory: C:\WINDOWS SystemScan file: C:\Documents and Settings\Utilisateur\Local Settings\Temporary Internet Files\Content.IE5\PLZKNIRN\sys45685[1].exe Running in: User mode Date: 05/09/2008 Time: 07:42:24 Output limited to: -Recent files ===================== RECENT FILES ===================== Showing files newer than 30 days ----- recent files in C:\ 26/08/2008 15:56:27 9 byte 10 days old -- WKSDebug 26/08/2008 15:57:23 (DIR) 0 byte 10 days old -- MesHeures 03/09/2008 13:26:30 (DIR) 0 byte 2 days old -- TIMENET 04/09/2008 12:35:48 (DIR) 0 byte 1 days old -- WINDOWS 04/09/2008 12:50:59 (DIR) 0 byte 1 days old -- Program Files 05/09/2008 07:33:02 2145386496 byte 0 days old -- pagefile.sys ----- recent files in C:\WINDOWS\ 11/08/2008 15:58:50 (DIR) 0 byte 25 days old -- $NtUninstallKB936782_WMP11$ 11/08/2008 15:59:04 (DIR) 0 byte 25 days old -- $NtUninstallKB932823-v3$ 11/08/2008 15:59:36 (DIR) 0 byte 25 days old -- $NtUninstallKB950749$ 11/08/2008 15:59:47 (DIR) 0 byte 25 days old -- $NtUninstallKB945553$ 11/08/2008 16:00:07 (DIR) 0 byte 25 days old -- $NtUninstallKB948590$ 11/08/2008 16:00:10 (DIR) 0 byte 25 days old -- $NtUninstallKB950760$ 11/08/2008 16:00:25 (DIR) 0 byte 25 days old -- $NtUninstallKB929399$ 11/08/2008 16:00:37 (DIR) 0 byte 25 days old -- $NtUninstallKB950762$ 11/08/2008 16:02:25 (DIR) 0 byte 25 days old -- $NtUninstallKB941693$ 11/08/2008 16:02:29 (DIR) 0 byte 25 days old -- $NtUninstallKB951698$ 11/08/2008 16:03:06 715 byte 25 days old -- win.ini 11/08/2008 16:04:09 (DIR) 0 byte 25 days old -- ie7updates 11/08/2008 16:04:26 (DIR) 0 byte 25 days old -- $hf_mig$ 11/08/2008 16:04:27 (DIR) 0 byte 25 days old -- $NtUninstallKB951376-v2$ 12/08/2008 08:33:20 (DIR) 0 byte 24 days old -- Tasks 12/08/2008 09:26:46 (DIR) 0 byte 24 days old -- inf 26/08/2008 13:29:21 1020 byte 10 days old -- s5wg.ini 27/08/2008 10:48:53 37 byte 9 days old -- vbaddin.ini 27/08/2008 10:49:35 (DIR) 0 byte 9 days old -- Registration 29/08/2008 10:40:36 92 byte 7 days old -- HmiRTmSim.INI 29/08/2008 11:34:42 (DIR) 0 byte 7 days old -- Help 01/09/2008 11:46:35 28 byte 4 days old -- Utilisateur.acl 01/09/2008 12:17:14 (DIR) 0 byte 4 days old -- Fonts 01/09/2008 13:31:50 231 byte 4 days old -- system.ini 01/09/2008 14:18:20 (DIR) 0 byte 4 days old -- CSC 03/09/2008 14:43:31 1580 byte 2 days old -- aopr.ini 04/09/2008 11:16:23 (DIR) 0 byte 1 days old -- Minidump 04/09/2008 11:16:23 (DIR) 0 byte 1 days old -- Debug 04/09/2008 11:56:00 155350 byte 1 days old -- ntbtlog.txt 04/09/2008 15:37:18 (DIR) 0 byte 1 days old -- Installer 04/09/2008 16:03:21 69 byte 1 days old -- UtahS7Integrate.ini 04/09/2008 16:03:44 32522 byte 1 days old -- SchedLgU.Txt 05/09/2008 07:33:07 2048 byte 0 days old -- bootstat.dat 05/09/2008 07:33:22 0 byte 0 days old -- 0.log 05/09/2008 07:33:23 (DIR) 0 byte 0 days old -- Temp 05/09/2008 07:37:26 (DIR) 0 byte 0 days old -- system32 05/09/2008 07:38:28 2017630 byte 0 days old -- WindowsUpdate.log 05/09/2008 07:41:42 (DIR) 0 byte 0 days old -- Prefetch ----- recent files in C:\WINDOWS\Downloaded Program Files\ ----- recent files in C:\WINDOWS\system\ ----- recent files in C:\WINDOWS\system32\ 11/08/2008 16:02:28 (DIR) 0 byte 25 days old -- CatRoot 11/08/2008 16:04:16 (DIR) 0 byte 25 days old -- fr-fr 11/08/2008 16:04:27 (DIR) 0 byte 25 days old -- dllcache 12/08/2008 07:58:22 (DIR) 0 byte 24 days old -- wbem 19/08/2008 11:10:50 6761 byte 17 days old -- jupdate-1.6.0_07-b06.log 01/09/2008 13:29:34 360136 byte 4 days old -- FNTCACHE.DAT 03/09/2008 14:50:04 94208 byte 2 days old -- ncnqnmfi.exe 04/09/2008 08:21:54 94208 byte 1 days old -- utilmngd.exe 04/09/2008 08:41:45 94208 byte 1 days old -- litwrwho.exe 04/09/2008 09:09:56 94208 byte 1 days old -- apepglcn.exe 04/09/2008 12:36:06 90112 byte 1 days old -- zezkxovu.exe 04/09/2008 13:08:10 (DIR) 0 byte 1 days old -- drivers 04/09/2008 13:09:21 90112 byte 1 days old -- ufotslad.exe 04/09/2008 16:03:44 (DIR) 0 byte 1 days old -- CatRoot2 05/09/2008 07:33:43 2206 byte 0 days old -- wpa.dbl 05/09/2008 07:33:51 57344 byte 0 days old -- userinit.exe 05/09/2008 07:37:26 86468 byte 0 days old -- perfc00C.dat 05/09/2008 07:37:26 72332 byte 0 days old -- perfc009.dat 05/09/2008 07:37:26 426956 byte 0 days old -- perfh009.dat 05/09/2008 07:37:26 599102 byte 0 days old -- PerfStringBackup.INI 05/09/2008 07:37:26 3792 byte 0 days old -- perfh00C.dat ----- recent files in C:\WINDOWS\system32\drivers\ 02/09/2008 00:16:40 17200 byte 3 days old -- mbam.sys 02/09/2008 00:16:46 38528 byte 3 days old -- mbamswissarmy.sys 04/09/2008 12:34:15 (DIR) 0 byte 1 days old -- etc ----- recent files in C:\WINDOWS\temp\ ----- recent files in C:\Program Files\ 11/08/2008 12:40:07 (DIR) 0 byte 25 days old -- Messenger Plus! Live 11/08/2008 16:04:16 (DIR) 0 byte 25 days old -- Internet Explorer 14/08/2008 14:16:37 (DIR) 0 byte 22 days old -- Microsoft Silverlight 19/08/2008 11:10:50 (DIR) 0 byte 17 days old -- Java 20/08/2008 10:13:34 (DIR) 0 byte 16 days old -- El Juky 20/08/2008 10:35:18 (DIR) 0 byte 16 days old -- Ant Renamer 01/09/2008 12:19:31 (DIR) 0 byte 4 days old -- Com32 03/09/2008 10:24:22 (DIR) 0 byte 2 days old -- CS6 03/09/2008 13:26:30 (DIR) 0 byte 2 days old -- ACCESSRT 03/09/2008 15:33:05 (DIR) 0 byte 2 days old -- Lavasoft 04/09/2008 07:49:57 (DIR) 0 byte 1 days old -- Fichiers communs 04/09/2008 07:54:09 (DIR) 0 byte 1 days old -- Elcomsoft 04/09/2008 08:25:57 (DIR) 0 byte 1 days old -- Trend Micro 04/09/2008 08:35:32 (DIR) 0 byte 1 days old -- SAV 04/09/2008 12:51:01 (DIR) 0 byte 1 days old -- Malwarebytes' Anti-Malware 04/09/2008 14:08:41 (DIR) 0 byte 1 days old -- Spybot - Search & Destroy 04/09/2008 15:36:54 (DIR) 0 byte 1 days old -- Windows Live 05/09/2008 07:33:19 (DIR) 0 byte 0 days old -- LogMeIn ----- recent files in C:\Program Files\Fichiers communs\ ----- recent files in C:\Documents and Settings\Utilisateur\Application Data\ 20/08/2008 10:43:11 (DIR) 0 byte 16 days old -- U3 21/08/2008 10:08:26 (DIR) 0 byte 15 days old -- Microsoft 04/09/2008 08:18:03 (DIR) 0 byte 1 days old -- Malwarebytes ----- recent files in C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\ 04/09/2008 07:48:09 49152 byte 1 days old -- ~DFBD20.tmp 04/09/2008 08:09:24 0 byte 1 days old -- .ttAC.tmp 04/09/2008 08:21:43 49152 byte 1 days old -- ~DFF904.tmp 04/09/2008 08:41:53 49152 byte 1 days old -- ~DFA2C0.tmp 04/09/2008 09:10:04 49152 byte 1 days old -- ~DF5B1.tmp 04/09/2008 09:44:51 (DIR) 0 byte 1 days old -- VBE 04/09/2008 09:46:23 0 byte 1 days old -- WcesView.log 04/09/2008 11:16:17 (DIR) 0 byte 1 days old -- Cookies 04/09/2008 11:29:08 311296 byte 1 days old -- ~DFE1A2.tmp 04/09/2008 11:29:17 83157 byte 1 days old -- Setup Log 2008-09-04 #001.txt 04/09/2008 11:30:24 (DIR) 0 byte 1 days old -- _avast4_ 04/09/2008 11:31:54 35770 byte 1 days old -- Uninstall Log 2008-09-04 #001.txt 04/09/2008 11:44:55 (DIR) 0 byte 1 days old -- Adobe 04/09/2008 12:36:12 49152 byte 1 days old -- ~DF10C0.tmp 04/09/2008 14:55:24 28 byte 1 days old -- ExchangePerflog_8484fa3116b1b73dcfcccd43.dat 04/09/2008 15:35:01 (DIR) 0 byte 1 days old -- MessengerCache 04/09/2008 15:44:59 859 byte 1 days old -- options.vnc 04/09/2008 16:03:44 524288 byte 1 days old -- tmp3_log.LDF 04/09/2008 16:03:44 6815744 byte 1 days old -- tmp3.tmp 04/09/2008 16:03:44 524288 byte 1 days old -- tmpB_log.LDF 04/09/2008 16:03:44 8192000 byte 1 days old -- tmpB.tmp 05/09/2008 07:33:27 1005722 byte 0 days old -- WCESLog.log 05/09/2008 07:33:28 375 byte 0 days old -- WCESCOMM.LOG 05/09/2008 07:33:30 (DIR) 0 byte 0 days old -- WPDNSE 05/09/2008 07:33:51 33792 byte 0 days old -- ntdll64.dll 05/09/2008 07:35:06 512 byte 0 days old -- ~DF6F7D.tmp 05/09/2008 07:38:26 1036 byte 0 days old -- jusched.log 05/09/2008 07:40:33 49152 byte 0 days old -- ~DFE97D.tmp 05/09/2008 07:41:32 114 byte 0 days old -- systemscan.ini 05/09/2008 07:41:33 (DIR) 0 byte 0 days old -- nspC.tmp 05/09/2008 07:41:33 16384 byte 0 days old -- ~DF1731.tmp 05/09/2008 07:41:40 22486 byte 0 days old -- x.ico ========================================== Scan completed in 0,2 minutes End of report ~~~~~~~~~~~~~~~~~~~~~-----CREDITS-----~~~~~~~~~~~~~~~~~~~~~ SystemScan uses some freeware tools that remain property of their authors: * SteelWerX Registry Console Tool, Who Am I (Bobby Flekman: www.xs4all.nl/~fstaal01) --> "Registry scan", "PC accounts " * dumphive (Markus Stephany)--> "Registry scan" * Listdlls (M.Russinovich, B.Cogswell: www.sysinternals.com) --> "Loaded modules" * Catchme & MBR Rootkit detector (gmer: www.gmer.net) --> "Hidden objects", "Alternate Data Streams" & "Master Boot Record" ---> NOTE: SystemScan integrates "The Avenger" from Swandog46 (http://swandog46.geekstogo.com) to allow you to remove malwares found in this log Thanks to all of them for their hard work
rapport de virus Total
AhnLab-V3 2008.9.3.0 2008.09.03 - AntiVir 7.8.1.23 2008.09.03 - Authentium 5.1.0.4 2008.09.03 - Avast 4.8.1195.0 2008.09.03 - AVG 8.0.0.161 2008.09.03 - BitDefender 7.2 2008.09.03 - CAT-QuickHeal 9.50 2008.09.02 - ClamAV 0.93.1 2008.09.03 - DrWeb 4.44.0.09170 2008.09.03 - eSafe 7.0.17.0 2008.09.02 - eTrust-Vet 31.6.6066 2008.09.03 - Ewido 4.0 2008.09.03 - F-Prot 4.4.4.56 2008.09.03 - F-Secure 8.0.14332.0 2008.09.03 - Fortinet 3.14.0.0 2008.09.03 W32/PolySmall.BP!tr GData 19 2008.09.03 - Ikarus T3.1.1.34.0 2008.09.03 - K7AntiVirus 7.10.439 2008.09.03 - Kaspersky 7.0.0.125 2008.09.03 - McAfee 5375 2008.09.02 - Microsoft 1.3903 2008.09.03 TrojanDownloader:Win32/FakeAlert.C NOD32v2 3411 2008.09.03 - Norman 5.80.02 2008.09.02 - Panda 9.0.0.4 2008.09.02 - PCTools 4.4.2.0 2008.09.03 - Prevx1 V2 2008.09.03 - Rising 20.60.21.00 2008.09.03 - Sophos 4.33.0 2008.09.03 Mal/EncPk-DG Sunbelt 3.1.1582.1 2008.09.02 - Symantec 10 2008.09.03 - TheHacker 6.3.0.8.070 2008.09.02 - TrendMicro 8.700.0.1004 2008.09.03 - VBA32 3.12.8.4 2008.09.03 - ViRobot 2008.9.2.1361 2008.09.03 Trojan.Win32.Amvo.Gen VirusBuster 4.5.11.0 2008.09.02 - Webwasher-Gateway 6.6.2 2008.09.03 - Information additionnelle File size: 94208 bytes MD5...: ff05467662c3ea324af6c1074d4e7813 SHA1..: 6354e099ec63370a205d3ecf602bd0c15f34e05d SHA256: a449ceb23554b05610164707247d9a4bf7d87052b1ead4a89be1dbfa925739a8 SHA512: 707a0929748871720b3a7c72bc6a90c97785b0f691224ab3aae68812968b09ca f54baa5599a4c5535f6526904c642a2235976942128586e9d6f1703e0538f124 PEiD..: - TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x4113be timedatestamp.....: 0x48be7cc3 (Wed Sep 03 12:02:11 2008) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .ecayiv 0x1000 0x13cde 0x14000 6.89 4a76d8bdae797bc59263bcb1622ea03a .yflj 0x15000 0x654 0x1000 2.69 a7e3645462ddef070ae3578369f0f053 .wvtgc 0x16000 0x59c4 0x1000 0.52 d27af4d59a1c31575eb3717f87fe22ae ( 4 imports ) > KERNEL32.dll: GetProcAddress, WaitForMultipleObjects, DuplicateHandle, SuspendThread, FindNextChangeNotification, WaitForSingleObject, VirtualFree, SetLastError, LockResource, GetFileAttributesExW, GetModuleFileNameW, SetThreadPriority, FindResourceExW, ResetEvent, ReadProcessMemory, LoadLibraryA, lstrcpyW, GetPrivateProfileStringW, FindClose, ResumeThread, SizeofResource, GetCurrentProcess, FindFirstChangeNotificationW, QueryDosDeviceW, GetCurrentProcessId > USER32.dll: SetCursorPos, RegisterHotKey, DefWindowProcW, LoadIconW, GetMessageW, CreateWindowExW, ReleaseCapture, GetSystemMetrics, DrawTextW, RegisterWindowMessageW, SetWindowPos, UpdateWindow, SetForegroundWindow, LoadStringW, FillRect, CreatePopupMenu, GetCursorPos, wsprintfW, SystemParametersInfoW, GetClassNameW, GetDlgItem > GDI32.dll: GetMapMode, CreateICW, CreateCompatibleDC, SetDIBits, GetObjectW, SelectObject, MoveToEx, SetBkColor > ADVAPI32.dll: RegSetValueExW, StartServiceW ( 0 exports )
rapport de lop
--------------------\\ Lop S&D 4.2.4-0 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz )
BIOS : KBC Version 83.0F
USER : Utilisateur ( Administrator )
BOOT : Normal boot
"C:\Lop SD" ( MAJ : 04-09-2008|09:55 )
Option : [1] ( 05/09/2008| 7:50 )
--------------------\\ Listing des dossiers dans APPLIC~1
[20/11/2007|09:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[15/11/2007|23:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
[20/03/2008|10:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
[13/02/2008|15:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
[11/03/2008|10:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel
[31/03/2008|14:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GRETECH
[19/11/2007|17:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[04/09/2008|07:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[19/06/2008|08:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogMeIn
[04/09/2008|08:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[12/08/2008|08:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[04/09/2008|15:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[11/02/2008|16:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
[21/11/2007|13:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Siemens
[26/02/2008|14:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Siemens AG
[04/09/2008|14:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[04/09/2008|11:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[20/03/2008|13:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[11/08/2008|07:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[03/09/2008|14:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\xmfilsrm
[15/11/2007|22:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[15/11/2007|22:04] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[15/11/2007|22:04] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[18/02/2008|12:45] C:\DOCUME~1\UTILIS~1\APPLIC~1\Adobe
[15/11/2007|23:24] C:\DOCUME~1\UTILIS~1\APPLIC~1\ATI
[20/03/2008|10:45] C:\DOCUME~1\UTILIS~1\APPLIC~1\Autodesk
[11/03/2008|10:54] C:\DOCUME~1\UTILIS~1\APPLIC~1\Corel
[15/02/2008|12:24] C:\DOCUME~1\UTILIS~1\APPLIC~1\FileZilla
[31/03/2008|14:21] C:\DOCUME~1\UTILIS~1\APPLIC~1\GRETECH
[20/11/2007|10:30] C:\DOCUME~1\UTILIS~1\APPLIC~1\Help
[22/01/2008|16:12] C:\DOCUME~1\UTILIS~1\APPLIC~1\ICAClient
[15/11/2007|22:26] C:\DOCUME~1\UTILIS~1\APPLIC~1\Identities
[15/11/2007|23:28] C:\DOCUME~1\UTILIS~1\APPLIC~1\InstallShield
[19/11/2007|11:48] C:\DOCUME~1\UTILIS~1\APPLIC~1\Macromedia
[04/09/2008|08:18] C:\DOCUME~1\UTILIS~1\APPLIC~1\Malwarebytes
[21/08/2008|10:08] C:\DOCUME~1\UTILIS~1\APPLIC~1\Microsoft
[24/06/2008|10:45] C:\DOCUME~1\UTILIS~1\APPLIC~1\Opera
[21/01/2008|11:36] C:\DOCUME~1\UTILIS~1\APPLIC~1\PACTware Consortium e.V
[03/04/2008|12:47] C:\DOCUME~1\UTILIS~1\APPLIC~1\Samsung
[26/02/2008|14:30] C:\DOCUME~1\UTILIS~1\APPLIC~1\SIEMENS AG
[02/04/2008|15:41] C:\DOCUME~1\UTILIS~1\APPLIC~1\Sun
[20/08/2008|10:43] C:\DOCUME~1\UTILIS~1\APPLIC~1\U3
[30/11/2007|11:32] C:\DOCUME~1\UTILIS~1\APPLIC~1\vlc
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[04/09/2008 11:24][--ah-----] C:\WINDOWS\tasks\User_Feed_Synchronization-{E2293A86-0DCB-4446-8ABE-F75724E97B0B}.job
[03/09/2008 12:00][--a------] C:\WINDOWS\tasks\SyncBack Pc Vers H.job
[05/09/2008 07:33][--ah-----] C:\WINDOWS\tasks\SA.DAT
[28/09/2001 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[08/07/2008|10:19] C:\Program Files\2BrightSparks
[03/09/2008|13:26] C:\Program Files\ACCESSRT
[20/11/2007|09:35] C:\Program Files\Adobe
[17/01/2008|11:42] C:\Program Files\Advanced IP Scanner
[19/11/2007|11:39] C:\Program Files\Alwil Software
[16/11/2007|03:44] C:\Program Files\Analog Devices
[20/03/2008|10:44] C:\Program Files\AnswerWorks 4.0
[20/08/2008|10:35] C:\Program Files\Ant Renamer
[15/11/2007|23:19] C:\Program Files\ATI Technologies
[20/03/2008|10:45] C:\Program Files\AutoCAD 2004
[25/03/2008|14:36] C:\Program Files\Autodesk
[15/11/2007|23:28] C:\Program Files\Broadcom
[22/01/2008|16:07] C:\Program Files\Citrix
[01/09/2008|12:19] C:\Program Files\Com32
[19/11/2007|14:29] C:\Program Files\common files
[15/11/2007|22:01] C:\Program Files\ComPlus Applications
[11/03/2008|10:40] C:\Program Files\Corel
[03/09/2008|10:24] C:\Program Files\CS6
[05/05/2008|10:56] C:\Program Files\DIFX
[20/08/2008|10:13] C:\Program Files\El Juky
[04/09/2008|07:54] C:\Program Files\Elcomsoft
[12/12/2007|14:50] C:\Program Files\Exor
[19/11/2007|16:38] C:\Program Files\Festo
[04/09/2008|07:49] C:\Program Files\Fichiers communs
[20/12/2007|16:56] C:\Program Files\FileZilla Client
[15/02/2008|12:07] C:\Program Files\FileZilla FTP Client
[03/03/2008|08:36] C:\Program Files\Free Easy Burner
[31/03/2008|14:20] C:\Program Files\GRETECH
[16/11/2007|00:08] C:\Program Files\Hewlett-Packard
[16/11/2007|17:06] C:\Program Files\HP
[20/11/2007|09:51] C:\Program Files\Ige+Xao
[02/05/2008|13:06] C:\Program Files\InstallShield Installation Information
[15/11/2007|23:22] C:\Program Files\Intel
[11/08/2008|16:04] C:\Program Files\Internet Explorer
[19/08/2008|11:10] C:\Program Files\Java
[23/06/2008|15:38] C:\Program Files\JoshMadison
[03/09/2008|15:33] C:\Program Files\Lavasoft
[03/12/2007|12:00] C:\Program Files\Lenze
[05/09/2008|07:33] C:\Program Files\LogMeIn
[04/09/2008|12:51] C:\Program Files\Malwarebytes' Anti-Malware
[29/05/2008|12:52] C:\Program Files\MeeSoft
[29/05/2008|11:43] C:\Program Files\messenger
[11/08/2008|12:40] C:\Program Files\Messenger Plus! Live
[15/04/2008|10:01] C:\Program Files\Microsoft ActiveSync
[15/11/2007|22:04] C:\Program Files\microsoft frontpage
[07/05/2008|13:45] C:\Program Files\Microsoft Office
[14/08/2008|14:16] C:\Program Files\Microsoft Silverlight
[26/02/2008|14:10] C:\Program Files\Microsoft SQL Server
[19/11/2007|14:17] C:\Program Files\Microsoft Visual Studio
[19/11/2007|11:54] C:\Program Files\Microsoft.NET
[19/11/2007|17:08] C:\Program Files\Moeller Software
[15/11/2007|22:02] C:\Program Files\Movie Maker
[07/05/2008|13:45] C:\Program Files\MSECache
[15/11/2007|22:01] C:\Program Files\MSN Gaming Zone
[26/02/2008|14:22] C:\Program Files\MSSOAP
[27/03/2008|15:59] C:\Program Files\MSXML 4.0
[27/03/2008|15:59] C:\Program Files\MSXML 6.0
[15/11/2007|22:02] C:\Program Files\NetMeeting
[24/06/2008|10:47] C:\Program Files\Opera
[19/11/2007|12:21] C:\Program Files\Outlook Express
[21/01/2008|11:35] C:\Program Files\PACTware Consortium
[26/05/2008|14:25] C:\Program Files\Paint.NET
[25/01/2008|11:56] C:\Program Files\PDF Editeur 2
[08/02/2008|14:53] C:\Program Files\PDFCreator
[24/04/2008|13:20] C:\Program Files\PI
[19/11/2007|14:18] C:\Program Files\Publication Web
[10/01/2008|12:08] C:\Program Files\Reine de Dijon
[04/09/2008|08:35] C:\Program Files\SAV
[15/11/2007|22:03] C:\Program Files\Services en ligne
[26/02/2008|14:24] C:\Program Files\Siemens
[04/09/2008|14:08] C:\Program Files\Spybot - Search & Destroy
[15/11/2007|23:33] C:\Program Files\Synaptics
[04/09/2008|08:25] C:\Program Files\Trend Micro
[19/11/2007|16:18] C:\Program Files\UltraVNC
[15/11/2007|22:26] C:\Program Files\Uninstall Information
[21/11/2007|13:47] C:\Program Files\VBSdocs
[21/01/2008|11:40] C:\Program Files\VEGA
[30/11/2007|11:27] C:\Program Files\VideoLAN
[15/11/2007|23:26] C:\Program Files\WIDCOMM
[04/09/2008|15:36] C:\Program Files\Windows Live
[29/05/2008|11:43] C:\Program Files\Windows Media Connect 2
[26/05/2008|16:33] C:\Program Files\Windows Media Player
[15/11/2007|22:01] C:\Program Files\Windows NT
[15/11/2007|22:03] C:\Program Files\WindowsUpdate
[22/05/2008|14:58] C:\Program Files\WinRAR
[15/11/2007|22:04] C:\Program Files\xerox
[19/11/2007|17:14] C:\Program Files\Zero G Registry
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[20/11/2007|09:35] C:\Program Files\Fichiers communs\Adobe
[25/03/2008|14:36] C:\Program Files\Fichiers communs\Autodesk Shared
[21/11/2007|13:13] C:\Program Files\Fichiers communs\Binaries
[11/03/2008|10:40] C:\Program Files\Fichiers communs\Corel
[26/02/2008|14:13] C:\Program Files\Fichiers communs\Data Dynamics
[20/03/2008|10:44] C:\Program Files\Fichiers communs\DESIGNER
[19/11/2007|17:08] C:\Program Files\Fichiers communs\InstallShield
[02/04/2008|15:39] C:\Program Files\Fichiers communs\Java
[20/03/2008|10:44] C:\Program Files\Fichiers communs\Macrovision Shared
[07/05/2008|13:45] C:\Program Files\Fichiers communs\Microsoft Shared
[15/11/2007|22:02] C:\Program Files\Fichiers communs\MSSoap
[15/11/2007|22:51] C:\Program Files\Fichiers communs\ODBC
[26/02/2008|14:13] C:\Program Files\Fichiers communs\OPC Foundation
[11/03/2008|10:42] C:\Program Files\Fichiers communs\Protexis
[15/11/2007|22:02] C:\Program Files\Fichiers communs\Services
[21/11/2007|13:04] C:\Program Files\Fichiers communs\Siemens
[15/11/2007|22:51] C:\Program Files\Fichiers communs\SpeechEngines
[19/11/2007|12:21] C:\Program Files\Fichiers communs\System
[21/01/2008|11:54] C:\Program Files\Fichiers communs\vvo
[02/01/2008|14:10] C:\Program Files\Fichiers communs\WindowsLiveInstaller
--------------------\\ Process
( 75 Processes )
iexplore.exe ~ [PID:596]
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@advertising[1].txt
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-05 07:51:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:13056][D:38]-> C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp
[F:105][D:0]-> C:\DOCUME~1\UTILIS~1\Cookies
[F:899][D:8]-> C:\DOCUME~1\UTILIS~1\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 05/09/2008| 7:52 - Option : [1]
--------------------\\ Fin du rapport a 7:52:54
--------------------\\ Lop S&D 4.2.4-0 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz )
BIOS : KBC Version 83.0F
USER : Utilisateur ( Administrator )
BOOT : Normal boot
"C:\Lop SD" ( MAJ : 04-09-2008|09:55 )
Option : [1] ( 05/09/2008| 7:50 )
--------------------\\ Listing des dossiers dans APPLIC~1
[20/11/2007|09:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[15/11/2007|23:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
[20/03/2008|10:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
[13/02/2008|15:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
[11/03/2008|10:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel
[31/03/2008|14:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GRETECH
[19/11/2007|17:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[04/09/2008|07:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[19/06/2008|08:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogMeIn
[04/09/2008|08:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[12/08/2008|08:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[04/09/2008|15:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[11/02/2008|16:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
[21/11/2007|13:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Siemens
[26/02/2008|14:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Siemens AG
[04/09/2008|14:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[04/09/2008|11:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[20/03/2008|13:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[11/08/2008|07:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[03/09/2008|14:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\xmfilsrm
[15/11/2007|22:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[15/11/2007|22:04] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[15/11/2007|22:04] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[18/02/2008|12:45] C:\DOCUME~1\UTILIS~1\APPLIC~1\Adobe
[15/11/2007|23:24] C:\DOCUME~1\UTILIS~1\APPLIC~1\ATI
[20/03/2008|10:45] C:\DOCUME~1\UTILIS~1\APPLIC~1\Autodesk
[11/03/2008|10:54] C:\DOCUME~1\UTILIS~1\APPLIC~1\Corel
[15/02/2008|12:24] C:\DOCUME~1\UTILIS~1\APPLIC~1\FileZilla
[31/03/2008|14:21] C:\DOCUME~1\UTILIS~1\APPLIC~1\GRETECH
[20/11/2007|10:30] C:\DOCUME~1\UTILIS~1\APPLIC~1\Help
[22/01/2008|16:12] C:\DOCUME~1\UTILIS~1\APPLIC~1\ICAClient
[15/11/2007|22:26] C:\DOCUME~1\UTILIS~1\APPLIC~1\Identities
[15/11/2007|23:28] C:\DOCUME~1\UTILIS~1\APPLIC~1\InstallShield
[19/11/2007|11:48] C:\DOCUME~1\UTILIS~1\APPLIC~1\Macromedia
[04/09/2008|08:18] C:\DOCUME~1\UTILIS~1\APPLIC~1\Malwarebytes
[21/08/2008|10:08] C:\DOCUME~1\UTILIS~1\APPLIC~1\Microsoft
[24/06/2008|10:45] C:\DOCUME~1\UTILIS~1\APPLIC~1\Opera
[21/01/2008|11:36] C:\DOCUME~1\UTILIS~1\APPLIC~1\PACTware Consortium e.V
[03/04/2008|12:47] C:\DOCUME~1\UTILIS~1\APPLIC~1\Samsung
[26/02/2008|14:30] C:\DOCUME~1\UTILIS~1\APPLIC~1\SIEMENS AG
[02/04/2008|15:41] C:\DOCUME~1\UTILIS~1\APPLIC~1\Sun
[20/08/2008|10:43] C:\DOCUME~1\UTILIS~1\APPLIC~1\U3
[30/11/2007|11:32] C:\DOCUME~1\UTILIS~1\APPLIC~1\vlc
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[04/09/2008 11:24][--ah-----] C:\WINDOWS\tasks\User_Feed_Synchronization-{E2293A86-0DCB-4446-8ABE-F75724E97B0B}.job
[03/09/2008 12:00][--a------] C:\WINDOWS\tasks\SyncBack Pc Vers H.job
[05/09/2008 07:33][--ah-----] C:\WINDOWS\tasks\SA.DAT
[28/09/2001 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[08/07/2008|10:19] C:\Program Files\2BrightSparks
[03/09/2008|13:26] C:\Program Files\ACCESSRT
[20/11/2007|09:35] C:\Program Files\Adobe
[17/01/2008|11:42] C:\Program Files\Advanced IP Scanner
[19/11/2007|11:39] C:\Program Files\Alwil Software
[16/11/2007|03:44] C:\Program Files\Analog Devices
[20/03/2008|10:44] C:\Program Files\AnswerWorks 4.0
[20/08/2008|10:35] C:\Program Files\Ant Renamer
[15/11/2007|23:19] C:\Program Files\ATI Technologies
[20/03/2008|10:45] C:\Program Files\AutoCAD 2004
[25/03/2008|14:36] C:\Program Files\Autodesk
[15/11/2007|23:28] C:\Program Files\Broadcom
[22/01/2008|16:07] C:\Program Files\Citrix
[01/09/2008|12:19] C:\Program Files\Com32
[19/11/2007|14:29] C:\Program Files\common files
[15/11/2007|22:01] C:\Program Files\ComPlus Applications
[11/03/2008|10:40] C:\Program Files\Corel
[03/09/2008|10:24] C:\Program Files\CS6
[05/05/2008|10:56] C:\Program Files\DIFX
[20/08/2008|10:13] C:\Program Files\El Juky
[04/09/2008|07:54] C:\Program Files\Elcomsoft
[12/12/2007|14:50] C:\Program Files\Exor
[19/11/2007|16:38] C:\Program Files\Festo
[04/09/2008|07:49] C:\Program Files\Fichiers communs
[20/12/2007|16:56] C:\Program Files\FileZilla Client
[15/02/2008|12:07] C:\Program Files\FileZilla FTP Client
[03/03/2008|08:36] C:\Program Files\Free Easy Burner
[31/03/2008|14:20] C:\Program Files\GRETECH
[16/11/2007|00:08] C:\Program Files\Hewlett-Packard
[16/11/2007|17:06] C:\Program Files\HP
[20/11/2007|09:51] C:\Program Files\Ige+Xao
[02/05/2008|13:06] C:\Program Files\InstallShield Installation Information
[15/11/2007|23:22] C:\Program Files\Intel
[11/08/2008|16:04] C:\Program Files\Internet Explorer
[19/08/2008|11:10] C:\Program Files\Java
[23/06/2008|15:38] C:\Program Files\JoshMadison
[03/09/2008|15:33] C:\Program Files\Lavasoft
[03/12/2007|12:00] C:\Program Files\Lenze
[05/09/2008|07:33] C:\Program Files\LogMeIn
[04/09/2008|12:51] C:\Program Files\Malwarebytes' Anti-Malware
[29/05/2008|12:52] C:\Program Files\MeeSoft
[29/05/2008|11:43] C:\Program Files\messenger
[11/08/2008|12:40] C:\Program Files\Messenger Plus! Live
[15/04/2008|10:01] C:\Program Files\Microsoft ActiveSync
[15/11/2007|22:04] C:\Program Files\microsoft frontpage
[07/05/2008|13:45] C:\Program Files\Microsoft Office
[14/08/2008|14:16] C:\Program Files\Microsoft Silverlight
[26/02/2008|14:10] C:\Program Files\Microsoft SQL Server
[19/11/2007|14:17] C:\Program Files\Microsoft Visual Studio
[19/11/2007|11:54] C:\Program Files\Microsoft.NET
[19/11/2007|17:08] C:\Program Files\Moeller Software
[15/11/2007|22:02] C:\Program Files\Movie Maker
[07/05/2008|13:45] C:\Program Files\MSECache
[15/11/2007|22:01] C:\Program Files\MSN Gaming Zone
[26/02/2008|14:22] C:\Program Files\MSSOAP
[27/03/2008|15:59] C:\Program Files\MSXML 4.0
[27/03/2008|15:59] C:\Program Files\MSXML 6.0
[15/11/2007|22:02] C:\Program Files\NetMeeting
[24/06/2008|10:47] C:\Program Files\Opera
[19/11/2007|12:21] C:\Program Files\Outlook Express
[21/01/2008|11:35] C:\Program Files\PACTware Consortium
[26/05/2008|14:25] C:\Program Files\Paint.NET
[25/01/2008|11:56] C:\Program Files\PDF Editeur 2
[08/02/2008|14:53] C:\Program Files\PDFCreator
[24/04/2008|13:20] C:\Program Files\PI
[19/11/2007|14:18] C:\Program Files\Publication Web
[10/01/2008|12:08] C:\Program Files\Reine de Dijon
[04/09/2008|08:35] C:\Program Files\SAV
[15/11/2007|22:03] C:\Program Files\Services en ligne
[26/02/2008|14:24] C:\Program Files\Siemens
[04/09/2008|14:08] C:\Program Files\Spybot - Search & Destroy
[15/11/2007|23:33] C:\Program Files\Synaptics
[04/09/2008|08:25] C:\Program Files\Trend Micro
[19/11/2007|16:18] C:\Program Files\UltraVNC
[15/11/2007|22:26] C:\Program Files\Uninstall Information
[21/11/2007|13:47] C:\Program Files\VBSdocs
[21/01/2008|11:40] C:\Program Files\VEGA
[30/11/2007|11:27] C:\Program Files\VideoLAN
[15/11/2007|23:26] C:\Program Files\WIDCOMM
[04/09/2008|15:36] C:\Program Files\Windows Live
[29/05/2008|11:43] C:\Program Files\Windows Media Connect 2
[26/05/2008|16:33] C:\Program Files\Windows Media Player
[15/11/2007|22:01] C:\Program Files\Windows NT
[15/11/2007|22:03] C:\Program Files\WindowsUpdate
[22/05/2008|14:58] C:\Program Files\WinRAR
[15/11/2007|22:04] C:\Program Files\xerox
[19/11/2007|17:14] C:\Program Files\Zero G Registry
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[20/11/2007|09:35] C:\Program Files\Fichiers communs\Adobe
[25/03/2008|14:36] C:\Program Files\Fichiers communs\Autodesk Shared
[21/11/2007|13:13] C:\Program Files\Fichiers communs\Binaries
[11/03/2008|10:40] C:\Program Files\Fichiers communs\Corel
[26/02/2008|14:13] C:\Program Files\Fichiers communs\Data Dynamics
[20/03/2008|10:44] C:\Program Files\Fichiers communs\DESIGNER
[19/11/2007|17:08] C:\Program Files\Fichiers communs\InstallShield
[02/04/2008|15:39] C:\Program Files\Fichiers communs\Java
[20/03/2008|10:44] C:\Program Files\Fichiers communs\Macrovision Shared
[07/05/2008|13:45] C:\Program Files\Fichiers communs\Microsoft Shared
[15/11/2007|22:02] C:\Program Files\Fichiers communs\MSSoap
[15/11/2007|22:51] C:\Program Files\Fichiers communs\ODBC
[26/02/2008|14:13] C:\Program Files\Fichiers communs\OPC Foundation
[11/03/2008|10:42] C:\Program Files\Fichiers communs\Protexis
[15/11/2007|22:02] C:\Program Files\Fichiers communs\Services
[21/11/2007|13:04] C:\Program Files\Fichiers communs\Siemens
[15/11/2007|22:51] C:\Program Files\Fichiers communs\SpeechEngines
[19/11/2007|12:21] C:\Program Files\Fichiers communs\System
[21/01/2008|11:54] C:\Program Files\Fichiers communs\vvo
[02/01/2008|14:10] C:\Program Files\Fichiers communs\WindowsLiveInstaller
--------------------\\ Process
( 75 Processes )
iexplore.exe ~ [PID:596]
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@advertising[1].txt
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-05 07:51:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:13056][D:38]-> C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp
[F:105][D:0]-> C:\DOCUME~1\UTILIS~1\Cookies
[F:899][D:8]-> C:\DOCUME~1\UTILIS~1\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 05/09/2008| 7:52 - Option : [1]
--------------------\\ Fin du rapport a 7:52:54
virus ttal pour C:\WINDOWS\system32\utilmngd.exe
pour C:\WINDOWS\system32\litwrwho.exe
pour C:\WINDOWS\system32\apepglcn.exe
pour C:\WINDOWS\system32\zezkxovu.exe
pour C:\WINDOWS\system32\ufotslad.exe
AhnLab-V3 2008.9.5.1 2008.09.05 - AntiVir 7.8.1.28 2008.09.04 - Authentium 5.1.0.4 2008.09.05 - Avast 4.8.1195.0 2008.09.04 - AVG 8.0.0.161 2008.09.04 - BitDefender 7.2 2008.09.05 - CAT-QuickHeal 9.50 2008.09.02 - ClamAV 0.93.1 2008.09.04 - DrWeb 4.44.0.09170 2008.09.04 - eSafe 7.0.17.0 2008.09.03 - eTrust-Vet 31.6.6069 2008.09.04 - Ewido 4.0 2008.09.04 - F-Prot 4.4.4.56 2008.09.04 - F-Secure 8.0.14332.0 2008.09.05 - Fortinet 3.14.0.0 2008.09.03 W32/PolySmall.BP!tr GData 19 2008.09.05 - Ikarus T3.1.1.34.0 2008.09.05 - K7AntiVirus 7.10.441 2008.09.04 - Kaspersky 7.0.0.125 2008.09.05 - McAfee 5377 2008.09.04 - Microsoft 1.3903 2008.09.05 TrojanDownloader:Win32/FakeAlert.C NOD32v2 3417 2008.09.05 a variant of Win32/TrojanDownloader.FakeAlert.IQ Norman 5.80.02 2008.09.04 - Panda 9.0.0.4 2008.09.04 - PCTools 4.4.2.0 2008.09.04 - Prevx1 V2 2008.09.05 Suspicious Rising 20.60.40.00 2008.09.05 - Sophos 4.33.0 2008.09.04 Mal/EncPk-DG Sunbelt 3.1.1606.1 2008.09.04 - Symantec 10 2008.09.05 - TheHacker 6.3.0.8.072 2008.09.04 - TrendMicro 8.700.0.1004 2008.09.05 - VBA32 3.12.8.5 2008.09.04 - ViRobot 2008.9.4.1363 2008.09.04 - VirusBuster 4.5.11.0 2008.09.04 - Webwasher-Gateway 6.6.2 2008.09.04 -
pour C:\WINDOWS\system32\litwrwho.exe
Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.9.5.1 2008.09.05 - AntiVir 7.8.1.28 2008.09.04 - Authentium 5.1.0.4 2008.09.05 - Avast 4.8.1195.0 2008.09.04 - AVG 8.0.0.161 2008.09.04 - BitDefender 7.2 2008.09.05 - CAT-QuickHeal 9.50 2008.09.02 - ClamAV 0.93.1 2008.09.04 - DrWeb 4.44.0.09170 2008.09.04 - eSafe 7.0.17.0 2008.09.03 - eTrust-Vet 31.6.6069 2008.09.04 - Ewido 4.0 2008.09.04 - F-Prot 4.4.4.56 2008.09.04 - F-Secure 8.0.14332.0 2008.09.05 - Fortinet 3.14.0.0 2008.09.03 W32/PolySmall.BP!tr GData 19 2008.09.05 - Ikarus T3.1.1.34.0 2008.09.05 - K7AntiVirus 7.10.441 2008.09.04 - Kaspersky 7.0.0.125 2008.09.05 - McAfee 5377 2008.09.04 - Microsoft 1.3903 2008.09.05 TrojanDownloader:Win32/FakeAlert.C NOD32v2 3417 2008.09.05 a variant of Win32/TrojanDownloader.FakeAlert.IQ Norman 5.80.02 2008.09.04 - Panda 9.0.0.4 2008.09.04 - PCTools 4.4.2.0 2008.09.04 - Prevx1 V2 2008.09.05 Suspicious Rising 20.60.40.00 2008.09.05 - Sophos 4.33.0 2008.09.04 Mal/EncPk-DG Sunbelt 3.1.1606.1 2008.09.04 - Symantec 10 2008.09.05 - TheHacker 6.3.0.8.072 2008.09.04 - TrendMicro 8.700.0.1004 2008.09.05 - VBA32 3.12.8.5 2008.09.04 - ViRobot 2008.9.4.1363 2008.09.04 - VirusBuster 4.5.11.0 2008.09.04 - Webwasher-Gateway 6.6.2 2008.09.04 - Information additionnelle File size: 94208 bytes MD5...: 96fdbf0a6bad479da296b0481af447fb SHA1..: cdb859ca228b9febf2309fea8d415743d73416d1 SHA256: 765c86ec2143cec58d32d364f35524eac877b3d67c912af9ad0bccf83cf91f88 SHA512: 6fa771e8bad562620202085070ebd173a8b1005a13d0bc650b6f695fda6ee9ac 06ac4c7428292eacd2b114f673473536067716b13085fd3f07ef40772f7a489e PEiD..: - TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x411411 timedatestamp.....: 0x48bf79e4 (Thu Sep 04 06:02:12 2008) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .etes 0x1000 0x13a00 0x14000 6.84 fda27cfdb1b9d591906e21c1d4d0f622 .orir 0x15000 0x6cc 0x1000 2.81 b205730ee27ceed85859fadbb1d69630 .kxdkki 0x16000 0x59d0 0x1000 0.55 ff86fb0aa0196106903c4edc2dfe2d0f ( 4 imports ) > KERNEL32.dll: CreateWaitableTimerW, GetFileAttributesExW, FreeResource, GlobalAlloc, SizeofResource, InterlockedIncrement, CreateFileW, Sleep, FindNextFileW, MulDiv, InterlockedDecrement, TerminateThread, WaitForMultipleObjects, SetThreadPriority, GetLocalTime, GetCurrentProcessId, GlobalDeleteAtom, GetProcAddress, GetUserDefaultLangID, GetModuleFileNameW, GetModuleHandleW, GlobalAddAtomW, GetLogicalDrives, QueryDosDeviceW, FileTimeToSystemTime, GetSystemTime, LoadLibraryA, GlobalFree, VirtualAlloc, DeleteFileW > USER32.dll: FillRect, VkKeyScanW, SetCursorPos, SetWindowPos, DestroyIcon, MessageBoxW, AppendMenuW, GetClassNameW, DispatchMessageW, SetForegroundWindow, PostQuitMessage, CreateWindowExW, PostThreadMessageW, SystemParametersInfoW, PostMessageW, TranslateMessage, InvalidateRect, GetSysColor, RegisterHotKey > GDI32.dll: CreateBitmap, SelectObject, SetTextColor, DPtoLP, StretchBlt, CreateCompatibleDC, CreateICW, CreateRoundRectRgn, DeleteDC, Rectangle > ADVAPI32.dll: RegCreateKeyExW, RegQueryValueExW ( 0 exports ) Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=8B9B875A00E3211E70AC01C17EDB6A00687178FD packers (Kaspersky): PE_Patch, PE_Patch ThreatExpert info: https://www.symantec.com?md5=96fdbf0a6bad479da296b0481af447fb
pour C:\WINDOWS\system32\apepglcn.exe
AhnLab-V3 2008.9.5.1 2008.09.05 - AntiVir 7.8.1.28 2008.09.04 - Authentium 5.1.0.4 2008.09.05 - Avast 4.8.1195.0 2008.09.04 - AVG 8.0.0.161 2008.09.04 - BitDefender 7.2 2008.09.05 - CAT-QuickHeal 9.50 2008.09.02 - ClamAV 0.93.1 2008.09.04 - DrWeb 4.44.0.09170 2008.09.04 - eSafe 7.0.17.0 2008.09.03 - eTrust-Vet 31.6.6069 2008.09.04 - Ewido 4.0 2008.09.04 - F-Prot 4.4.4.56 2008.09.04 - F-Secure 8.0.14332.0 2008.09.05 - Fortinet 3.14.0.0 2008.09.03 W32/PolySmall.BP!tr GData 19 2008.09.05 - Ikarus T3.1.1.34.0 2008.09.05 - K7AntiVirus 7.10.441 2008.09.04 - Kaspersky 7.0.0.125 2008.09.05 - McAfee 5377 2008.09.04 - Microsoft 1.3903 2008.09.05 TrojanDownloader:Win32/FakeAlert.C NOD32v2 3417 2008.09.05 a variant of Win32/TrojanDownloader.FakeAlert.IQ Norman 5.80.02 2008.09.04 - Panda 9.0.0.4 2008.09.04 - PCTools 4.4.2.0 2008.09.04 - Prevx1 V2 2008.09.05 Suspicious Rising 20.60.40.00 2008.09.05 - Sophos 4.33.0 2008.09.04 Mal/EncPk-DG Sunbelt 3.1.1606.1 2008.09.04 - Symantec 10 2008.09.05 - TheHacker 6.3.0.8.072 2008.09.04 - TrendMicro 8.700.0.1004 2008.09.05 - VBA32 3.12.8.5 2008.09.04 - ViRobot 2008.9.4.1363 2008.09.04 - VirusBuster 4.5.11.0 2008.09.04 - Webwasher-Gateway 6.6.2 2008.09.04 - Information additionnelle File size: 94208 bytes MD5...: 96fdbf0a6bad479da296b0481af447fb SHA1..: cdb859ca228b9febf2309fea8d415743d73416d1 SHA256: 765c86ec2143cec58d32d364f35524eac877b3d67c912af9ad0bccf83cf91f88 SHA512: 6fa771e8bad562620202085070ebd173a8b1005a13d0bc650b6f695fda6ee9ac 06ac4c7428292eacd2b114f673473536067716b13085fd3f07ef40772f7a489e PEiD..: - TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x411411 timedatestamp.....: 0x48bf79e4 (Thu Sep 04 06:02:12 2008) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .etes 0x1000 0x13a00 0x14000 6.84 fda27cfdb1b9d591906e21c1d4d0f622 .orir 0x15000 0x6cc 0x1000 2.81 b205730ee27ceed85859fadbb1d69630 .kxdkki 0x16000 0x59d0 0x1000 0.55 ff86fb0aa0196106903c4edc2dfe2d0f ( 4 imports ) > KERNEL32.dll: CreateWaitableTimerW, GetFileAttributesExW, FreeResource, GlobalAlloc, SizeofResource, InterlockedIncrement, CreateFileW, Sleep, FindNextFileW, MulDiv, InterlockedDecrement, TerminateThread, WaitForMultipleObjects, SetThreadPriority, GetLocalTime, GetCurrentProcessId, GlobalDeleteAtom, GetProcAddress, GetUserDefaultLangID, GetModuleFileNameW, GetModuleHandleW, GlobalAddAtomW, GetLogicalDrives, QueryDosDeviceW, FileTimeToSystemTime, GetSystemTime, LoadLibraryA, GlobalFree, VirtualAlloc, DeleteFileW > USER32.dll: FillRect, VkKeyScanW, SetCursorPos, SetWindowPos, DestroyIcon, MessageBoxW, AppendMenuW, GetClassNameW, DispatchMessageW, SetForegroundWindow, PostQuitMessage, CreateWindowExW, PostThreadMessageW, SystemParametersInfoW, PostMessageW, TranslateMessage, InvalidateRect, GetSysColor, RegisterHotKey > GDI32.dll: CreateBitmap, SelectObject, SetTextColor, DPtoLP, StretchBlt, CreateCompatibleDC, CreateICW, CreateRoundRectRgn, DeleteDC, Rectangle > ADVAPI32.dll: RegCreateKeyExW, RegQueryValueExW ( 0 exports ) Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=8B9B875A00E3211E70AC01C17EDB6A00687178FD ThreatExpert info: https://www.symantec.com?md5=96fdbf0a6bad479da296b0481af447fb packers (Kaspersky): PE_Patch, PE_Patch
pour C:\WINDOWS\system32\zezkxovu.exe
AhnLab-V3 2008.9.5.1 2008.09.05 - AntiVir 7.8.1.28 2008.09.04 - Authentium 5.1.0.4 2008.09.05 - Avast 4.8.1195.0 2008.09.04 - AVG 8.0.0.161 2008.09.04 - BitDefender 7.2 2008.09.05 - CAT-QuickHeal 9.50 2008.09.02 - ClamAV 0.93.1 2008.09.04 - DrWeb 4.44.0.09170 2008.09.04 - eSafe 7.0.17.0 2008.09.03 - eTrust-Vet 31.6.6069 2008.09.04 - Ewido 4.0 2008.09.04 - F-Prot 4.4.4.56 2008.09.04 - F-Secure 8.0.14332.0 2008.09.05 - Fortinet 3.14.0.0 2008.09.03 W32/PolySmall.BP!tr GData 19 2008.09.05 - Ikarus T3.1.1.34.0 2008.09.05 - K7AntiVirus 7.10.441 2008.09.04 - Kaspersky 7.0.0.125 2008.09.05 - McAfee 5377 2008.09.04 - Microsoft 1.3903 2008.09.05 TrojanDownloader:Win32/FakeAlert.C NOD32v2 3417 2008.09.05 a variant of Win32/TrojanDownloader.FakeAlert.IQ Norman 5.80.02 2008.09.04 - Panda 9.0.0.4 2008.09.04 - PCTools 4.4.2.0 2008.09.04 - Prevx1 V2 2008.09.05 Malicious Software Rising 20.60.40.00 2008.09.05 - Sophos 4.33.0 2008.09.04 Mal/EncPk-DG Sunbelt 3.1.1606.1 2008.09.04 - Symantec 10 2008.09.05 - TheHacker 6.3.0.8.072 2008.09.04 - TrendMicro 8.700.0.1004 2008.09.05 - VBA32 3.12.8.5 2008.09.04 - ViRobot 2008.9.4.1363 2008.09.04 - VirusBuster 4.5.11.0 2008.09.04 - Webwasher-Gateway 6.6.2 2008.09.04 - Information additionnelle File size: 90112 bytes MD5...: d1fa9bcf275818327c07baf5ab0b6eb9 SHA1..: 2ceddc262fb6f547b378e153b7d54091326d28b7 SHA256: a79e092441927b4847438ce6cb6ab7dedbd9bdf32ff56639d8edfb0daa8d4bf2 SHA512: 92ac72a7b5a9761caf421d7653735d7f8628c02f5a79b73489e9a42a7a047d4c 862d3b8fd56934967a3799fcd8235cff7b1a407933ea86fe387cf111453e601a PEiD..: - TrID..: File type identification Win32 Executable Generic (68.0%) Generic Win/DOS Executable (15.9%) DOS Executable Generic (15.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x41269b timedatestamp.....: 0x48bfa40c (Thu Sep 04 09:02:04 2008) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .esukmt 0x1000 0x129aa 0x13000 6.84 1e18344bbcd5a3c9a8fa96eb6c29594c .ebryn 0x14000 0x53c 0x1000 2.26 4b857b4b10ca5da84a59a171647b3cc4 .rgxl 0x15000 0x59e4 0x1000 0.55 593ebe891db94fc34e982d0c90c76dda ( 4 imports ) > KERNEL32.dll: MulDiv, GetFileAttributesW, GetDriveTypeW, GetFileAttributesExW, GlobalLock, SuspendThread, SetThreadPriority, VirtualAlloc, GetProcAddress, FindFirstChangeNotificationW, SetEndOfFile, GetUserDefaultLangID, SetFilePointer, GetSystemTime, SetLastError, lstrlenW, LoadLibraryA, FileTimeToSystemTime, GetCurrentProcess, CreateThread, DeleteFileW, lstrcpyW > USER32.dll: TranslateMessage, GetClassNameW, GetWindowThreadProcessId, LoadStringW, VkKeyScanW, GetDlgItem, DestroyMenu, InvalidateRect, CreatePopupMenu, SendDlgItemMessageW, EndDialog, GetSysColor, CreateWindowExW, GetWindowRect, LoadIconW, SystemParametersInfoW > GDI32.dll: BitBlt, GetStockObject, SetBkMode, SetTextColor, GetDeviceCaps > ADVAPI32.dll: RegDeleteValueW, RegSetValueExW, GetUserNameW ( 0 exports ) Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=3BFAE58700C92D5B609201AAAE756F001DAB03CB
pour C:\WINDOWS\system32\ufotslad.exe
AhnLab-V3 2008.9.5.1 2008.09.05 - AntiVir 7.8.1.28 2008.09.05 - Authentium 5.1.0.4 2008.09.05 - Avast 4.8.1195.0 2008.09.04 - AVG 8.0.0.161 2008.09.04 - BitDefender 7.2 2008.09.05 - CAT-QuickHeal 9.50 2008.09.02 - ClamAV 0.93.1 2008.09.04 - DrWeb 4.44.0.09170 2008.09.04 - eSafe 7.0.17.0 2008.09.03 - eTrust-Vet 31.6.6069 2008.09.04 - Ewido 4.0 2008.09.04 - F-Prot 4.4.4.56 2008.09.04 - F-Secure 8.0.14332.0 2008.09.05 - Fortinet 3.14.0.0 2008.09.03 W32/PolySmall.BP!tr GData 19 2008.09.05 - Ikarus T3.1.1.34.0 2008.09.05 - K7AntiVirus 7.10.441 2008.09.04 - Kaspersky 7.0.0.125 2008.09.05 - McAfee 5377 2008.09.04 - Microsoft 1.3903 2008.09.05 TrojanDownloader:Win32/FakeAlert.C NOD32v2 3417 2008.09.05 a variant of Win32/TrojanDownloader.FakeAlert.IQ Norman 5.80.02 2008.09.04 - Panda 9.0.0.4 2008.09.04 - PCTools 4.4.2.0 2008.09.04 - Prevx1 V2 2008.09.05 Malicious Software Rising 20.60.40.00 2008.09.05 - Sophos 4.33.0 2008.09.04 Mal/EncPk-DG Sunbelt 3.1.1606.1 2008.09.04 - Symantec 10 2008.09.05 - TheHacker 6.3.0.8.072 2008.09.04 - TrendMicro 8.700.0.1004 2008.09.05 - VBA32 3.12.8.5 2008.09.04 - ViRobot 2008.9.4.1363 2008.09.04 - VirusBuster 4.5.11.0 2008.09.04 - Webwasher-Gateway 6.6.2 2008.09.05 - Information additionnelle File size: 90112 bytes MD5...: d1fa9bcf275818327c07baf5ab0b6eb9 SHA1..: 2ceddc262fb6f547b378e153b7d54091326d28b7 SHA256: a79e092441927b4847438ce6cb6ab7dedbd9bdf32ff56639d8edfb0daa8d4bf2 SHA512: 92ac72a7b5a9761caf421d7653735d7f8628c02f5a79b73489e9a42a7a047d4c 862d3b8fd56934967a3799fcd8235cff7b1a407933ea86fe387cf111453e601a PEiD..: - TrID..: File type identification Win32 Executable Generic (68.0%) Generic Win/DOS Executable (15.9%) DOS Executable Generic (15.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x41269b timedatestamp.....: 0x48bfa40c (Thu Sep 04 09:02:04 2008) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .esukmt 0x1000 0x129aa 0x13000 6.84 1e18344bbcd5a3c9a8fa96eb6c29594c .ebryn 0x14000 0x53c 0x1000 2.26 4b857b4b10ca5da84a59a171647b3cc4 .rgxl 0x15000 0x59e4 0x1000 0.55 593ebe891db94fc34e982d0c90c76dda ( 4 imports ) > KERNEL32.dll: MulDiv, GetFileAttributesW, GetDriveTypeW, GetFileAttributesExW, GlobalLock, SuspendThread, SetThreadPriority, VirtualAlloc, GetProcAddress, FindFirstChangeNotificationW, SetEndOfFile, GetUserDefaultLangID, SetFilePointer, GetSystemTime, SetLastError, lstrlenW, LoadLibraryA, FileTimeToSystemTime, GetCurrentProcess, CreateThread, DeleteFileW, lstrcpyW > USER32.dll: TranslateMessage, GetClassNameW, GetWindowThreadProcessId, LoadStringW, VkKeyScanW, GetDlgItem, DestroyMenu, InvalidateRect, CreatePopupMenu, SendDlgItemMessageW, EndDialog, GetSysColor, CreateWindowExW, GetWindowRect, LoadIconW, SystemParametersInfoW > GDI32.dll: BitBlt, GetStockObject, SetBkMode, SetTextColor, GetDeviceCaps > ADVAPI32.dll: RegDeleteValueW, RegSetValueExW, GetUserNameW ( 0 exports ) Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=3BFAE58700C92D5B609201AAAE756F001DAB03CB
rapport :
SmitFraudFix v2.345 Rapport fait à 8:39:17,15, 05/09/2008 Executé à partir de C:\Documents and Settings\Utilisateur\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\agrsmsvc.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\program files\common files\Siemens\ACE\bin\CCAgent.exe C:\program files\common files\Siemens\ACE\bin\CCEServer.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Binn\sqlservr.exe c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe C:\program files\common files\Siemens\ACE\bin\RedundancyControl.exe C:\program files\common files\Siemens\ACE\bin\RedundancyState.exe C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe C:\program files\common files\Siemens\S7IEPG\s7oiehsx.exe C:\Program Files\Fichiers communs\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe C:\program files\common files\Siemens\ACE\bin\SCSMX.exe C:\Program Files\UltraVNC\WinVNC.exe C:\program files\common files\Siemens\sws\almsrv\almsrvx.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Binn\sqlagent.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\All Users\Application Data\xmfilsrm\fgjkrczk.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\program files\common files\Siemens\S7ubtoox\s7ubtstx.exe C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2007\HmiSmartStart.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\WINDOWS\system32\ncnqnmfi.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2007\HmiES.exe C:\program files\common files\Siemens\Sqlany\dbsrv9.exe C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\WINDOWS\system32\userinit.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\WINDOWS\system32\S7OTBXSX.EXE C:\Program Files\Siemens\Step7\S7BIN\S7tgtopx.exe C:\Program Files\Siemens\Step7\s7bin\s7acmgrx.exe C:\Documents and Settings\Utilisateur\Bureau\SmitfraudFix\Policies.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts Fichier hosts corrompu ! 127.0.0.1 www.legal-at-spybot.info 127.0.0.1 legal-at-spybot.info »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Utilisateur »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Utilisateur\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\UTILIS~1\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files C:\Program Files\sav\ PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! AntiXPVSTFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin
au redemarrage pas top . TCP IP transport is not install . ca c ets ok
si joitn le rapport et tjs des arlets secu windows
si joitn le rapport et tjs des arlets secu windows
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:18:34, on 05/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\agrsmsvc.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\program files\common files\Siemens\ACE\bin\CCAgent.exe C:\program files\common files\Siemens\ACE\bin\CCEServer.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\Explorer.EXE C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Binn\sqlservr.exe c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe C:\program files\common files\Siemens\ACE\bin\RedundancyControl.exe C:\Documents and Settings\All Users\Application Data\xmfilsrm\fgjkrczk.exe C:\program files\common files\Siemens\ACE\bin\RedundancyState.exe C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe C:\program files\common files\Siemens\S7IEPG\s7oiehsx.exe C:\Program Files\Fichiers communs\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\program files\common files\Siemens\ACE\bin\SCSMX.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\UltraVNC\WinVNC.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\program files\common files\Siemens\sws\almsrv\almsrvx.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\program files\common files\Siemens\S7ubtoox\s7ubtstx.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2007\HmiSmartStart.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Binn\sqlagent.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\WINDOWS\system32\ncnqnmfi.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\program files\common files\Siemens\Sqlany\dbsrv9.exe C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2007\HmiES.exe C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\S7OTBXSX.EXE C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2007\TraceServer.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.2:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [S7UB Start] "C:\program files\common files\Siemens\S7ubtoox\s7ubtstx.exe" -StartDB O4 - HKLM\..\Run: [WinCC flexible Smart Start] "C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2007\HmiSmartStart.exe" /startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [ShAplGen] C:\WINDOWS\system32\ncnqnmfi.exe O4 - HKCU\..\Run: [SmartSrvAct] C:\WINDOWS\system32\utilmngd.exe O4 - HKCU\..\Run: [appsmartsrv] C:\WINDOWS\system32\litwrwho.exe O4 - HKCU\..\Run: [SrvSh] C:\WINDOWS\system32\apepglcn.exe O4 - HKCU\..\Run: [comaplcfg] C:\WINDOWS\system32\zezkxovu.exe O4 - HKCU\..\Run: [sysinfo] C:\WINDOWS\system32\ufotslad.exe O4 - HKLM\..\Policies\Explorer\Run: [0UDCe4MHJa] C:\Documents and Settings\All Users\Application Data\xmfilsrm\fgjkrczk.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_09] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_10] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_11] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Raccourci vers script.lnk = C:\script.bat O4 - Startup: SyncBack.lnk = C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/... O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\program files\common files\Siemens\sws\almsrv\almsrvx.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: CCAgent - SIEMENS AG - C:\program files\common files\Siemens\ACE\bin\CCAgent.exe O23 - Service: CCEClient - SIEMENS AG - C:\program files\common files\Siemens\ACE\bin\CCEClient.exe O23 - Service: CCEServer - SIEMENS AG - C:\program files\common files\Siemens\ACE\bin\CCEServer.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe O23 - Service: RedundancyControl - SIEMENS AG - C:\program files\common files\Siemens\ACE\bin\RedundancyControl.exe O23 - Service: RedundancyState - SIEMENS AG - C:\program files\common files\Siemens\ACE\bin\RedundancyState.exe O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\program files\common files\Siemens\S7IEPG\s7oiehsx.exe O23 - Service: S7TraceServiceX - SIEMENS AG - C:\Program Files\Fichiers communs\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe O23 - Service: SCSMonitor - SIEMENS AG - C:\program files\common files\Siemens\ACE\bin\SCSMX.exe O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe -- End of file - 11986 bytes
te prend pas la tete , je ne connecterai que lundi c est le pc du boulot ..
donc t as tout le we
merci encore pour ton aide
donc t as tout le we
merci encore pour ton aide
Bonjour,
tu as bien fait passer Smitfraudfix option 2 ?
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le Bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
tu as bien fait passer Smitfraudfix option 2 ?
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le Bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
salut , ci joint le rapport ..
ComboFix 08-09-05.05 - Utilisateur 2008-09-08 8:49:51.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1357 [GMT 2:00]
Endroit: C:\Documents and Settings\Utilisateur\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\MSINET.oca
.
((((((((((((((((((((((((((((( Fichiers créés 2008-08-08 to 2008-09-08 ))))))))))))))))))))))))))))))))))))
.
2008-09-08 08:07 . 2008-09-08 08:07 98,304 --a------ C:\WINDOWS\system32\dojmtqlq.exe
2008-09-05 13:34 . 2008-09-05 13:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-09-05 13:06 . 2008-09-05 13:18 <REP> d-------- C:\Program Files\Navilog1
2008-09-05 08:39 . 2008-09-05 08:51 4,318 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-05 07:50 . 2008-09-05 07:52 <REP> d-------- C:\Lop SD
2008-09-04 13:09 . 2008-09-04 13:09 90,112 --a------ C:\WINDOWS\system32\ufotslad.exe
2008-09-04 12:51 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-04 12:51 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-04 12:50 . 2008-09-04 12:51 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-04 12:36 . 2008-09-04 12:36 90,112 --a------ C:\WINDOWS\system32\zezkxovu.exe
2008-09-04 11:28 . 2008-09-04 11:31 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-04 09:09 . 2008-09-04 09:09 94,208 --a------ C:\WINDOWS\system32\apepglcn.exe
2008-09-04 08:41 . 2008-09-04 08:41 94,208 --a------ C:\WINDOWS\system32\litwrwho.exe
2008-09-04 08:25 . 2008-09-04 08:25 <REP> d-------- C:\Program Files\Trend Micro
2008-09-04 08:21 . 2008-09-04 08:21 94,208 --a------ C:\WINDOWS\system32\utilmngd.exe
2008-09-04 08:18 . 2008-09-04 08:18 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Malwarebytes
2008-09-04 08:18 . 2008-09-04 08:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-04 08:07 . 2008-09-04 14:08 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-04 08:07 . 2008-09-04 14:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-03 15:33 . 2008-09-03 15:33 <REP> d-------- C:\Program Files\Lavasoft
2008-09-03 15:33 . 2008-09-04 07:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-03 14:50 . 2008-09-03 14:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\xmfilsrm
2008-09-03 14:50 . 2008-09-03 14:50 94,208 --a------ C:\WINDOWS\system32\ncnqnmfi.exe
2008-09-03 14:41 . 2008-09-04 07:54 <REP> d-------- C:\Program Files\Elcomsoft
2008-09-03 14:41 . 2008-09-03 14:43 1,580 --a------ C:\WINDOWS\aopr.ini
2008-09-01 12:19 . 2008-09-01 12:19 <REP> d-------- C:\Program Files\Com32
2008-09-01 11:46 . 2008-09-01 11:46 28 --a------ C:\WINDOWS\Utilisateur.acl
2008-09-01 11:40 . 2008-09-03 13:26 <REP> d-------- C:\Program Files\ACCESSRT
2008-09-01 11:35 . 2008-09-03 13:26 <REP> d-------- C:\TIMENET
2008-08-25 10:04 . 2008-08-26 15:57 <REP> d-------- C:\MesHeures
2008-08-20 10:35 . 2008-08-20 10:35 <REP> d-------- C:\Program Files\Ant Renamer
2008-08-20 10:13 . 2008-08-20 10:13 <REP> d-------- C:\Program Files\El Juky
2008-08-19 13:52 . 1998-02-06 21:39 304,128 --a------ C:\WINDOWS\unin040c.exe
2008-08-14 14:16 . 2008-08-14 14:16 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-08-12 08:00 . 2008-08-12 08:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-08-11 10:54 . 2008-08-11 12:40 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-08-11 07:52 . 2008-09-04 15:34 <REP> d-------- C:\Documents and Settings\Utilisateur\Tracing
2008-08-11 07:32 . 2008-04-23 06:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-11 07:32 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-11 07:32 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-11 07:32 . 2008-04-23 06:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-11 07:32 . 2008-04-23 06:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-11 07:32 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-11 07:32 . 2008-04-23 06:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-11 07:32 . 2008-04-23 06:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-11 07:32 . 2008-04-23 06:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-11 07:32 . 2008-04-22 09:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-08 06:15 --------- d-----w C:\Program Files\CS6
2008-09-08 06:07 --------- d-----w C:\Program Files\LogMeIn
2008-09-05 05:33 57,344 ----a-w C:\WINDOWS\system32\userinit.exe
2008-09-04 13:36 --------- d-----w C:\Program Files\Windows Live
2008-08-20 08:43 --------- d-----w C:\Documents and Settings\Utilisateur\Application Data\U3
2008-08-19 09:10 --------- d-----w C:\Program Files\Java
2008-08-11 05:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-08 08:19 --------- d-----w C:\Program Files\2BrightSparks
2008-04-10 12:54 88 --sh--r C:\Documents and Settings\All Users\Application Data\3B54EF5A91.sys
2008-04-10 12:54 2,516 --sha-w C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
1998-04-27 18:15 570,128 ------w C:\Program Files\Fichiers communs\dao350.dll
.
------- Sigcheck -------
2004-08-19 17:10 25088 84717891f0734c611721f56c60b5fbc3 C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2008-09-05 07:33 57344 b5bfcf3c4dfe120d2bb0f9736a17c065 C:\WINDOWS\system32\userinit.exe
2004-08-19 16:10 25088 84717891f0734c611721f56c60b5fbc3 C:\WINDOWS\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"ShAplGen"="C:\WINDOWS\system32\ncnqnmfi.exe" [2008-09-03 94208]
"SmartSrvAct"="C:\WINDOWS\system32\utilmngd.exe" [2008-09-04 94208]
"appsmartsrv"="C:\WINDOWS\system32\litwrwho.exe" [2008-09-04 94208]
"SrvSh"="C:\WINDOWS\system32\apepglcn.exe" [2008-09-04 94208]
"comaplcfg"="C:\WINDOWS\system32\zezkxovu.exe" [2008-09-04 90112]
"sysinfo"="C:\WINDOWS\system32\ufotslad.exe" [2008-09-04 90112]
"appcfg"="C:\WINDOWS\system32\dojmtqlq.exe" [2008-09-08 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-06-11 163840]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 827392]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"WinVNC"="C:\Program Files\UltraVNC\WinVNC.exe" [2006-06-18 712704]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-09-12 63048]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 196608]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"S7UB Start"="C:\program files\common files\Siemens\S7ubtoox\s7ubtstx.exe" [2007-07-27 102453]
"WinCC flexible Smart Start"="C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2007\HmiSmartStart.exe" [2007-07-20 159744]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15360]
C:\Documents and Settings\Utilisateur\Menu D‚marrer\Programmes\D‚marrage\
Raccourci vers script.lnk - C:\script.bat [2007-11-19 178]
SyncBack.lnk - C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe [2008-07-08 2936064]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-06 561213]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\UltraVNC\\winvnc.exe"=
"C:\\Program Files\\Siemens\\Step7\\S7BIN\\S7tgtopx.exe"=
"C:\\Program Files\\Siemens\\Step7\\S7INF\\S7usiapx.exe"=
"C:\\WINDOWS\\system32\\s7otbxsx.exe"=
"C:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2007\\HmiES.exe"=
"C:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2007\\TraceServer.exe"=
"C:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2007\\Extern\\ExConServer.exe"=
"C:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2007 Runtime\\Miniweb.exe"=
"C:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2007 Runtime\\SmartServer.exe"=
"C:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2007 Runtime\\HmiLoad.exe"=
"C:\\Program Files\\common files\\Siemens\\ace\\bin\\CCAgent.exe"=
"C:\\Program Files\\common files\\Siemens\\ace\\bin\\CCEServer.exe"=
"C:\\Program Files\\common files\\Siemens\\ace\\bin\\RedundancyControl.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\RemoteAdminSettings]
"Enabled"= 0 (0x0)
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 almservice;Automation License Manager Service;C:\program files\common files\Siemens\sws\almsrv\almsrvx.exe [2007-07-26 770110]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 CCAgent;CCAgent;C:\program files\common files\Siemens\ACE\bin\CCAgent.exe [2007-06-28 266307]
R2 CCEServer;CCEServer;C:\program files\common files\Siemens\ACE\bin\CCEServer.exe [2007-06-28 192581]
R2 Dpmtrcdd;Dpmtrcdd;C:\WINDOWS\system32\DRIVERS\dpmtrcdd.sys [2007-06-25 28363]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 45848]
R2 MSSQL$WINCCFLEXIBLE;MSSQL$WINCCFLEXIBLE;C:\Program Files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Binn\sqlservr.exe [2005-05-04 9150464]
R2 Peakcan;Peakcan;C:\WINDOWS\system32\drivers\Peakcan.sys [2003-01-31 177296]
R2 PSI_SVC_2;Protexis Licensing V2;c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 RedundancyControl;RedundancyControl;C:\program files\common files\Siemens\ACE\bin\RedundancyControl.exe [2007-06-28 331853]
R2 RedundancyState;RedundancyState;C:\program files\common files\Siemens\ACE\bin\RedundancyState.exe [2007-06-28 110667]
R2 s7asysvx;S7 Global Services;C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe [2007-07-27 69685]
R2 s7odpx2x;SIMATIC MPI/PROFIBUS DPX2 Driver;C:\WINDOWS\system32\Drivers\S7odpx2x.sys [2007-11-07 78408]
R2 s7oiehsx;SIMATIC IEPG Help Service;C:\program files\common files\Siemens\S7IEPG\s7oiehsx.exe [2007-11-07 208968]
R2 s7osmcax;s7osmcax;C:\WINDOWS\system32\Drivers\s7osmcax.sys [2007-11-07 194120]
R2 s7otranx;s7otranx;C:\WINDOWS\system32\Drivers\s7otranx.sys [2007-11-07 516168]
R2 s7snsrtx;PROFINET IO RT-Protocol;C:\WINDOWS\system32\DRIVERS\s7snsrtx.sys [2007-07-30 71168]
R2 S7TraceServiceX;S7TraceServiceX;C:\Program Files\Fichiers communs\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe [2007-08-31 163840]
R2 SCSMonitor;SCSMonitor;C:\program files\common files\Siemens\ACE\bin\SCSMX.exe [2007-06-28 122945]
R2 SNTIE;SIMATIC Industrial Ethernet (ISO);C:\WINDOWS\system32\DRIVERS\sntie.sys [2007-08-10 328192]
R2 SQLAgent$WINCCFLEXIBLE;SQLAgent$WINCCFLEXIBLE;C:\Program Files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Binn\sqlagent.EXE [2005-05-03 323584]
R3 fwkbdrtm;fwkbdrtm;C:\WINDOWS\system32\drivers\fwkbdrtm.sys [2007-07-19 5632]
R3 S7oppilx;Siemens PC/PPI Cable;C:\WINDOWS\system32\Drivers\S7oppilx.sys [2007-11-07 132680]
S2 SsfdcPp;Parallel Port Ssfdc Programmer Driver;C:\WINDOWS\system32\DRIVERS\SsfdcPp.sys [2003-10-16 12583]
S3 CCEClient;CCEClient;C:\program files\common files\Siemens\ACE\bin\CCEClient.exe [2007-06-28 225349]
S3 dpmcslv;dpmcslv;C:\WINDOWS\system32\drivers\dpmcslv.sys [2005-07-04 68280]
S3 S5S7DRV;S5S7DRV;C:\S5W\S5S7DRV.SYS [2002-04-04 51640]
S3 s7oefs_x;SIMATIC MPI/EFS Driver;C:\WINDOWS\system32\drivers\s7oefs_x.sys [2002-10-18 30512]
S3 s7oppinx;s7oppinx;C:\WINDOWS\system32\Drivers\s7oppinx.sys [2007-11-07 126024]
S3 S7OUPC2X;SIMATIC PC Adapter USB Driver;C:\WINDOWS\system32\DRIVERS\s7oupc2x.sys [2005-01-14 21536]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a73418f2-afab-11dc-a404-001a4b698dbe}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.fr/
R1 -: HKCU-Internet Settings,ProxyServer = 192.168.1.2:8080
R1 -: HKCU-Internet Settings,ProxyOverride = <local>
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-08 08:53:06
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-09-08 8:54:20
ComboFix-quarantined-files.txt 2008-09-08 06:54:18
Pre-Run: 5,714,161,664 octets libres
Post-Run: 5,999,665,152 octets libres
209 --- E O F --- 2008-08-11 14:04:35
Re,
Désactive tes protections résidentes (Antivirus, ...) tu les réactivera après le scan
Télécharge Lop S&D ici : url=https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
Double-clique sur Lop S&D.exe présent sur ton bureau
Séléctionne la langue souhaitée, puis choisis ll'Option 1 (Recherche)
Patiente jusqu'à la fin du scan
Poste le rapport généré (%SystemDrive%\lopR.txt])
(Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)
Désactive tes protections résidentes (Antivirus, ...) tu les réactivera après le scan
Télécharge Lop S&D ici : url=https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
Double-clique sur Lop S&D.exe présent sur ton bureau
Séléctionne la langue souhaitée, puis choisis ll'Option 1 (Recherche)
Patiente jusqu'à la fin du scan
Poste le rapport généré (%SystemDrive%\lopR.txt])
(Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)
